001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2021, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.util.List; 022 023import com.nimbusds.jose.EncryptionMethod; 024import com.nimbusds.jose.JWEAlgorithm; 025import com.nimbusds.jose.JWSAlgorithm; 026import com.nimbusds.langtag.LangTag; 027import com.nimbusds.oauth2.sdk.as.ReadOnlyAuthorizationServerMetadata; 028import com.nimbusds.openid.connect.sdk.Display; 029import com.nimbusds.openid.connect.sdk.SubjectType; 030import com.nimbusds.openid.connect.sdk.assurance.IdentityTrustFramework; 031import com.nimbusds.openid.connect.sdk.assurance.evidences.*; 032import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.AttachmentType; 033import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.HashAlgorithm; 034import com.nimbusds.openid.connect.sdk.claims.ACR; 035import com.nimbusds.openid.connect.sdk.claims.ClaimType; 036 037 038/** 039 * Read-only OpenID Provider (OP) metadata. 040 * 041 * <p>Related specifications: 042 * 043 * <ul> 044 * <li>OpenID Connect Discovery 1.0, section 3 045 * <li>OpenID Connect Session Management 1.0, section 2.1 (draft 28) 046 * <li>OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02) 047 * <li>OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 07) 048 * <li>OpenID Connect for Identity Assurance 1.0 (draft 12) 049 * <li>OpenID Connect Federation 1.0 (draft 22) 050 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 051 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 052 * Access Tokens (RFC 8705) 053 * <li>Financial-grade API: JWT Secured Authorization Response Mode for 054 * OAuth 2.0 (JARM) 055 * <li>OAuth 2.0 Authorization Server Issuer Identification (RFC 9207) 056 * </ul> 057 */ 058public interface ReadOnlyOIDCProviderMetadata extends ReadOnlyAuthorizationServerMetadata, ReadOnlyOIDCProviderEndpointMetadata { 059 060 061 @Override 062 ReadOnlyOIDCProviderEndpointMetadata getReadOnlyMtlsEndpointAliases(); 063 064 065 /** 066 * Gets the supported Authentication Context Class References (ACRs). 067 * Corresponds to the {@code acr_values_supported} metadata field. 068 * 069 * @return The supported ACRs, {@code null} if not specified. 070 */ 071 List<ACR> getACRs(); 072 073 074 /** 075 * Gets the supported subject types. Corresponds to the 076 * {@code subject_types_supported} metadata field. 077 * 078 * @return The supported subject types. 079 */ 080 List<SubjectType> getSubjectTypes(); 081 082 083 /** 084 * Gets the supported JWS algorithms for ID tokens. Corresponds to the 085 * {@code id_token_signing_alg_values_supported} metadata field. 086 * 087 * @return The supported JWS algorithms, {@code null} if not specified. 088 */ 089 List<JWSAlgorithm> getIDTokenJWSAlgs(); 090 091 092 /** 093 * Gets the supported JWE algorithms for ID tokens. Corresponds to the 094 * {@code id_token_encryption_alg_values_supported} metadata field. 095 * 096 * @return The supported JWE algorithms, {@code null} if not specified. 097 */ 098 List<JWEAlgorithm> getIDTokenJWEAlgs(); 099 100 101 /** 102 * Gets the supported encryption methods for ID tokens. Corresponds to 103 * the {@code id_token_encryption_enc_values_supported} metadata field. 104 * 105 * @return The supported encryption methods, {@code null} if not 106 * specified. 107 */ 108 List<EncryptionMethod> getIDTokenJWEEncs(); 109 110 111 /** 112 * Gets the supported JWS algorithms for UserInfo JWTs. Corresponds to 113 * the {@code userinfo_signing_alg_values_supported} metadata field. 114 * 115 * @return The supported JWS algorithms, {@code null} if not specified. 116 */ 117 List<JWSAlgorithm> getUserInfoJWSAlgs(); 118 119 120 /** 121 * Gets the supported JWE algorithms for UserInfo JWTs. Corresponds to 122 * the {@code userinfo_encryption_alg_values_supported} metadata field. 123 * 124 * @return The supported JWE algorithms, {@code null} if not specified. 125 */ 126 List<JWEAlgorithm> getUserInfoJWEAlgs(); 127 128 129 /** 130 * Gets the supported encryption methods for UserInfo JWTs. Corresponds 131 * to the {@code userinfo_encryption_enc_values_supported} metadata 132 * field. 133 * 134 * @return The supported encryption methods, {@code null} if not 135 * specified. 136 */ 137 List<EncryptionMethod> getUserInfoJWEEncs(); 138 139 140 /** 141 * Gets the supported displays. Corresponds to the 142 * {@code display_values_supported} metadata field. 143 * 144 * @return The supported displays, {@code null} if not specified. 145 */ 146 List<Display> getDisplays(); 147 148 149 /** 150 * Gets the supported claim types. Corresponds to the 151 * {@code claim_types_supported} metadata field. 152 * 153 * @return The supported claim types, {@code null} if not specified. 154 */ 155 List<ClaimType> getClaimTypes(); 156 157 158 /** 159 * Gets the supported claims names. Corresponds to the 160 * {@code claims_supported} metadata field. 161 * 162 * @return The supported claims names, {@code null} if not specified. 163 */ 164 List<String> getClaims(); 165 166 167 /** 168 * Gets the supported claims locales. Corresponds to the 169 * {@code claims_locales_supported} metadata field. 170 * 171 * @return The supported claims locales, {@code null} if not specified. 172 */ 173 List<LangTag> getClaimsLocales(); 174 175 176 /** 177 * Gets the support for the {@code claims} authorisation request 178 * parameter. Corresponds to the {@code claims_parameter_supported} 179 * metadata field. 180 * 181 * @return {@code true} if the {@code claim} parameter is supported, 182 * else {@code false}. 