Package com.nimbusds.openid.connect.sdk

Class AuthenticationRequest

java.lang.Object
com.nimbusds.oauth2.sdk.AbstractRequest
com.nimbusds.oauth2.sdk.AuthorizationRequest
com.nimbusds.openid.connect.sdk.AuthenticationRequest
All Implemented Interfaces:
Message, Request
@Immutable public class AuthenticationRequest extends AuthorizationRequest
OpenID Connect authentication request. Intended to authenticate an end-user and request the end-user's authorisation to release information to the client. Supports custom request parameters.

Example HTTP request (code flow): 

 https://server.example.com/op/authorize?
 response_type=code%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
 &scope=openid
 &nonce=n-0S6_WzA2Mj
 &state=af0ifjsldkj

Related specifications:

  • OpenID Connect Core 1.0, section 3.1.2.1.
  • Proof Key for Code Exchange by OAuth Public Clients (RFC 7636).
  • OAuth 2.0 Rich Authorization Requests (RFC 9396).
  • Resource Indicators for OAuth 2.0 (RFC 8707)
  • OAuth 2.0 Incremental Authorization (draft-ietf-oauth-incremental-authz-04)
  • The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR) (RFC 9101)
  • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
  • OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (RFC 9449).
  • OpenID Connect Federation 1.0, section 10.1.
  • OpenID Connect for Identity Assurance 1.0, section 8.

  • Field Details

  • Constructor Details

    • AuthenticationRequest

      public AuthenticationRequest(URI uri, ResponseType rt, Scope scope, ClientID clientID, URI redirectURI, State state, Nonce nonce)
      Creates a new minimal OpenID Connect authentication request.
      Parameters:
      uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.
      rt - The response type. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.
      scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.
      clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.
      redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null.
      state - The state. Corresponds to the state parameter. May be null.
      nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.

    • AuthenticationRequest

      @Deprecated public AuthenticationRequest(URI uri, ResponseType rt, ResponseMode rm, Scope scope, ClientID clientID, URI redirectURI, State state, Nonce nonce, Display display, Prompt prompt, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, ClaimsRequest claims, String purpose, com.nimbusds.jwt.JWT requestObject, URI requestURI, CodeChallenge codeChallenge, CodeChallengeMethod codeChallengeMethod, List<URI> resources, boolean includeGrantedScopes, Map<String,List<String>> customParams)
      Deprecated.
      Creates a new OpenID Connect authentication request with extension and custom parameters.
      Parameters:
      uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.
      rt - The response type set. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.
      rm - The response mode. Corresponds to the optional response_mode parameter. Use of this parameter is not recommended unless a non-default response mode is requested (e.g. form_post).
      scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.
      clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.
      redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null unless set by means of the optional request_object / request_uri parameter.
      state - The state. Corresponds to the recommended state parameter. null if not specified.
      nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.
      display - The requested display type. Corresponds to the optional display parameter. null if not specified.
      prompt - The requested prompt. Corresponds to the optional prompt parameter. null if not specified.
      maxAge - The required maximum authentication age, in seconds. Corresponds to the optional max_age parameter. -1 if not specified, zero implies prompt=login.
      uiLocales - The preferred languages and scripts for the user interface. Corresponds to the optional ui_locales parameter. null if not specified.
      claimsLocales - The preferred languages and scripts for claims being returned. Corresponds to the optional claims_locales parameter. null if not specified.
      idTokenHint - The ID Token hint. Corresponds to the optional id_token_hint parameter. null if not specified.
      loginHint - The login hint. Corresponds to the optional login_hint parameter. null if not specified.
      acrValues - The requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter. null if not specified.
      claims - The individual claims to be returned. Corresponds to the optional claims parameter. null if not specified.
      purpose - The transaction specific purpose, null if not specified.
      requestObject - The request object. Corresponds to the optional request parameter. Must not be specified together with a request object URI. null if not specified.
      requestURI - The request object URI. Corresponds to the optional request_uri parameter. Must not be specified together with a request object. null if not specified.
      codeChallenge - The code challenge for PKCE, null if not specified.
      codeChallengeMethod - The code challenge method for PKCE, null if not specified.
      resources - The resource URI(s), null if not specified.
      includeGrantedScopes - true to request incremental authorisation.
      customParams - Additional custom parameters, empty map or null if none.

