Package com.nimbusds.oauth2.sdk.as
Interface ReadOnlyAuthorizationServerMetadata
-
- All Superinterfaces:
ReadOnlyAuthorizationServerEndpointMetadata
- All Known Subinterfaces:
ReadOnlyOIDCProviderMetadata
- All Known Implementing Classes:
AuthorizationServerMetadata
,OIDCProviderMetadata
public interface ReadOnlyAuthorizationServerMetadata extends ReadOnlyAuthorizationServerEndpointMetadata
Read-only OAuth 2.0 Authorisation Server (AS) metadata.Related specifications:
- OAuth 2.0 Authorization Server Metadata (RFC 8414)
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705)
- OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (draft-ietf-oauth-dpop-16)
- Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
- OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)
- Financial-grade API - Part 2: Read and Write API Security Profile
- OAuth 2.0 Pushed Authorization Requests (RFC 9126)
- OAuth 2.0 Rich Authorization Requests (RFC 9396)
- OAuth 2.0 Device Authorization Grant (RFC 8628)
- OpenID Connect Client Initiated Backchannel Authentication Flow - Core 1.0
- OAuth 2.0 Incremental Authorization (draft-ietf-oauth-incremental-authz-04)
- Initiating User Registration via OpenID Connect 1.0
- OpenID Connect Federation 1.0 (draft 22)
-
-
Method Summary
All Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method Description List<AuthorizationType>
getAuthorizationDetailsTypes()
Gets the supported authorisation details types for Rich Authorisation Requests (RAR).List<com.nimbusds.jose.JWEAlgorithm>
getAuthorizationJWEAlgs()
Gets the supported JWE algorithms for JWT-encoded authorisation responses.List<com.nimbusds.jose.EncryptionMethod>
getAuthorizationJWEEncs()
Gets the supported encryption methods for JWT-encoded authorisation responses.List<com.nimbusds.jose.JWSAlgorithm>
getAuthorizationJWSAlgs()
Gets the supported JWS algorithms for JWT-encoded authorisation responses.List<com.nimbusds.jose.JWSAlgorithm>
getBackChannelAuthenticationRequestJWSAlgs()
Gets the supported JWS algorithms for CIBA requests.List<BackChannelTokenDeliveryMode>
getBackChannelTokenDeliveryModes()
Gets the supported CIBA token delivery modes.List<com.nimbusds.jose.JWSAlgorithm>
getClientRegistrationAuthnJWSAlgs()
Gets the supported JWS algorithms for authenticating automatic OpenID Connect Federation 1.0 client registration requests.Map<EndpointName,List<ClientAuthenticationMethod>>
getClientRegistrationAuthnMethods()
Gets the supported request authentication methods for automatic OpenID Connect Federation 1.0 client registration.List<ClientRegistrationType>
getClientRegistrationTypes()
Gets the supported OpenID Connect Federation 1.0 client registration types.List<CodeChallengeMethod>
getCodeChallengeMethods()
Gets the supported authorisation code challenge methods for PKCE.Object
getCustomParameter(String name)
Gets the specified custom (not registered) parameter.net.minidev.json.JSONObject
getCustomParameters()
Gets the custom (not registered) parameters.URI
getCustomURIParameter(String name)
Gets the specified custom (not registered) URI parameter.List<com.nimbusds.jose.JWSAlgorithm>
getDPoPJWSAlgs()
Gets the supported JWS algorithms for Demonstrating Proof-of-Possession at the Application Layer (DPoP).List<GrantType>
getGrantTypes()
Gets the supported OAuth 2.0 grant types.List<ClientType>
getIncrementalAuthorizationTypes()
Gets the supported OAuth 2.0 client types for incremental authorisation.List<ClientAuthenticationMethod>
getIntrospectionEndpointAuthMethods()
Gets the supported introspection endpoint authentication methods.List<com.nimbusds.jose.JWSAlgorithm>
getIntrospectionEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
introspection endpoint authentication methods.Issuer
getIssuer()
