001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.as; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 030import com.nimbusds.oauth2.sdk.util.OrderedJSONObject; 031 032 033/** 034 * OAuth 2.0 Authorisation Server (AS) endpoint metadata. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (RFC 8705) 042 * <li>OAuth 2.0 Pushed Authorization Requests (RFC 9126) 043 * <li>OAuth 2.0 Device Authorization Grant (RFC 8628) 044 * <li>OpenID Connect Client Initiated Backchannel Authentication Flow - 045 * Core 1.0 046 * <li>OpenID Connect Federation 1.0 (draft 22). 047 * </ul> 048 */ 049public class AuthorizationServerEndpointMetadata implements ReadOnlyAuthorizationServerEndpointMetadata { 050 051 /** 052 * The registered parameter names. 053 */ 054 private static final Set<String> REGISTERED_PARAMETER_NAMES; 055 056 057 static { 058 Set<String> p = new HashSet<>(); 059 p.add("authorization_endpoint"); 060 p.add("token_endpoint"); 061 p.add("registration_endpoint"); 062 p.add("introspection_endpoint"); 063 p.add("revocation_endpoint"); 064 p.add("request_object_endpoint"); 065 p.add("pushed_authorization_request_endpoint"); 066 p.add("device_authorization_endpoint"); 067 p.add("backchannel_authentication_endpoint"); 068 p.add("federation_registration_endpoint"); 069 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 070 } 071 072 073 /** 074 * Gets the registered provider metadata parameter names for endpoints. 075 * 076 * @return The registered provider metadata parameter names for 077 * endpoints, as an unmodifiable set. 078 */ 079 public static Set<String> getRegisteredParameterNames() { 080 081 return REGISTERED_PARAMETER_NAMES; 082 } 083 084 085 /** 086 * The authorisation endpoint. 087 */ 088 private URI authzEndpoint; 089 090 091 /** 092 * The token endpoint. 093 */ 094 private URI tokenEndpoint; 095 096 097 /** 098 * The registration endpoint. 099 */ 100 private URI regEndpoint; 101 102 103 /** 104 * The token introspection endpoint. 105 */ 106 private URI introspectionEndpoint; 107 108 109 /** 110 * The token revocation endpoint. 111 */ 112 private URI revocationEndpoint; 113 114 115 /** 116 * The request object endpoint. 117 */ 118 private URI requestObjectEndpoint; 119 120 121 /** 122 * The pushed request object endpoint. 123 */ 124 private URI parEndpoint; 125 126 127 /** 128 * The device authorization endpoint. 129 */ 130 private URI deviceAuthzEndpoint; 131 132 133 /** 134 * The back-channel authentication endpoint. 135 */ 136 private URI backChannelAuthEndpoint; 137 138 139 /** 140 * The federation registration endpoint. 141 */ 142 private URI federationRegistrationEndpoint; 143 144 145 /** 146 * Creates a new OAuth 2.0 Authorisation Server (AS) endpoint metadata 147 * instance. 148 */ 149 public AuthorizationServerEndpointMetadata() { 150 } 151 152 153 @Override 154 public URI getAuthorizationEndpointURI() { 155 return authzEndpoint; 156 } 157 158 159 /** 160 * Sets the authorisation endpoint URI. Corresponds the 161 * {@code authorization_endpoint} metadata field. 162 * 163 * @param authzEndpoint The authorisation endpoint URI, {@code null} if 164 * not specified. 165 */ 166 public void setAuthorizationEndpointURI(final URI authzEndpoint) { 167 this.authzEndpoint = authzEndpoint; 168 } 169 170 171 @Override 172 public URI getTokenEndpointURI() { 173 return tokenEndpoint; 174 } 175 176 177 /** 178 * Sts the token endpoint URI. Corresponds the {@code token_endpoint} 179 * metadata field. 180 * 181 * @param tokenEndpoint The token endpoint URI, {@code null} if not 182 * specified. 183 */ 184 public void setTokenEndpointURI(final URI tokenEndpoint) { 185 this.tokenEndpoint = tokenEndpoint; 186 } 187 188 189 @Override 190 public URI getRegistrationEndpointURI() { 191 return regEndpoint; 192 } 193 194 195 /** 196 * Sets the client registration endpoint URI. Corresponds to the 197 * {@code registration_endpoint} metadata field. 