    • AuthenticationRequest

      @Deprecated public AuthenticationRequest(URI uri, ResponseType rt, ResponseMode rm, Scope scope, ClientID clientID, URI redirectURI, State state, Nonce nonce, Display display, Prompt prompt, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, OIDCClaimsRequest claims, String purpose, com.nimbusds.jwt.JWT requestObject, URI requestURI, CodeChallenge codeChallenge, CodeChallengeMethod codeChallengeMethod, List<URI> resources, boolean includeGrantedScopes, Map<String,List<String>> customParams)
      Deprecated.
      Creates a new OpenID Connect authentication request with extension and custom parameters.
      Parameters:
      uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.
      rt - The response type set. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.
      rm - The response mode. Corresponds to the optional response_mode parameter. Use of this parameter is not recommended unless a non-default response mode is requested (e.g. form_post).
      scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.
      clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.
      redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null unless set by means of the optional request_object / request_uri parameter.
      state - The state. Corresponds to the recommended state parameter. null if not specified.
      nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.
      display - The requested display type. Corresponds to the optional display parameter. null if not specified.
      prompt - The requested prompt. Corresponds to the optional prompt parameter. null if not specified.
      maxAge - The required maximum authentication age, in seconds. Corresponds to the optional max_age parameter. -1 if not specified, zero implies prompt=login.
      uiLocales - The preferred languages and scripts for the user interface. Corresponds to the optional ui_locales parameter. null if not specified.
      claimsLocales - The preferred languages and scripts for claims being returned. Corresponds to the optional claims_locales parameter. null if not specified.
      idTokenHint - The ID Token hint. Corresponds to the optional id_token_hint parameter. null if not specified.
      loginHint - The login hint. Corresponds to the optional login_hint parameter. null if not specified.
      acrValues - The requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter. null if not specified.
      claims - The individual OpenID claims to be returned. Corresponds to the optional claims parameter. null if not specified.
      purpose - The transaction specific purpose, null if not specified.
      requestObject - The request object. Corresponds to the optional request parameter. Must not be specified together with a request object URI. null if not specified.
      requestURI - The request object URI. Corresponds to the optional request_uri parameter. Must not be specified together with a request object. null if not specified.
      codeChallenge - The code challenge for PKCE, null if not specified.
      codeChallengeMethod - The code challenge method for PKCE, null if not specified.
      resources - The resource URI(s), null if not specified.
      includeGrantedScopes - true to request incremental authorisation.
      customParams - Additional custom parameters, empty map or null if none.

    • AuthenticationRequest

      @Deprecated public AuthenticationRequest(URI uri, ResponseType rt, ResponseMode rm, Scope scope, ClientID clientID, URI redirectURI, State state, Nonce nonce, Display display, Prompt prompt, JWKThumbprintConfirmation dpopJKT, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, OIDCClaimsRequest claims, String purpose, com.nimbusds.jwt.JWT requestObject, URI requestURI, CodeChallenge codeChallenge, CodeChallengeMethod codeChallengeMethod, List<URI> resources, boolean includeGrantedScopes, Map<String,List<String>> customParams)
      Deprecated.
      Creates a new OpenID Connect authentication request with extension and custom parameters.
      Parameters:
      uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.
      rt - The response type set. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.
      rm - The response mode. Corresponds to the optional response_mode parameter. Use of this parameter is not recommended unless a non-default response mode is requested (e.g. form_post).
      scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.
      clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.
      redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null unless set by means of the optional request_object / request_uri parameter.
      state - The state. Corresponds to the recommended state parameter. null if not specified.
      nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.
      display - The requested display type. Corresponds to the optional display parameter. null if not specified.
      prompt - The requested prompt. Corresponds to the optional prompt parameter. null if not specified.
      dpopJKT - The DPoP JWK SHA-256 thumbprint, null if not specified.
      maxAge - The required maximum authentication age, in seconds. Corresponds to the optional max_age parameter. -1 if not specified, zero implies prompt=login.
      uiLocales - The preferred languages and scripts for the user interface. Corresponds to the optional ui_locales parameter. null if not specified.
      claimsLocales - The preferred languages and scripts for claims being returned. Corresponds to the optional claims_locales parameter. null if not specified.
      idTokenHint - The ID Token hint. Corresponds to the optional id_token_hint parameter. null if not specified.
      loginHint - The login hint. Corresponds to the optional login_hint parameter. null if not specified.
      acrValues - The requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter. null if not specified.
      claims - The individual OpenID claims to be returned. Corresponds to the optional claims parameter. null if not specified.
      purpose - The transaction specific purpose, null if not specified.
      requestObject - The request object. Corresponds to the optional request parameter. Must not be specified together with a request object URI. null if not specified.
      requestURI - The request object URI. Corresponds to the optional request_uri parameter. Must not be specified together with a request object. null if not specified.
      codeChallenge - The code challenge for PKCE, null if not specified.
      codeChallengeMethod - The code challenge method for PKCE, null if not specified.
      resources - The resource URI(s), null if not specified.
      includeGrantedScopes - true to request incremental authorisation.
      customParams - Additional custom parameters, empty map or null if none.

