Interface ReadOnlyAuthorizationServerMetadata

  • All Superinterfaces:
    ReadOnlyAuthorizationServerEndpointMetadata
    All Known Subinterfaces:
    ReadOnlyOIDCProviderMetadata
    All Known Implementing Classes:
    AuthorizationServerMetadata, OIDCProviderMetadata

    public interface ReadOnlyAuthorizationServerMetadata
    extends ReadOnlyAuthorizationServerEndpointMetadata
    Read-only OAuth 2.0 Authorisation Server (AS) metadata.

    Related specifications:

    • OAuth 2.0 Authorization Server Metadata (RFC 8414)
    • OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705)
    • OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (draft-ietf-oauth-dpop-16)
    • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
    • OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)
    • Financial-grade API - Part 2: Read and Write API Security Profile
    • OAuth 2.0 Pushed Authorization Requests (RFC 9126)
    • OAuth 2.0 Rich Authorization Requests (RFC 9396)
    • OAuth 2.0 Device Authorization Grant (RFC 8628)
    • OpenID Connect Client Initiated Backchannel Authentication Flow - Core 1.0
    • OAuth 2.0 Incremental Authorization (draft-ietf-oauth-incremental-authz-04)
    • Initiating User Registration via OpenID Connect 1.0
    • OpenID Connect Federation 1.0 (draft 22)
    • Method Detail

      • getIssuer

        Issuer getIssuer()
        Gets the issuer identifier. Corresponds to the issuer metadata field.
        Returns:
        The issuer identifier.
      • getJWKSetURI

        URI getJWKSetURI()
        Gets the JSON Web Key (JWK) set URI. Corresponds to the jwks_uri metadata field.
        Returns:
        The JWK set URI, null if not specified.
      • getScopes

        Scope getScopes()
        Gets the supported scope values. Corresponds to the scopes_supported metadata field.
        Returns:
        The supported scope values, null if not specified.
      • getResponseTypes

        List<ResponseTypegetResponseTypes()
        Gets the supported response type values. Corresponds to the response_types_supported metadata field.
        Returns:
        The supported response type values, null if not specified.
      • getResponseModes

        List<ResponseModegetResponseModes()
        Gets the supported response mode values. Corresponds to the response_modes_supported.
        Returns:
        The supported response mode values, null if not specified.
      • getGrantTypes

        List<GrantTypegetGrantTypes()
        Gets the supported OAuth 2.0 grant types. Corresponds to the grant_types_supported metadata field.
        Returns:
        The supported grant types, null if not specified.
      • getCodeChallengeMethods

        List<CodeChallengeMethodgetCodeChallengeMethods()
        Gets the supported authorisation code challenge methods for PKCE. Corresponds to the code_challenge_methods_supported metadata field.
        Returns:
        The supported code challenge methods, null if not specified.
      • getTokenEndpointAuthMethods

        List<ClientAuthenticationMethodgetTokenEndpointAuthMethods()
        Gets the supported token endpoint authentication methods. Corresponds to the token_endpoint_auth_methods_supported metadata field.
        Returns:
        The supported token endpoint authentication methods, null if not specified.
      • getTokenEndpointJWSAlgs

        List<com.nimbusds.jose.JWSAlgorithm> getTokenEndpointJWSAlgs()
        Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt token endpoint authentication methods. Corresponds to the token_endpoint_auth_signing_alg_values_supported metadata field.
        Returns:
        The supported JWS algorithms, null if not specified.
      • getIntrospectionEndpointAuthMethods

        List<ClientAuthenticationMethodgetIntrospectionEndpointAuthMethods()
        Gets the supported introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_methods_supported metadata field.
        Returns:
        The supported introspection endpoint authentication methods, null if not specified.
      • getIntrospectionEndpointJWSAlgs

        List<com.nimbusds.jose.JWSAlgorithm> getIntrospectionEndpointJWSAlgs()
        Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_signing_alg_values_supported metadata field.
        Returns:
        The supported JWS algorithms, null if not specified.
      • getRevocationEndpointAuthMethods

        List<ClientAuthenticationMethodgetRevocationEndpointAuthMethods()
        Gets the supported revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_methods_supported metadata field.
        Returns:
        The supported revocation endpoint authentication methods, null if not specified.
      • getRevocationEndpointJWSAlgs