198 * 199 * @param regEndpoint The client registration endpoint URI, 200 * {@code null} if not specified. 201 */ 202 public void setRegistrationEndpointURI(final URI regEndpoint) { 203 this.regEndpoint = regEndpoint; 204 } 205 206 207 @Override 208 public URI getIntrospectionEndpointURI() { 209 return introspectionEndpoint; 210 } 211 212 213 /** 214 * Sets the token introspection endpoint URI. Corresponds to the 215 * {@code introspection_endpoint} metadata field. 216 * 217 * @param introspectionEndpoint The token introspection endpoint URI, 218 * {@code null} if not specified. 219 */ 220 public void setIntrospectionEndpointURI(final URI introspectionEndpoint) { 221 this.introspectionEndpoint = introspectionEndpoint; 222 } 223 224 225 @Override 226 public URI getRevocationEndpointURI() { 227 return revocationEndpoint; 228 } 229 230 231 /** 232 * Sets the token revocation endpoint URI. Corresponds to the 233 * {@code revocation_endpoint} metadata field. 234 * 235 * @param revocationEndpoint The token revocation endpoint URI, 236 * {@code null} if not specified. 237 */ 238 public void setRevocationEndpointURI(final URI revocationEndpoint) { 239 this.revocationEndpoint = revocationEndpoint; 240 } 241 242 243 @Override 244 @Deprecated 245 public URI getRequestObjectEndpoint() { 246 return requestObjectEndpoint; 247 } 248 249 250 /** 251 * Sets the request object endpoint. Corresponds to the 252 * {@code request_object_endpoint} metadata field. 253 * 254 * @param requestObjectEndpoint The request object endpoint, 255 * {@code null} if not specified. 256 */ 257 @Deprecated 258 public void setRequestObjectEndpoint(final URI requestObjectEndpoint) { 259 this.requestObjectEndpoint = requestObjectEndpoint; 260 } 261 262 263 @Override 264 public URI getPushedAuthorizationRequestEndpointURI() { 265 return parEndpoint; 266 } 267 268 269 /** 270 * Gets the pushed authorisation request endpoint. Corresponds to the 271 * {@code pushed_authorization_request_endpoint} metadata field. 272 * 273 * @param parEndpoint The pushed authorisation request endpoint, 274 * {@code null} if not specified. 275 */ 276 public void setPushedAuthorizationRequestEndpointURI(final URI parEndpoint) { 277 this.parEndpoint = parEndpoint; 278 } 279 280 281 @Override 282 public URI getDeviceAuthorizationEndpointURI() { 283 return deviceAuthzEndpoint; 284 } 285 286 287 /** 288 * Sets the device authorization endpoint URI. Corresponds the 289 * {@code device_authorization_endpoint} metadata field. 290 * 291 * @param deviceAuthzEndpoint The device authorization endpoint URI, 292 * {@code null} if not specified. 293 */ 294 public void setDeviceAuthorizationEndpointURI(final URI deviceAuthzEndpoint) { 295 this.deviceAuthzEndpoint = deviceAuthzEndpoint; 296 } 297 298 299 @Override 300 public URI getBackChannelAuthenticationEndpointURI() { 301 return backChannelAuthEndpoint; 302 } 303 304 305 @Deprecated 306 @Override 307 public URI getBackChannelAuthenticationEndpoint() { 308 return getBackChannelAuthenticationEndpointURI(); 309 } 310 311 312 /** 313 * Sets the back-channel authentication endpoint URI. Corresponds the 314 * {@code backchannel_authentication_endpoint} metadata field. 315 * 316 * @param backChannelAuthEndpoint The back-channel authentication e 317 * endpoint URI, {@code null} if not 318 * specified. 319 */ 320 public void setBackChannelAuthenticationEndpointURI(final URI backChannelAuthEndpoint) { 321 this.backChannelAuthEndpoint = backChannelAuthEndpoint; 322 } 323 324 325 /** 326 * Sets the back-channel authentication endpoint URI. Corresponds the 327 * {@code backchannel_authentication_endpoint} metadata field. 328 * 329 * @deprecated Use {@link #setBackChannelAuthenticationEndpointURI} 330 * instead. 331 * 332 * @param backChannelAuthEndpoint The back-channel authentication e 333 * endpoint URI, {@code null} if not 334 * specified. 