Package com.nimbusds.oauth2.sdk.auth

Class TLSClientAuthentication

java.lang.Object
com.nimbusds.oauth2.sdk.auth.ClientAuthentication
com.nimbusds.oauth2.sdk.auth.TLSClientAuthentication
Direct Known Subclasses:
PKITLSClientAuthentication, SelfSignedTLSClientAuthentication
public abstract class TLSClientAuthentication extends ClientAuthentication
The base abstract class for mutual TLS client authentication at the Token endpoint.

  • Field Details

    • certificate

      protected final X509Certificate certificate
      The validated client X.509 certificate from the received HTTPS request, null for an outgoing HTTPS request.

  • Constructor Details

    • TLSClientAuthentication

      protected TLSClientAuthentication(ClientAuthenticationMethod method, ClientID clientID, SSLSocketFactory sslSocketFactory)
      Creates a new abstract mutual TLS client authentication. This constructor is intended for an outgoing token request.
      Parameters:
      method - The client authentication method. Must not be null.
      clientID - The client identifier. Must not be null.
      sslSocketFactory - The SSL socket factory to use for the outgoing HTTPS request and to present the client certificate(s), null to use the default one.

    • TLSClientAuthentication

      protected TLSClientAuthentication(ClientAuthenticationMethod method, ClientID clientID, X509Certificate certificate)
      Creates a new abstract mutual TLS client authentication. This constructor is intended for a received token request.
      Parameters:
      method - The client authentication method. Must not be null.
      clientID - The client identifier. Must not be null.
      certificate - The validated client X.509 certificate from the received HTTPS request. Should not be null.

  • Method Details

    • getSSLSocketFactory

      public SSLSocketFactory getSSLSocketFactory()
      Returns the SSL socket factory to use for an outgoing HTTPS request and to present the client certificate(s).
      Returns:
      The SSL socket factory, null to use the default one.

    • getClientX509Certificate

      public X509Certificate getClientX509Certificate()
      The validated client X.509 certificate from the received HTTPS request.
      Returns:
      The validated client X.509 certificate from the received HTTPS request, null for an outgoing HTTPS request.

    • getFormParameterNames

      public Set<String> getFormParameterNames()
      Description copied from class: ClientAuthentication
      Returns the name of the form parameters, if such are used by the authentication method.
      Specified by:
      getFormParameterNames in class ClientAuthentication
      Returns:
      The form parameter names, empty set if none.

    • applyTo

      public void applyTo(HTTPRequest httpRequest)
      Description copied from class: ClientAuthentication
      Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).
      Specified by:
      applyTo in class ClientAuthentication
      Parameters:
      httpRequest - The HTTP request. Must not be null.