        List<com.nimbusds.jose.JWSAlgorithm> getRevocationEndpointJWSAlgs()
        Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_signing_alg_values_supported metadata field.
        Returns:
        The supported JWS algorithms, null if not specified.
      • getRequestObjectJWSAlgs

        List<com.nimbusds.jose.JWSAlgorithm> getRequestObjectJWSAlgs()
        Gets the supported JWS algorithms for request objects. Corresponds to the request_object_signing_alg_values_supported metadata field.
        Returns:
        The supported JWS algorithms, null if not specified.
      • getRequestObjectJWEAlgs

        List<com.nimbusds.jose.JWEAlgorithm> getRequestObjectJWEAlgs()
        Gets the supported JWE algorithms for request objects. Corresponds to the request_object_encryption_alg_values_supported metadata field.
        Returns:
        The supported JWE algorithms, null if not specified.
      • getRequestObjectJWEEncs

        List<com.nimbusds.jose.EncryptionMethod> getRequestObjectJWEEncs()
        Gets the supported encryption methods for request objects. Corresponds to the request_object_encryption_enc_values_supported metadata field.
        Returns:
        The supported encryption methods, null if not specified.
      • supportsRequestParam

        boolean supportsRequestParam()
        Gets the support for the request authorisation request parameter. Corresponds to the request_parameter_supported metadata field.
        Returns:
        true if the reqeust parameter is supported, else false.
      • supportsRequestURIParam

        boolean supportsRequestURIParam()
        Gets the support for the request_uri authorisation request parameter. Corresponds to the request_uri_parameter_supported metadata field.
        Returns:
        true if the request_uri parameter is supported, else false.
      • requiresRequestURIRegistration

        boolean requiresRequestURIRegistration()
        Gets the requirement for the request_uri parameter pre-registration. Corresponds to the require_request_uri_registration metadata field.
        Returns:
        true if the request_uri parameter values must be pre-registered, else false.
      • supportsAuthorizationResponseIssuerParam

        boolean supportsAuthorizationResponseIssuerParam()
        Gets the support for the iss authorisation response parameter. Corresponds to the authorization_response_iss_parameter_supported metadata field.
        Returns:
        true if the iss authorisation response parameter is provided, else false.
      • getUILocales

        List<com.nimbusds.langtag.LangTag> getUILocales()
        Gets the supported UI locales. Corresponds to the ui_locales_supported metadata field.
        Returns:
        The supported UI locales, null if not specified.
      • getServiceDocsURI

        URI getServiceDocsURI()
        Gets the service documentation URI. Corresponds to the service_documentation metadata field.
        Returns:
        The service documentation URI, null if not specified.
      • getPolicyURI

        URI getPolicyURI()
        Gets the provider's policy regarding relying party use of data. Corresponds to the op_policy_uri metadata field.
        Returns:
        The policy URI, null if not specified.
      • getTermsOfServiceURI

        URI getTermsOfServiceURI()
        Gets the provider's terms of service. Corresponds to the op_tos_uri metadata field.
        Returns:
        The terms of service URI, null if not specified.
      • supportsTLSClientCertificateBoundAccessTokens

        boolean supportsTLSClientCertificateBoundAccessTokens()
        Gets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.
        Returns:
        true if TLS client certificate bound access tokens are supported, else false.
      • supportsMutualTLSSenderConstrainedAccessTokens

        @Deprecated
        boolean supportsMutualTLSSenderConstrainedAccessTokens()
        Deprecated.
        Gets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.
        Returns:
        true if TLS client certificate bound access tokens are supported, else false.
      • getDPoPJWSAlgs

        List<com.nimbusds.jose.JWSAlgorithm> getDPoPJWSAlgs()
        Gets the supported JWS algorithms for Demonstrating Proof-of-Possession at the Application Layer (DPoP). Corresponds to the "dpop_signing_alg_values_supported" metadata field.
        Returns:
        The supported JWS algorithms for DPoP, null if none.
      • getAuthorizationJWSAlgs

        List<com.nimbusds.jose.JWSAlgorithm> getAuthorizationJWSAlgs()
        Gets the supported JWS algorithms for JWT-encoded authorisation responses. Corresponds to the authorization_signing_alg_values_supported metadata field.
        Returns:
        The supported JWS algorithms, null if not specified.
      • getAuthorizationJWEAlgs

        List<com.nimbusds.jose.JWEAlgorithm> getAuthorizationJWEAlgs()
        Gets the supported JWE algorithms for JWT-encoded authorisation responses. Corresponds to the authorization_encryption_alg_values_supported metadata field.
        Returns:
        The supported JWE algorithms, null if not specified.
      • getAuthorizationJWEEncs