    • AuthenticationRequest

      @Deprecated public AuthenticationRequest(URI uri, ResponseType rt, ResponseMode rm, Scope scope, ClientID clientID, URI redirectURI, State state, Nonce nonce, Display display, Prompt prompt, JWKThumbprintConfirmation dpopJKT, TrustChain trustChain, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, OIDCClaimsRequest claims, String purpose, com.nimbusds.jwt.JWT requestObject, URI requestURI, CodeChallenge codeChallenge, CodeChallengeMethod codeChallengeMethod, List<URI> resources, boolean includeGrantedScopes, Map<String,List<String>> customParams)
      Deprecated.
      Creates a new OpenID Connect authentication request with extension and custom parameters.
      Parameters:
      uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.
      rt - The response type set. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.
      rm - The response mode. Corresponds to the optional response_mode parameter. Use of this parameter is not recommended unless a non-default response mode is requested (e.g. form_post).
      scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.
      clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.
      redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null unless set by means of the optional request_object / request_uri parameter.
      state - The state. Corresponds to the recommended state parameter. null if not specified.
      nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.
      display - The requested display type. Corresponds to the optional display parameter. null if not specified.
      prompt - The requested prompt. Corresponds to the optional prompt parameter. null if not specified.
      dpopJKT - The DPoP JWK SHA-256 thumbprint, null if not specified.
      trustChain - The OpenID Connect Federation 1.0 trust chain, null if not specified.
      maxAge - The required maximum authentication age, in seconds. Corresponds to the optional max_age parameter. -1 if not specified, zero implies prompt=login.
      uiLocales - The preferred languages and scripts for the user interface. Corresponds to the optional ui_locales parameter. null if not specified.
      claimsLocales - The preferred languages and scripts for claims being returned. Corresponds to the optional claims_locales parameter. null if not specified.
      idTokenHint - The ID Token hint. Corresponds to the optional id_token_hint parameter. null if not specified.
      loginHint - The login hint. Corresponds to the optional login_hint parameter. null if not specified.
      acrValues - The requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter. null if not specified.
      claims - The individual OpenID claims to be returned. Corresponds to the optional claims parameter. null if not specified.
      purpose - The transaction specific purpose, null if not specified.
      requestObject - The request object. Corresponds to the optional request parameter. Must not be specified together with a request object URI. null if not specified.
      requestURI - The request object URI. Corresponds to the optional request_uri parameter. Must not be specified together with a request object. null if not specified.
      codeChallenge - The code challenge for PKCE, null if not specified.
      codeChallengeMethod - The code challenge method for PKCE, null if not specified.
      resources - The resource URI(s), null if not specified.
      includeGrantedScopes - true to request incremental authorisation.
      customParams - Additional custom parameters, empty map or null if none.