Gets the issuer identifier.com.nimbusds.jose.jwk.JWKSet
getJWKSet()
Gets the JWK set (OpenID Connect Federation 1.0).URI
getJWKSetURI()
Gets the JSON Web Key (JWK) set URI.String
getOrganizationName()
Gets the organisation name (OpenID Connect Federation 1.0).URI
getPolicyURI()
Gets the provider's policy regarding relying party use of data.List<Prompt.Type>
getPromptTypes()
Gets the supportedprompt types
.ReadOnlyAuthorizationServerEndpointMetadata
getReadOnlyMtlsEndpointAliases()
Gets the aliases for communication with mutual TLS.List<com.nimbusds.jose.JWEAlgorithm>
getRequestObjectJWEAlgs()
Gets the supported JWE algorithms for request objects.List<com.nimbusds.jose.EncryptionMethod>
getRequestObjectJWEEncs()
Gets the supported encryption methods for request objects.List<com.nimbusds.jose.JWSAlgorithm>
getRequestObjectJWSAlgs()
Gets the supported JWS algorithms for request objects.List<ResponseMode>
getResponseModes()
Gets the supported response mode values.List<ResponseType>
getResponseTypes()
Gets the supported response type values.List<ClientAuthenticationMethod>
getRevocationEndpointAuthMethods()
Gets the supported revocation endpoint authentication methods.List<com.nimbusds.jose.JWSAlgorithm>
getRevocationEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
revocation endpoint authentication methods.Scope
getScopes()
Gets the supported scope values.URI
getServiceDocsURI()
Gets the service documentation URI.URI
getSignedJWKSetURI()
Gets the signed JWK set URI (OpenID Connect Federation 1.0).URI
getTermsOfServiceURI()
Gets the provider's terms of service.List<ClientAuthenticationMethod>
getTokenEndpointAuthMethods()
Gets the supported token endpoint authentication methods.List<com.nimbusds.jose.JWSAlgorithm>
getTokenEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
token endpoint authentication methods.List<com.nimbusds.langtag.LangTag>
getUILocales()
Gets the supported UI locales.boolean
requiresPushedAuthorizationRequests()
Gets the requirement for pushed authorisation requests (PAR).boolean
requiresRequestURIRegistration()
Gets the requirement for therequest_uri
parameter pre-registration.boolean
supportsAuthorizationResponseIssuerParam()
Gets the support for theiss
authorisation response parameter.boolean
supportsBackChannelUserCodeParam()
Gets the support for theuser_code
CIBA request parameter.boolean
supportsMutualTLSSenderConstrainedAccessTokens()
Deprecated.boolean
supportsRequestParam()
Gets the support for therequest
authorisation request parameter.boolean
supportsRequestURIParam()
Gets the support for therequest_uri
authorisation request parameter.boolean
supportsTLSClientCertificateBoundAccessTokens()
Gets the support for TLS client certificate bound access tokens.net.minidev.json.JSONObject
toJSONObject()
Returns the JSON object representation of the metadata.-
Methods inherited from interface com.nimbusds.oauth2.sdk.as.ReadOnlyAuthorizationServerEndpointMetadata
getAuthorizationEndpointURI, getBackChannelAuthenticationEndpoint, getBackChannelAuthenticationEndpointURI, getDeviceAuthorizationEndpointURI, getFederationRegistrationEndpointURI, getIntrospectionEndpointURI, getPushedAuthorizationRequestEndpointURI, getRegistrationEndpointURI, getRequestObjectEndpoint, getRevocationEndpointURI, getTokenEndpointURI
-
-
-
-
Method Detail
-
getIssuer
Issuer getIssuer()
Gets the issuer identifier. Corresponds to theissuer
metadata field.- Returns:
- The issuer identifier.
-
getJWKSetURI
URI getJWKSetURI()
Gets the JSON Web Key (JWK) set URI. Corresponds to thejwks_uri
metadata field.- Returns:
- The JWK set URI,
null
if not specified.
-
getScopes
Scope getScopes()
Gets the supported scope values. Corresponds to thescopes_supported
metadata field.- Returns:
- The supported scope values,
null
if not specified.
