Package com.nimbusds.openid.connect.provider.spi.tokens

Interface AccessTokenAuthorization

All Known Implementing Classes:
MutableAccessTokenAuthorization
public interface AccessTokenAuthorization
Access token authorisation.

  • Method Summary

    Modifier and Type
    Method
    Description
    @Nullable com.nimbusds.oauth2.sdk.id.Actor
    getActor()
    Returns the access token actor, in impersonation and delegation scenarios.
    @Nullable List<com.nimbusds.oauth2.sdk.id.Audience>
    getAudienceList()
    Returns the audience list of the access token, which may be the logical names of the intended resource servers.
    @Nullable Set<String>
    getClaimNames()
    Returns the names of the consented OpenID claims to be accessed at the UserInfo endpoint.
    default @Nullable net.minidev.json.JSONObject
    getClaimsData()
    Returns the optional OpenID claims fulfillment data.
    @Nullable List<com.nimbusds.langtag.LangTag>
    getClaimsLocales()
    Returns the preferred locales for the consented OpenID claims.
    @Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation
    getClientCertificateConfirmation()
    Returns the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.
    @Nullable com.nimbusds.oauth2.sdk.id.ClientID
    getClientID()
    Returns the identifier of the client to which the access token is issued.
    @Nullable net.minidev.json.JSONObject
    getData()
    Returns the optional data for the access token.
    @Nullable Instant
    getExpirationTime()
    Returns the expiration time of the access token.
    @Nullable com.nimbusds.oauth2.sdk.id.Issuer
    getIssuer()
    Returns the issuer of the access token.
    @Nullable Instant
    getIssueTime()
    Returns the issue time of the access token.
    default @Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation
    getJWKThumbprintConfirmation()
    Returns the JWK SHA-256 thumbprint confirmation for DPoP.
    @Nullable com.nimbusds.oauth2.sdk.id.JWTID
    getJWTID()
    Returns the JSON Web Token (JWT) identifier of the access token.
    default @Nullable com.nimbusds.oauth2.sdk.id.Subject
    getLocalSubject()
    Returns the access token local subject.
    default @Nullable Map<String,Object>
    getOtherTopLevelParameters()
    Returns a map of other top-level parameters.
    @Nullable net.minidev.json.JSONObject
    getPresetClaims()
    Returns the preset OpenID claims to be included in the UserInfo response.
    @Nullable com.nimbusds.oauth2.sdk.Scope
    getScope()
    Returns the scope of the access token.
    @Nullable com.nimbusds.oauth2.sdk.id.Subject
    getSubject()
    Returns the access token subject.
    default @Nullable String
    getSubjectSessionKey()
    Returns the associated subject (end-user) session key (session ID with omitted HMAC).
    default @Nullable com.nimbusds.openid.connect.sdk.SubjectType
    getSubjectType()
    Returns the access token subject type.

  • Method Details

    • getSubject

      @Nullable com.nimbusds.oauth2.sdk.id.Subject getSubject()
      Returns the access token subject.
      Returns:
      The subject, null if not specified.

    • getActor

      @Nullable com.nimbusds.oauth2.sdk.id.Actor getActor()
      Returns the access token actor, in impersonation and delegation scenarios.
      Returns:
      The actor, null if not specified.

    • getClientID

      @Nullable com.nimbusds.oauth2.sdk.id.ClientID getClientID()
      Returns the identifier of the client to which the access token is issued.
      Returns:
      The client identifier, null if not specified.

    • getScope

      @Nullable com.nimbusds.oauth2.sdk.Scope getScope()
      Returns the scope of the access token.
      Returns:
      The scope, null if not specified.

    • getExpirationTime

      @Nullable Instant getExpirationTime()
      Returns the expiration time of the access token.
      Returns:
      The expiration time, null if not specified.

    • getIssueTime

      @Nullable Instant getIssueTime()
      Returns the issue time of the access token.
      Returns:
      The issue time, null if not specified.

    • getIssuer

      @Nullable com.nimbusds.oauth2.sdk.id.Issuer getIssuer()
      Returns the issuer of the access token.
      Returns:
      The issuer, null if not specified.

    • getAudienceList

      @Nullable List<com.nimbusds.oauth2.sdk.id.Audience> getAudienceList()
      Returns the audience list of the access token, which may be the logical names of the intended resource servers.
      Returns:
      The audience list, null if not specified.

    • getSubjectType

      default @Nullable com.nimbusds.openid.connect.sdk.SubjectType getSubjectType()
      Returns the access token subject type.
      Returns:
      The subject type, null if not specified (may imply public).

    • getLocalSubject

      default @Nullable com.nimbusds.oauth2.sdk.id.Subject getLocalSubject()
      Returns the access token local subject. Equals the getSubject() value unless the subject type is pairwise.

      Use this method if there is a need to get the local (system) subject for an access token which subject was made pairwise for its audience (resource server).

      Note, an access token which subject is made pairwise must not have its local subject exposed in introspection responses intended for the token audience!

      Returns:
      The local subject, null if not specified or for a pairwise subject type that couldn't be reversed.

    • getJWTID

      @Nullable com.nimbusds.oauth2.sdk.id.JWTID getJWTID()
      Returns the JSON Web Token (JWT) identifier of the access token.
      Returns:
      The JWT ID, null if not specified or applicable.

    • getClaimNames

      @Nullable Set<String> getClaimNames()
      Returns the names of the consented OpenID claims to be accessed at the UserInfo endpoint.
      Returns:
      The claim names, null if not specified.

    • getClaimsLocales

      @Nullable List<com.nimbusds.langtag.LangTag> getClaimsLocales()
      Returns the preferred locales for the consented OpenID claims.
      Returns:
      The preferred claims locales, null if not specified.

    • getPresetClaims

      @Nullable net.minidev.json.JSONObject getPresetClaims()
      Returns the preset OpenID claims to be included in the UserInfo response.
      Returns:
      The preset OpenID claims, null if not specified.

    • getData

      @Nullable net.minidev.json.JSONObject getData()
      Returns the optional data for the access token.
      Returns:
      The optional data, represented as a JSON object, null if not specified.

    • getClientCertificateConfirmation

      @Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation getClientCertificateConfirmation()
      Returns the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.
      Returns:
      The client X.509 certificate confirmation, null if none.

    • getJWKThumbprintConfirmation

      default @Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation getJWKThumbprintConfirmation()
      Returns the JWK SHA-256 thumbprint confirmation for DPoP.
      Returns:
      The JWK thumbprint confirmation, null if none.

    • getOtherTopLevelParameters

      default @Nullable Map<String,Object> getOtherTopLevelParameters()
      Returns a map of other top-level parameters.
      Returns:
      Other top-level parameters, the values should map to JSON entities, null if none.

    • getClaimsData

      default @Nullable net.minidev.json.JSONObject getClaimsData()
      Returns the optional OpenID claims fulfillment data.
      Returns:
      The OpenID claims fulfillment data, null if not specified.

    • getSubjectSessionKey

      default @Nullable String getSubjectSessionKey()
      Returns the associated subject (end-user) session key (session ID with omitted HMAC).
      Returns:
      The subject session key, null if not available.