    • AuthenticationRequest

      public AuthenticationRequest(URI uri, ResponseType rt, ResponseMode rm, Scope scope, ClientID clientID, URI redirectURI, State state, Nonce nonce, Display display, Prompt prompt, JWKThumbprintConfirmation dpopJKT, TrustChain trustChain, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, OIDCClaimsRequest claims, String purpose, com.nimbusds.jwt.JWT requestObject, URI requestURI, CodeChallenge codeChallenge, CodeChallengeMethod codeChallengeMethod, List<AuthorizationDetail> authorizationDetails, List<URI> resources, boolean includeGrantedScopes, Map<String,List<String>> customParams)
      Creates a new OpenID Connect authentication request with extension and custom parameters.
      Parameters:
      uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.
      rt - The response type set. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.
      rm - The response mode. Corresponds to the optional response_mode parameter. Use of this parameter is not recommended unless a non-default response mode is requested (e.g. form_post).
      scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.
      clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.
      redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null unless set by means of the optional request_object / request_uri parameter.
      state - The state. Corresponds to the recommended state parameter. null if not specified.
      nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.
      display - The requested display type. Corresponds to the optional display parameter. null if not specified.
      prompt - The requested prompt. Corresponds to the optional prompt parameter. null if not specified.
      dpopJKT - The DPoP JWK SHA-256 thumbprint, null if not specified.
      trustChain - The OpenID Connect Federation 1.0 trust chain, null if not specified.
      maxAge - The required maximum authentication age, in seconds. Corresponds to the optional max_age parameter. -1 if not specified, zero implies prompt=login.
      uiLocales - The preferred languages and scripts for the user interface. Corresponds to the optional ui_locales parameter. null if not specified.
      claimsLocales - The preferred languages and scripts for claims being returned. Corresponds to the optional claims_locales parameter. null if not specified.
      idTokenHint - The ID Token hint. Corresponds to the optional id_token_hint parameter. null if not specified.
      loginHint - The login hint. Corresponds to the optional login_hint parameter. null if not specified.
      acrValues - The requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter. null if not specified.
      claims - The individual OpenID claims to be returned. Corresponds to the optional claims parameter. null if not specified.
      purpose - The transaction specific purpose, null if not specified.
      requestObject - The request object. Corresponds to the optional request parameter. Must not be specified together with a request object URI. null if not specified.
      requestURI - The request object URI. Corresponds to the optional request_uri parameter. Must not be specified together with a request object. null if not specified.
      codeChallenge - The code challenge for PKCE, null if not specified.
      codeChallengeMethod - The code challenge method for PKCE, null if not specified.
      authorizationDetails - The authorisation details, null if not specified.
      resources - The resource URI(s), null if not specified.
      includeGrantedScopes - true to request incremental authorisation.
      customParams - Additional custom parameters, empty map or null if none.

  • Method Details

    • getRegisteredParameterNames

      public static Set<String> getRegisteredParameterNames()
      Returns the registered (standard) OpenID Connect authentication request parameter names.
      Returns:
      The registered OpenID Connect authentication request parameter names, as a unmodifiable set.

    • getNonce

      public Nonce getNonce()
      Returns the nonce. Corresponds to the conditionally optional nonce parameter.
      Returns:
      The nonce, null if not specified.

    • getDisplay

      public Display getDisplay()
      Returns the requested display type. Corresponds to the optional display parameter.
      Returns:
      The requested display type, null if not specified.

    • getMaxAge

      public int getMaxAge()
      Returns the required maximum authentication age. Corresponds to the optional max_age parameter.
      Returns:
      The maximum authentication age, in seconds; -1 if not specified, zero implies prompt=login.

    • getUILocales

      public List<com.nimbusds.langtag.LangTag> getUILocales()
      Returns the end-user's preferred languages and scripts for the user interface, ordered by preference. Corresponds to the optional ui_locales parameter.
      Returns:
      The preferred UI locales, null if not specified.

    • getClaimsLocales

      public List<com.nimbusds.langtag.LangTag> getClaimsLocales()
      Returns the end-user's preferred languages and scripts for the claims being returned, ordered by preference. Corresponds to the optional claims_locales parameter.
      Returns:
      The preferred claims locales, null if not specified.

    • getIDTokenHint

      public com.nimbusds.jwt.JWT getIDTokenHint()
      Returns the ID Token hint. Corresponds to the conditionally optional id_token_hint parameter.
      Returns:
      The ID Token hint, null if not specified.

    • getLoginHint

      public String getLoginHint()
      Returns the login hint. Corresponds to the optional login_hint parameter.
      Returns:
      The login hint, null if not specified.

    • getACRValues

      public List<ACR> getACRValues()
      Returns the requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter.
      Returns:
      The requested ACR values, null if not specified.

    • getClaims

      @Deprecated public ClaimsRequest getClaims()
      Deprecated.
      Returns the individual claims to be returned. Corresponds to the optional claims parameter.
      Returns:
      The individual claims to be returned, null if not specified.
      See Also:

    • getOIDCClaims

      public OIDCClaimsRequest getOIDCClaims()
      Returns the individual OpenID claims to be returned. Corresponds to the optional claims parameter.
      Returns:
      The individual claims to be returned, null if not specified.

    • getPurpose

      public String getPurpose()
      Returns the transaction specific purpose. Corresponds to the optional purpose parameter.
      Returns:
      The purpose, null if not specified.