-
getResponseTypes
List<ResponseType> getResponseTypes()
Gets the supported response type values. Corresponds to theresponse_types_supported
metadata field.- Returns:
- The supported response type values,
null
if not specified.
-
getResponseModes
List<ResponseMode> getResponseModes()
Gets the supported response mode values. Corresponds to theresponse_modes_supported
.- Returns:
- The supported response mode values,
null
if not specified.
-
getGrantTypes
List<GrantType> getGrantTypes()
Gets the supported OAuth 2.0 grant types. Corresponds to thegrant_types_supported
metadata field.- Returns:
- The supported grant types,
null
if not specified.
-
getCodeChallengeMethods
List<CodeChallengeMethod> getCodeChallengeMethods()
Gets the supported authorisation code challenge methods for PKCE. Corresponds to thecode_challenge_methods_supported
metadata field.- Returns:
- The supported code challenge methods,
null
if not specified.
-
getTokenEndpointAuthMethods
List<ClientAuthenticationMethod> getTokenEndpointAuthMethods()
Gets the supported token endpoint authentication methods. Corresponds to thetoken_endpoint_auth_methods_supported
metadata field.- Returns:
- The supported token endpoint authentication methods,
null
if not specified.
-
getTokenEndpointJWSAlgs
List<com.nimbusds.jose.JWSAlgorithm> getTokenEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
token endpoint authentication methods. Corresponds to thetoken_endpoint_auth_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
getIntrospectionEndpointAuthMethods
List<ClientAuthenticationMethod> getIntrospectionEndpointAuthMethods()
Gets the supported introspection endpoint authentication methods. Corresponds to theintrospection_endpoint_auth_methods_supported
metadata field.- Returns:
- The supported introspection endpoint authentication methods,
null
if not specified.
-
getIntrospectionEndpointJWSAlgs
List<com.nimbusds.jose.JWSAlgorithm> getIntrospectionEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
introspection endpoint authentication methods. Corresponds to theintrospection_endpoint_auth_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
getRevocationEndpointAuthMethods
List<ClientAuthenticationMethod> getRevocationEndpointAuthMethods()
Gets the supported revocation endpoint authentication methods. Corresponds to therevocation_endpoint_auth_methods_supported
metadata field.- Returns:
- The supported revocation endpoint authentication methods,
null
if not specified.
-
getRevocationEndpointJWSAlgs
List<com.nimbusds.jose.JWSAlgorithm> getRevocationEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
revocation endpoint authentication methods. Corresponds to therevocation_endpoint_auth_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
getRequestObjectJWSAlgs
List<com.nimbusds.jose.JWSAlgorithm> getRequestObjectJWSAlgs()
Gets the supported JWS algorithms for request objects. Corresponds to therequest_object_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
getRequestObjectJWEAlgs
List<com.nimbusds.jose.JWEAlgorithm> getRequestObjectJWEAlgs()
Gets the supported JWE algorithms for request objects. Corresponds to therequest_object_encryption_alg_values_supported
metadata field.- Returns:
- The supported JWE algorithms,
null
if not specified.
-
getRequestObjectJWEEncs
List<com.nimbusds.jose.EncryptionMethod> getRequestObjectJWEEncs()
Gets the supported encryption methods for request objects. Corresponds to therequest_object_encryption_enc_values_supported
metadata field.- Returns:
- The supported encryption methods,
null
if not specified.
-
supportsRequestParam
boolean supportsRequestParam()
Gets the support for therequest
authorisation request parameter. Corresponds to therequest_parameter_supported
metadata field.- Returns:
true
if thereqeust
parameter is supported, elsefalse
.
-
supportsRequestURIParam
boolean supportsRequestURIParam()
Gets the support for therequest_uri
authorisation request parameter. Corresponds to therequest_uri_parameter_supported
metadata field.- Returns:
true
if therequest_uri
parameter is supported, elsefalse
.
-
requiresRequestURIRegistration
boolean requiresRequestURIRegistration()
Gets the requirement for therequest_uri
parameter pre-registration. Corresponds to therequire_request_uri_registration
metadata field.- Returns:
true
if therequest_uri
parameter values must be pre-registered, elsefalse
.