        List<com.nimbusds.jose.EncryptionMethod> getAuthorizationJWEEncs()
        Gets the supported encryption methods for JWT-encoded authorisation responses. Corresponds to the authorization_encryption_enc_values_supported metadata field.
        Returns:
        The supported encryption methods, null if not specified.
      • requiresPushedAuthorizationRequests

        boolean requiresPushedAuthorizationRequests()
        Gets the requirement for pushed authorisation requests (PAR). Corresponds to the pushed_authorization_request_endpoint metadata field.
        Returns:
        true if PAR is required, else false.
      • getAuthorizationDetailsTypes

        List<AuthorizationTypegetAuthorizationDetailsTypes()
        Gets the supported authorisation details types for Rich Authorisation Requests (RAR). Corresponds to the authorization_details_types_supported metadata field.
        Returns:
        The supported authorisation types, null if not specified.
      • getIncrementalAuthorizationTypes

        List<ClientTypegetIncrementalAuthorizationTypes()
        Gets the supported OAuth 2.0 client types for incremental authorisation. Corresponds to the incremental_authz_types_supported metadata field.
        Returns:
        The supported client types for incremental authorisation, null if not specified.
      • getBackChannelAuthenticationRequestJWSAlgs

        List<com.nimbusds.jose.JWSAlgorithm> getBackChannelAuthenticationRequestJWSAlgs()
        Gets the supported JWS algorithms for CIBA requests. Corresponds to the backchannel_authentication_request_signing_alg_values_supported metadata field.
        Returns:
        The supported JWS algorithms, null if not specified.
      • supportsBackChannelUserCodeParam

        boolean supportsBackChannelUserCodeParam()
        Gets the support for the user_code CIBA request parameter. Corresponds to the backchannel_user_code_parameter_supported metadata field.
        Returns:
        true if the user_code parameter is supported, else false.
      • getOrganizationName

        String getOrganizationName()
        Gets the organisation name (OpenID Connect Federation 1.0). Corresponds to the organization_name metadata field.
        Returns:
        The organisation name, null if not specified.
      • getJWKSet

        com.nimbusds.jose.jwk.JWKSet getJWKSet()
        Gets the JWK set (OpenID Connect Federation 1.0). Corresponds to the jwks metadata field.
        Returns:
        The JWK set, null if not specified.
      • getSignedJWKSetURI

        URI getSignedJWKSetURI()
        Gets the signed JWK set URI (OpenID Connect Federation 1.0). Corresponds to the signed_jwks_uri metadata field.
        Returns:
        The signed JWK set URI, null if not specified.
      • getClientRegistrationTypes

        List<ClientRegistrationTypegetClientRegistrationTypes()
        Gets the supported OpenID Connect Federation 1.0 client registration types. Corresponds to the client_registration_types_supported metadata field.
        Returns:
        The supported client registration types, null if not specified.
      • getClientRegistrationAuthnMethods

        Map<EndpointName,​List<ClientAuthenticationMethod>> getClientRegistrationAuthnMethods()
        Gets the supported request authentication methods for automatic OpenID Connect Federation 1.0 client registration. Corresponds to the request_authentication_methods_supported field.
        Returns:
        The supported request authentication methods for automatic federation client registration, null if not specified.
      • getClientRegistrationAuthnJWSAlgs

        List<com.nimbusds.jose.JWSAlgorithm> getClientRegistrationAuthnJWSAlgs()
        Gets the supported JWS algorithms for authenticating automatic OpenID Connect Federation 1.0 client registration requests. Corresponds to the request_authentication_signing_alg_values_supported.
        Returns:
        The supported JWS algorithms, null if not specified.
      • getCustomParameter

        Object getCustomParameter​(String name)
        Gets the specified custom (not registered) parameter.
        Parameters:
        name - The parameter name. Must not be null.
        Returns:
        The parameter value, null if not specified.
      • getCustomURIParameter

        URI getCustomURIParameter​(String name)
        Gets the specified custom (not registered) URI parameter.
        Parameters:
        name - The parameter name. Must not be null.
        Returns:
        The parameter URI value, null if not specified.
      • getCustomParameters

        net.minidev.json.JSONObject getCustomParameters()
        Gets the custom (not registered) parameters.
        Returns:
        The custom parameters, empty JSON object if none.