335 */ 336 @Deprecated 337 public void setBackChannelAuthenticationEndpoint(final URI backChannelAuthEndpoint) { 338 setBackChannelAuthenticationEndpointURI(backChannelAuthEndpoint); 339 } 340 341 342 @Override 343 public URI getFederationRegistrationEndpointURI() { 344 return federationRegistrationEndpoint; 345 } 346 347 348 /** 349 * Sets the federation registration endpoint URI. Corresponds to the 350 * {@code federation_registration_endpoint} metadata field. 351 * 352 * @param federationRegistrationEndpoint The federation registration 353 * endpoint URI, {@code null} if 354 * not specified. 355 */ 356 public void setFederationRegistrationEndpointURI(final URI federationRegistrationEndpoint) { 357 this.federationRegistrationEndpoint = federationRegistrationEndpoint; 358 } 359 360 361 @Override 362 public JSONObject toJSONObject() { 363 364 JSONObject o = new OrderedJSONObject(); 365 366 if (getAuthorizationEndpointURI() != null) 367 o.put("authorization_endpoint", getAuthorizationEndpointURI().toString()); 368 369 if (getTokenEndpointURI() != null) 370 o.put("token_endpoint", getTokenEndpointURI().toString()); 371 372 if (getRegistrationEndpointURI() != null) 373 o.put("registration_endpoint", getRegistrationEndpointURI().toString()); 374 375 if (getIntrospectionEndpointURI() != null) 376 o.put("introspection_endpoint", getIntrospectionEndpointURI().toString()); 377 378 if (getRevocationEndpointURI() != null) 379 o.put("revocation_endpoint", getRevocationEndpointURI().toString()); 380 381 if (getRequestObjectEndpoint() != null) 382 o.put("request_object_endpoint", getRequestObjectEndpoint().toString()); 383 384 if (getPushedAuthorizationRequestEndpointURI() != null) 385 o.put("pushed_authorization_request_endpoint", getPushedAuthorizationRequestEndpointURI().toString()); 386 387 if (getDeviceAuthorizationEndpointURI() != null) 388 o.put("device_authorization_endpoint", getDeviceAuthorizationEndpointURI().toString()); 389 390 if (getBackChannelAuthenticationEndpointURI() != null) 391 o.put("backchannel_authentication_endpoint", getBackChannelAuthenticationEndpointURI().toString()); 392 393 if (getFederationRegistrationEndpointURI() != null) 394 o.put("federation_registration_endpoint", getFederationRegistrationEndpointURI().toString()); 395 396 return o; 397 } 398 399 400 @Override 401 public String toString() { 402 return toJSONObject().toJSONString(); 403 } 404 405 406 /** 407 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 408 * JSON object. 409 * 410 * @param jsonObject The JSON object to parse. Must not be 411 * {@code null}. 412 * 413 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 414 * 415 * @throws ParseException If the JSON object couldn't be parsed to an 416 * OAuth 2.0 Authorisation Server endpoint metadata. 417 */ 418 public static AuthorizationServerEndpointMetadata parse(final JSONObject jsonObject) 419 throws ParseException { 420 421 AuthorizationServerEndpointMetadata as = new AuthorizationServerEndpointMetadata(); 422 as.authzEndpoint = JSONObjectUtils.getURI(jsonObject, "authorization_endpoint", null); 423 as.tokenEndpoint = JSONObjectUtils.getURI(jsonObject, "token_endpoint", null); 424 as.regEndpoint = JSONObjectUtils.getURI(jsonObject, "registration_endpoint", null); 425 as.introspectionEndpoint = JSONObjectUtils.getURI(jsonObject, "introspection_endpoint", null); 426 as.revocationEndpoint = JSONObjectUtils.getURI(jsonObject, "revocation_endpoint", null); 427 as.requestObjectEndpoint = JSONObjectUtils.getURI(jsonObject, "request_object_endpoint", null); 428 as.parEndpoint = JSONObjectUtils.getURI(jsonObject, "pushed_authorization_request_endpoint", null); 429 as.deviceAuthzEndpoint = JSONObjectUtils.getURI(jsonObject, "device_authorization_endpoint", null); 430 as.backChannelAuthEndpoint = JSONObjectUtils.getURI(jsonObject, "backchannel_authentication_endpoint", null); 431 as.federationRegistrationEndpoint = JSONObjectUtils.getURI(jsonObject, "federation_registration_endpoint", null); 432 return as; 433 } 434}