-
supportsAuthorizationResponseIssuerParam
boolean supportsAuthorizationResponseIssuerParam()
Gets the support for theiss
authorisation response parameter. Corresponds to theauthorization_response_iss_parameter_supported
metadata field.- Returns:
true
if theiss
authorisation response parameter is provided, elsefalse
.
-
getUILocales
List<com.nimbusds.langtag.LangTag> getUILocales()
Gets the supported UI locales. Corresponds to theui_locales_supported
metadata field.- Returns:
- The supported UI locales,
null
if not specified.
-
getServiceDocsURI
URI getServiceDocsURI()
Gets the service documentation URI. Corresponds to theservice_documentation
metadata field.- Returns:
- The service documentation URI,
null
if not specified.
-
getPolicyURI
URI getPolicyURI()
Gets the provider's policy regarding relying party use of data. Corresponds to theop_policy_uri
metadata field.- Returns:
- The policy URI,
null
if not specified.
-
getTermsOfServiceURI
URI getTermsOfServiceURI()
Gets the provider's terms of service. Corresponds to theop_tos_uri
metadata field.- Returns:
- The terms of service URI,
null
if not specified.
-
getReadOnlyMtlsEndpointAliases
ReadOnlyAuthorizationServerEndpointMetadata getReadOnlyMtlsEndpointAliases()
Gets the aliases for communication with mutual TLS. Corresponds to themtls_endpoint_aliases
metadata field.- Returns:
- The aliases for communication with mutual TLS,
null
when no aliases are defined.
-
supportsTLSClientCertificateBoundAccessTokens
boolean supportsTLSClientCertificateBoundAccessTokens()
Gets the support for TLS client certificate bound access tokens. Corresponds to thetls_client_certificate_bound_access_tokens
metadata field.- Returns:
true
if TLS client certificate bound access tokens are supported, elsefalse
.
-
supportsMutualTLSSenderConstrainedAccessTokens
@Deprecated boolean supportsMutualTLSSenderConstrainedAccessTokens()
Deprecated.Gets the support for TLS client certificate bound access tokens. Corresponds to thetls_client_certificate_bound_access_tokens
metadata field.- Returns:
true
if TLS client certificate bound access tokens are supported, elsefalse
.
-
getDPoPJWSAlgs
List<com.nimbusds.jose.JWSAlgorithm> getDPoPJWSAlgs()
Gets the supported JWS algorithms for Demonstrating Proof-of-Possession at the Application Layer (DPoP). Corresponds to the "dpop_signing_alg_values_supported" metadata field.- Returns:
- The supported JWS algorithms for DPoP,
null
if none.
-
getAuthorizationJWSAlgs
List<com.nimbusds.jose.JWSAlgorithm> getAuthorizationJWSAlgs()
Gets the supported JWS algorithms for JWT-encoded authorisation responses. Corresponds to theauthorization_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
getAuthorizationJWEAlgs
List<com.nimbusds.jose.JWEAlgorithm> getAuthorizationJWEAlgs()
Gets the supported JWE algorithms for JWT-encoded authorisation responses. Corresponds to theauthorization_encryption_alg_values_supported
metadata field.- Returns:
- The supported JWE algorithms,
null
if not specified.
-
getAuthorizationJWEEncs
List<com.nimbusds.jose.EncryptionMethod> getAuthorizationJWEEncs()
Gets the supported encryption methods for JWT-encoded authorisation responses. Corresponds to theauthorization_encryption_enc_values_supported
metadata field.- Returns:
- The supported encryption methods,
null
if not specified.
-
requiresPushedAuthorizationRequests
boolean requiresPushedAuthorizationRequests()
Gets the requirement for pushed authorisation requests (PAR). Corresponds to thepushed_authorization_request_endpoint
metadata field.- Returns:
true
if PAR is required, elsefalse
.
-
getAuthorizationDetailsTypes
List<AuthorizationType> getAuthorizationDetailsTypes()
Gets the supported authorisation details types for Rich Authorisation Requests (RAR). Corresponds to theauthorization_details_types_supported
metadata field.- Returns:
- The supported authorisation types,
null
if not specified.