183 */ 184 boolean supportsClaimsParam(); 185 186 187 /** 188 * Gets the support for front-channel logout. Corresponds to the 189 * {@code frontchannel_logout_supported} metadata field. 190 * 191 * @return {@code true} if front-channel logout is supported, else 192 * {@code false}. 193 */ 194 boolean supportsFrontChannelLogout(); 195 196 197 /** 198 * Gets the support for front-channel logout with a session ID. 199 * Corresponds to the {@code frontchannel_logout_session_supported} 200 * metadata field. 201 * 202 * @return {@code true} if front-channel logout with a session ID is 203 * supported, else {@code false}. 204 */ 205 boolean supportsFrontChannelLogoutSession(); 206 207 208 /** 209 * Gets the support for back-channel logout. Corresponds to the 210 * {@code backchannel_logout_supported} metadata field. 211 * 212 * @return {@code true} if back-channel logout is supported, else 213 * {@code false}. 214 */ 215 boolean supportsBackChannelLogout(); 216 217 218 /** 219 * Gets the support for back-channel logout with a session ID. 220 * Corresponds to the {@code backchannel_logout_session_supported} 221 * metadata field. 222 * 223 * @return {@code true} if back-channel logout with a session ID is 224 * supported, else {@code false}. 225 */ 226 boolean supportsBackChannelLogoutSession(); 227 228 229 /** 230 * Gets support for verified claims. Corresponds to the 231 * {@code verified_claims_supported} metadata field. 232 * 233 * @return {@code true} if verified claims are supported, else 234 * {@code false}. 235 */ 236 boolean supportsVerifiedClaims(); 237 238 239 /** 240 * Gets the supported identity trust frameworks. Corresponds to the 241 * {@code trust_frameworks_supported} metadata field. 242 * 243 * @return The supported identity trust frameworks, {@code null} if not 244 * specified. 245 */ 246 List<IdentityTrustFramework> getIdentityTrustFrameworks(); 247 248 249 /** 250 * Gets the supported identity evidence types. Corresponds to the 251 * {@code evidence_supported} metadata field. 252 * 253 * @return The supported identity evidence types, {@code null} if not 254 * specified. 255 */ 256 List<IdentityEvidenceType> getIdentityEvidenceTypes(); 257 258 259 /** 260 * Gets the supported identity document types. Corresponds to the 261 * {@code documents_supported} metadata field. 262 * 263 * @return The supported identity document types, {@code null} if not 264 * specified. 265 */ 266 List<DocumentType> getDocumentTypes(); 267 268 269 /** 270 * Gets the supported identity document types. Corresponds to the 271 * {@code id_documents_supported} metadata field. 272 * 273 * @return The supported identity documents types, {@code null} if not 274 * specified. 275 * @deprecated Use {@link #getDocumentTypes} instead. 276 */ 277 @Deprecated 278 List<IDDocumentType> getIdentityDocumentTypes(); 279 280 281 /** 282 * Gets the supported coarse identity verification methods for 283 * evidences of type document. Corresponds to the 284 * {@code documents_methods_supported} metadata field. 285 * 286 * @return The supported identity verification methods for document 287 * evidences, {@code null} if not specified. 288 */ 289 List<IdentityVerificationMethod> getDocumentMethods(); 290 291 292 /** 293 * Gets the supported validation methods for evidences of type 294 * document. Corresponds to the 295 * {@code documents_validation_methods_supported} metadata field. 296 * 297 * @return The validation methods for document evidences, {@code null} 298 * if not specified. 299 */ 300 List<ValidationMethodType> getDocumentValidationMethods(); 301 302 303 /** 304 * Gets the supported verification methods for evidences of type 305 * document. Corresponds to the 306 * {@code documents_verification_methods_supported} metadata field. 307 * 308 * @return The verification methods for document evidences, {@code null} 309 * if not specified. 310 */ 311 List<VerificationMethodType> getDocumentVerificationMethods(); 312 313 314 /** 315 * Gets the supported electronic record types. Corresponds to the 316 * {@code electronic_records_supported} metadata field. 317 * 318 * @return The supported electronic record types, {@code null} if not 319 * specified. 320 */ 321 List<ElectronicRecordType> getElectronicRecordTypes(); 322 323 324 /** 325 * Gets the supported identity verification methods. Corresponds to the 326 * {@code id_documents_verification_methods_supported} metadata field. 327 * 328 * @return The supported identity verification methods, {@code null} if 329 * not specified. 330 */ 331 @Deprecated 332 List<IdentityVerificationMethod> getIdentityVerificationMethods(); 333 334 335 /** 336 * Gets the names of the supported verified claims. Corresponds to the 337 * {@code claims_in_verified_claims_supported} metadata field. 338 * 339 * @return The supported verified claims names, {@code null} if not 340 * specified. 341 */ 342 List<String> getVerifiedClaims(); 343 344 345 /** 346 * Gets the supported evidence attachment types. Corresponds to the 347 * {@code attachments_supported} metadata field. 348 * 349 * @return The supported evidence attachment types, empty if 350 * attachments are not supported, {@code null} if not 351 * specified. 352 */ 353 List<AttachmentType> getAttachmentTypes(); 354 355 356 /** 357 * Gets the supported digest algorithms for the external evidence 358 * attachments. Corresponds to the {@code digest_algorithms_supported} 359 * metadata field. 360 * 361 * @return The supported digest algorithms, {@code null} if not 362 * specified. 363 */ 364 List<HashAlgorithm> getAttachmentDigestAlgs(); 365}