    • toParameters

      public Map<String,List<String>> toParameters()
      Description copied from class: AuthorizationRequest
      Returns the URI query parameters for this authorisation request. Query parameters which are part of the authorisation endpoint are not included.

      Example parameters: 

       response_type = code
 client_id     = s6BhdRkqt3
 state         = xyz
 redirect_uri  = https://client.example.com/cb
      Overrides:
      toParameters in class AuthorizationRequest
      Returns:
      The parameters.

    • toJWTClaimsSet

      public com.nimbusds.jwt.JWTClaimsSet toJWTClaimsSet()
      Description copied from class: AuthorizationRequest
      Returns the parameters for this authorisation request as a JSON Web Token (JWT) claims set. Intended for creating a request object.
      Overrides:
      toJWTClaimsSet in class AuthorizationRequest
      Returns:
      The parameters as JWT claim set.

    • parse

      public static AuthenticationRequest parse(Map<String,List<String>> params) throws ParseException
      Parses an OpenID Connect authentication request from the specified URI query parameters.

      Example parameters: 

       response_type = token id_token
 client_id     = s6BhdRkqt3
 redirect_uri  = https://client.example.com/cb
 scope         = openid profile
 state         = af0ifjsldkj
 nonce         = -0S6_WzA2Mj
      Parameters:
      params - The parameters. Must not be null.
      Returns:
      The OpenID Connect authentication request.
      Throws:
      ParseException - If the parameters couldn't be parsed to an OpenID Connect authentication request.

    • parse

      public static AuthenticationRequest parse(URI uri, Map<String,List<String>> params) throws ParseException
      Parses an OpenID Connect authentication request from the specified URI and query parameters.

      Example parameters: 

       response_type = token id_token
 client_id     = s6BhdRkqt3
 redirect_uri  = https://client.example.com/cb
 scope         = openid profile
 state         = af0ifjsldkj
 nonce         = -0S6_WzA2Mj
      Parameters:
      uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.
      params - The parameters. Must not be null.
      Returns:
      The OpenID Connect authentication request.
      Throws:
      ParseException - If the parameters couldn't be parsed to an OpenID Connect authentication request.

    • parse

      public static AuthenticationRequest parse(String query) throws ParseException
      Parses an OpenID Connect authentication request from the specified URI query string.

      Example URI query string: 

       response_type=token%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb
 &scope=openid%20profile
 &state=af0ifjsldkj
 &nonce=n-0S6_WzA2Mj
      Parameters:
      query - The URI query string. Must not be null.
      Returns:
      The OpenID Connect authentication request.
      Throws:
      ParseException - If the query string couldn't be parsed to an OpenID Connect authentication request.

    • parse

      public static AuthenticationRequest parse(URI uri, String query) throws ParseException
      Parses an OpenID Connect authentication request from the specified URI query string.

      Example URI query string: 

       response_type=token%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb
 &scope=openid%20profile
 &state=af0ifjsldkj
 &nonce=n-0S6_WzA2Mj
      Parameters:
      uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.
      query - The URI query string. Must not be null.
      Returns:
      The OpenID Connect authentication request.
      Throws:
      ParseException - If the query string couldn't be parsed to an OpenID Connect authentication request.

    • parse

      public static AuthenticationRequest parse(URI uri) throws ParseException
      Parses an OpenID Connect authentication request from the specified URI.

      Example URI: 

       https://server.example.com/authorize?
 response_type=token%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb
 &scope=openid%20profile
 &state=af0ifjsldkj
 &nonce=n-0S6_WzA2Mj
      Parameters:
      uri - The URI. Must not be null.
      Returns:
      The OpenID Connect authentication request.
      Throws:
      ParseException - If the query string couldn't be parsed to an OpenID Connect authentication request.

    • parse

      public static AuthenticationRequest parse(HTTPRequest httpRequest) throws ParseException
      Parses an authentication request from the specified HTTP GET or HTTP POST request.

      Example HTTP request (GET): 

       https://server.example.com/op/authorize?
 response_type=code%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb
 &scope=openid
 &nonce=n-0S6_WzA2Mj
 &state=af0ifjsldkj
      Parameters:
      httpRequest - The HTTP request. Must not be null.
      Returns:
      The OpenID Connect authentication request.
      Throws:
      ParseException - If the HTTP request couldn't be parsed to an OpenID Connect authentication request.