001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2021, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.util.List; 022 023import com.nimbusds.jose.EncryptionMethod; 024import com.nimbusds.jose.JWEAlgorithm; 025import com.nimbusds.jose.JWSAlgorithm; 026import com.nimbusds.langtag.LangTag; 027import com.nimbusds.oauth2.sdk.as.ReadOnlyAuthorizationServerMetadata; 028import com.nimbusds.openid.connect.sdk.Display; 029import com.nimbusds.openid.connect.sdk.SubjectType; 030import com.nimbusds.openid.connect.sdk.assurance.IdentityTrustFramework; 031import com.nimbusds.openid.connect.sdk.assurance.evidences.*; 032import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.AttachmentType; 033import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.HashAlgorithm; 034import com.nimbusds.openid.connect.sdk.claims.ACR; 035import com.nimbusds.openid.connect.sdk.claims.ClaimType; 036 037 038/** 039 * Read-only OpenID Provider (OP) metadata. 040 * 041 * <p>Related specifications: 042 * 043 * <ul> 044 * <li>OpenID Connect Discovery 1.0, section 3 045 * <li>OpenID Connect Session Management 1.0, section 2.1 (draft 28) 046 * <li>OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02) 047 * <li>OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 07) 048 * <li>OpenID Connect for Identity Assurance 1.0 (draft 12) 049 * <li>OpenID Connect Federation 1.0 (draft 22) 050 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 051 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 052 * Access Tokens (RFC 8705) 053 * <li>Financial-grade API: JWT Secured Authorization Response Mode for 054 * OAuth 2.0 (JARM) 055 * <li>OAuth 2.0 Authorization Server Issuer Identification (RFC 9207) 056 * <li>OAuth 2.0 Rich Authorization Requests (RFC 9396) 057 * </ul> 058 */ 059public interface ReadOnlyOIDCProviderMetadata extends ReadOnlyAuthorizationServerMetadata, ReadOnlyOIDCProviderEndpointMetadata { 060 061 062 @Override 063 ReadOnlyOIDCProviderEndpointMetadata getReadOnlyMtlsEndpointAliases(); 064 065 066 /** 067 * Gets the supported Authentication Context Class References (ACRs). 068 * Corresponds to the {@code acr_values_supported} metadata field. 069 * 070 * @return The supported ACRs, {@code null} if not specified. 071 */ 072 List<ACR> getACRs(); 073 074 075 /** 076 * Gets the supported subject types. Corresponds to the 077 * {@code subject_types_supported} metadata field. 078 * 079 * @return The supported subject types. 080 */ 081 List<SubjectType> getSubjectTypes(); 082 083 084 /** 085 * Gets the supported JWS algorithms for ID tokens. Corresponds to the 086 * {@code id_token_signing_alg_values_supported} metadata field. 087 * 088 * @return The supported JWS algorithms, {@code null} if not specified. 089 */ 090 List<JWSAlgorithm> getIDTokenJWSAlgs(); 091 092 093 /** 094 * Gets the supported JWE algorithms for ID tokens. Corresponds to the 095 * {@code id_token_encryption_alg_values_supported} metadata field. 096 * 097 * @return The supported JWE algorithms, {@code null} if not specified. 098 */ 099 List<JWEAlgorithm> getIDTokenJWEAlgs(); 100 101 102 /** 103 * Gets the supported encryption methods for ID tokens. Corresponds to 104 * the {@code id_token_encryption_enc_values_supported} metadata field. 105 * 106 * @return The supported encryption methods, {@code null} if not 107 * specified. 108 */ 109 List<EncryptionMethod> getIDTokenJWEEncs(); 110 111 112 /** 113 * Gets the supported JWS algorithms for UserInfo JWTs. Corresponds to 114 * the {@code userinfo_signing_alg_values_supported} metadata field. 115 * 116 * @return The supported JWS algorithms, {@code null} if not specified. 117 */ 118 List<JWSAlgorithm> getUserInfoJWSAlgs(); 119 120 121 /** 122 * Gets the supported JWE algorithms for UserInfo JWTs. Corresponds to 123 * the {@code userinfo_encryption_alg_values_supported} metadata field. 124 * 125 * @return The supported JWE algorithms, {@code null} if not specified. 126 */ 127 List<JWEAlgorithm> getUserInfoJWEAlgs(); 128 129 130 /** 131 * Gets the supported encryption methods for UserInfo JWTs. Corresponds 132 * to the {@code userinfo_encryption_enc_values_supported} metadata 133 * field. 134 * 135 * @return The supported encryption methods, {@code null} if not 136 * specified. 137 */ 138 List<EncryptionMethod> getUserInfoJWEEncs(); 139 140 141 /** 142 * Gets the supported displays. Corresponds to the 143 * {@code display_values_supported} metadata field. 144 * 145 * @return The supported displays, {@code null} if not specified. 146 */ 147 List<Display> getDisplays(); 148 149 150 /** 151 * Gets the supported claim types. Corresponds to the 152 * {@code claim_types_supported} metadata field. 153 * 154 * @return The supported claim types, {@code null} if not specified. 155 */ 156 List<ClaimType> getClaimTypes(); 157 158 159 /** 160 * Gets the supported claims names. Corresponds to the 161 * {@code claims_supported} metadata field. 162 * 163 * @return The supported claims names, {@code null} if not specified. 164 */ 165 List<String> getClaims(); 166 167 168 /** 169 * Gets the supported claims locales. Corresponds to the 170 * {@code claims_locales_supported} metadata field. 171 * 172 * @return The supported claims locales, {@code null} if not specified. 173 */ 174 List<LangTag> getClaimsLocales(); 175 176 177 /** 178 * Gets the support for the {@code claims} authorisation request 179 * parameter. Corresponds to the {@code claims_parameter_supported} 180 * metadata field. 181 * 182 * @return {@code true} if the {@code claim} parameter is supported, 183 * else {@code false}. 