001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.claims; 019 020 021import net.jcip.annotations.Immutable; 022 023import com.nimbusds.oauth2.sdk.id.Identifier; 024 025 026/** 027 * Authentication Method Reference ({@code amr}). It identifies the method 028 * used in authentication. 029 * 030 * <p>The AMR is represented by a string or an URI string. 031 * 032 * <p>Related specifications: 033 * 034 * <ul> 035 * <li>RFC 8176. 036 * <li>OpenID Connect Core 1.0, section 2. 037 * </ul> 038 */ 039@Immutable 040public final class AMR extends Identifier { 041 042 043 private static final long serialVersionUID = -6833651441441953910L; 044 045 046 /** 047 * Biometric authentication (RFC 4949) using facial recognition. 048 */ 049 public static final AMR FACE = new AMR("face"); 050 051 052 /** 053 * Biometric authentication (RFC 4949) using a fingerprint. 054 */ 055 public static final AMR FPT = new AMR("fpt"); 056 057 058 /** 059 * Use of geolocation information for authentication, such as that 060 * provided by W3C REC-geolocation-API-20161108. 061 */ 062 public static final AMR GEO = new AMR("geo"); 063 064 065 /** 066 * Proof-of-Possession (PoP) of a hardware-secured key. See Appendix C 067 * of RFC 4211 for a discussion on PoP. 068 */ 069 public static final AMR HWK = new AMR("hwk"); 070 071 072 /** 073 * Biometric authentication (RFC 4949) using an iris scan. 074 */ 075 public static final AMR IRIS = new AMR("iris"); 076 077 078 /** 079 * Retina scan biometric. 080 */ 081 @Deprecated 082 public static final AMR EYE = new AMR("eye"); 083 084 085 /** 086 * Knowledge-based authentication (NIST.800-63-2, ISO29115). 087 */ 088 public static final AMR KBA = new AMR("kba"); 089 090 091 /** 092 * Multiple-channel authentication (MCA). The authentication involves 093 * communication over more than one distinct communication channel. For 094 * instance, a multiple-channel authentication might involve both 095 * entering information into a workstation's browser and providing 096 * information on a telephone call to a pre-registered number. 097 */ 098 public static final AMR MCA = new AMR("mca"); 099 100 101 /** 102 * Multiple-factor authentication (NIST.800-63-2, ISO29115). When this 103 * is present, specific authentication methods used may also be 104 * included. 105 */ 106 public static final AMR MFA = new AMR("mfa"); 107 108 109 /** 110 * One-time password (RFC 4949). One-time password specifications that 111 * this authentication method applies to include RFC 4226 and RFC 6238. 112 */ 113 public static final AMR OTP = new AMR("otp"); 114 115 116 /** 117 * Personal Identification Number (PIN) (RFC 4949) or pattern (not 118 * restricted to containing only numbers) that a user enters to unlock 119 * a key on the device. This mechanism should have a way to deter an 120 * attacker from obtaining the PIN by trying repeated guesses. 121 */ 122 public static final AMR PIN = new AMR("pin"); 123 124 125 /** 126 * Proof-of-possession (PoP) of a key. See Appendix C of RFC 4211 for a 127 * discussion on PoP. 128 */ 129 @Deprecated 130 public static final AMR POP = new AMR("pop"); 131 132 133 /** 134 * Password-based authentication (RFC 4949). 135 */ 136 public static final AMR PWD = new AMR("pwd"); 137 138 139 /** 140 * Risk-based authentication (Williamson, G., "Enhanced Authentication 141 * In Online Banking", Journal of Economic Crime Management 4.2: 18-19, 142 * 2006). 143 */ 144 public static final AMR RBA = new AMR("rba"); 145 146 147 /** 148 * Smart card (RFC 4949). 149 */ 150 public static final AMR SC = new AMR("sc"); 151 152 153 /** 154 * Confirmation using SMS text message to the user at a registered 155 * number. 156 */ 157 public static final AMR SMS = new AMR("sms"); 158 159 160 /** 161 * Proof-of-Possession (PoP) of a software-secured key. See Appendix C 162 * of RFC 4211 for a discussion on PoP. 163 */ 164 public static final AMR SWK = new AMR("swk"); 165 166 167 /** 168 * Confirmation by telephone call to the user at a registered number. 169 * This authentication technique is sometimes also referred to as 170 * "call back" (RFC 4949). 171 */ 172 public static final AMR TEL = new AMR("tel"); 173 174 175 /** 176 * User presence test. Evidence that the end user is present and 177 * interacting with the device. This is sometimes also referred to as 178 * "test of user presence" (W3C WD-webauthn-20170216). 179 */ 180 public static final AMR USER = new AMR("user"); 181 182 183 /** 184 * Biometric authentication (RFC 4949) using a voiceprint. 185 */ 186 public static final AMR VBM = new AMR("vbm"); 187 188 189 /** 190 * Windows integrated authentication (Microsoft, "Integrated Windows 191 * Authentication with Negotiate", September 2011). 192 */ 193 public static final AMR WIA = new AMR("wia"); 194 195 196 /** 197 * Creates a new Authentication Method Reference (AMR) with the 198 * specified value. 199 * 200 * @param value The AMR value. Must not be {@code null}. 201 */ 202 public AMR(final String value) { 203 204 super(value); 205 } 206 207 208 @Override 209 public boolean equals(final Object object) { 210 211 return object instanceof AMR && 212 this.toString().equals(object.toString()); 213 } 214}