-
getIncrementalAuthorizationTypes
List<ClientType> getIncrementalAuthorizationTypes()
Gets the supported OAuth 2.0 client types for incremental authorisation. Corresponds to theincremental_authz_types_supported
metadata field.- Returns:
- The supported client types for incremental authorisation,
null
if not specified.
-
getBackChannelTokenDeliveryModes
List<BackChannelTokenDeliveryMode> getBackChannelTokenDeliveryModes()
Gets the supported CIBA token delivery modes. Corresponds to thebackchannel_token_delivery_modes_supported
metadata field.- Returns:
- The CIBA token delivery modes,
null
if not specified.
-
getBackChannelAuthenticationRequestJWSAlgs
List<com.nimbusds.jose.JWSAlgorithm> getBackChannelAuthenticationRequestJWSAlgs()
Gets the supported JWS algorithms for CIBA requests. Corresponds to thebackchannel_authentication_request_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
supportsBackChannelUserCodeParam
boolean supportsBackChannelUserCodeParam()
Gets the support for theuser_code
CIBA request parameter. Corresponds to thebackchannel_user_code_parameter_supported
metadata field.- Returns:
true
if theuser_code
parameter is supported, elsefalse
.
-
getPromptTypes
List<Prompt.Type> getPromptTypes()
Gets the supportedprompt types
. Corresponds to theprompt_values_supported
metadata field.- Returns:
- The supported prompt types,
null
if not specified.
-
getOrganizationName
String getOrganizationName()
Gets the organisation name (OpenID Connect Federation 1.0). Corresponds to theorganization_name
metadata field.- Returns:
- The organisation name,
null
if not specified.
-
getJWKSet
com.nimbusds.jose.jwk.JWKSet getJWKSet()
Gets the JWK set (OpenID Connect Federation 1.0). Corresponds to thejwks
metadata field.- Returns:
- The JWK set,
null
if not specified.
-
getSignedJWKSetURI
URI getSignedJWKSetURI()
Gets the signed JWK set URI (OpenID Connect Federation 1.0). Corresponds to thesigned_jwks_uri
metadata field.- Returns:
- The signed JWK set URI,
null
if not specified.
-
getClientRegistrationTypes
List<ClientRegistrationType> getClientRegistrationTypes()
Gets the supported OpenID Connect Federation 1.0 client registration types. Corresponds to theclient_registration_types_supported
metadata field.- Returns:
- The supported client registration types,
null
if not specified.
-
getClientRegistrationAuthnMethods
Map<EndpointName,List<ClientAuthenticationMethod>> getClientRegistrationAuthnMethods()
Gets the supported request authentication methods for automatic OpenID Connect Federation 1.0 client registration. Corresponds to therequest_authentication_methods_supported
field.- Returns:
- The supported request authentication methods for automatic
federation client registration,
null
if not specified.
-
getClientRegistrationAuthnJWSAlgs
List<com.nimbusds.jose.JWSAlgorithm> getClientRegistrationAuthnJWSAlgs()
Gets the supported JWS algorithms for authenticating automatic OpenID Connect Federation 1.0 client registration requests. Corresponds to therequest_authentication_signing_alg_values_supported
.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
getCustomParameter
Object getCustomParameter(String name)
Gets the specified custom (not registered) parameter.- Parameters:
name
- The parameter name. Must not benull
.- Returns:
- The parameter value,
null
if not specified.
-
getCustomURIParameter
URI getCustomURIParameter(String name)
Gets the specified custom (not registered) URI parameter.- Parameters:
name
- The parameter name. Must not benull
.- Returns:
- The parameter URI value,
null
if not specified.
-
getCustomParameters
net.minidev.json.JSONObject getCustomParameters()
Gets the custom (not registered) parameters.- Returns:
- The custom parameters, empty JSON object if none.
-
toJSONObject
net.minidev.json.JSONObject toJSONObject()
Returns the JSON object representation of the metadata.- Specified by:
toJSONObject
in interfaceReadOnlyAuthorizationServerEndpointMetadata
- Returns:
- The JSON object representation.
-
-