184 */ 185 boolean supportsClaimsParam(); 186 187 188 /** 189 * Gets the support for front-channel logout. Corresponds to the 190 * {@code frontchannel_logout_supported} metadata field. 191 * 192 * @return {@code true} if front-channel logout is supported, else 193 * {@code false}. 194 */ 195 boolean supportsFrontChannelLogout(); 196 197 198 /** 199 * Gets the support for front-channel logout with a session ID. 200 * Corresponds to the {@code frontchannel_logout_session_supported} 201 * metadata field. 202 * 203 * @return {@code true} if front-channel logout with a session ID is 204 * supported, else {@code false}. 205 */ 206 boolean supportsFrontChannelLogoutSession(); 207 208 209 /** 210 * Gets the support for back-channel logout. Corresponds to the 211 * {@code backchannel_logout_supported} metadata field. 212 * 213 * @return {@code true} if back-channel logout is supported, else 214 * {@code false}. 215 */ 216 boolean supportsBackChannelLogout(); 217 218 219 /** 220 * Gets the support for back-channel logout with a session ID. 221 * Corresponds to the {@code backchannel_logout_session_supported} 222 * metadata field. 223 * 224 * @return {@code true} if back-channel logout with a session ID is 225 * supported, else {@code false}. 226 */ 227 boolean supportsBackChannelLogoutSession(); 228 229 230 /** 231 * Gets support for verified claims. Corresponds to the 232 * {@code verified_claims_supported} metadata field. 233 * 234 * @return {@code true} if verified claims are supported, else 235 * {@code false}. 236 */ 237 boolean supportsVerifiedClaims(); 238 239 240 /** 241 * Gets the supported identity trust frameworks. Corresponds to the 242 * {@code trust_frameworks_supported} metadata field. 243 * 244 * @return The supported identity trust frameworks, {@code null} if not 245 * specified. 246 */ 247 List<IdentityTrustFramework> getIdentityTrustFrameworks(); 248 249 250 /** 251 * Gets the supported identity evidence types. Corresponds to the 252 * {@code evidence_supported} metadata field. 253 * 254 * @return The supported identity evidence types, {@code null} if not 255 * specified. 256 */ 257 List<IdentityEvidenceType> getIdentityEvidenceTypes(); 258 259 260 /** 261 * Gets the supported identity document types. Corresponds to the 262 * {@code documents_supported} metadata field. 263 * 264 * @return The supported identity document types, {@code null} if not 265 * specified. 266 */ 267 List<DocumentType> getDocumentTypes(); 268 269 270 /** 271 * Gets the supported identity document types. Corresponds to the 272 * {@code id_documents_supported} metadata field. 273 * 274 * @return The supported identity documents types, {@code null} if not 275 * specified. 276 * @deprecated Use {@link #getDocumentTypes} instead. 277 */ 278 @Deprecated 279 List<IDDocumentType> getIdentityDocumentTypes(); 280 281 282 /** 283 * Gets the supported coarse identity verification methods for 284 * evidences of type document. Corresponds to the 285 * {@code documents_methods_supported} metadata field. 286 * 287 * @return The supported identity verification methods for document 288 * evidences, {@code null} if not specified. 289 */ 290 List<IdentityVerificationMethod> getDocumentMethods(); 291 292 293 /** 294 * Gets the supported validation methods for evidences of type 295 * document. Corresponds to the 296 * {@code documents_validation_methods_supported} metadata field. 297 * 298 * @return The validation methods for document evidences, {@code null} 299 * if not specified. 300 */ 301 List<ValidationMethodType> getDocumentValidationMethods(); 302 303 304 /** 305 * Gets the supported verification methods for evidences of type 306 * document. Corresponds to the 307 * {@code documents_verification_methods_supported} metadata field. 308 * 309 * @return The verification methods for document evidences, {@code null} 310 * if not specified. 311 */ 312 List<VerificationMethodType> getDocumentVerificationMethods(); 313 314 315 /** 316 * Gets the supported electronic record types. Corresponds to the 317 * {@code electronic_records_supported} metadata field. 318 * 319 * @return The supported electronic record types, {@code null} if not 320 * specified. 321 */ 322 List<ElectronicRecordType> getElectronicRecordTypes(); 323 324 325 /** 326 * Gets the supported identity verification methods. Corresponds to the 327 * {@code id_documents_verification_methods_supported} metadata field. 328 * 329 * @return The supported identity verification methods, {@code null} if 330 * not specified. 331 */ 332 @Deprecated 333 List<IdentityVerificationMethod> getIdentityVerificationMethods(); 334 335 336 /** 337 * Gets the names of the supported verified claims. Corresponds to the 338 * {@code claims_in_verified_claims_supported} metadata field. 339 * 340 * @return The supported verified claims names, {@code null} if not 341 * specified. 342 */ 343 List<String> getVerifiedClaims(); 344 345 346 /** 347 * Gets the supported evidence attachment types. Corresponds to the 348 * {@code attachments_supported} metadata field. 349 * 350 * @return The supported evidence attachment types, empty if 351 * attachments are not supported, {@code null} if not 352 * specified. 353 */ 354 List<AttachmentType> getAttachmentTypes(); 355 356 357 /** 358 * Gets the supported digest algorithms for the external evidence 359 * attachments. Corresponds to the {@code digest_algorithms_supported} 360 * metadata field. 361 * 362 * @return The supported digest algorithms, {@code null} if not 363 * specified. 364 */ 365 List<HashAlgorithm> getAttachmentDigestAlgs(); 366}