Package com.nimbusds.openid.connect.sdk

Class OIDCClaimsRequest

java.lang.Object
com.nimbusds.openid.connect.sdk.OIDCClaimsRequest
All Implemented Interfaces:
net.minidev.json.JSONAware
@Immutable public class OIDCClaimsRequest extends Object implements net.minidev.json.JSONAware
Specifies individual OpenID claims to return from the UserInfo endpoint and / or in the ID Token. Replaces the deprecated ClaimsRequest class.

Example: 

 {
   "userinfo":
    {
     "given_name": {"essential": true},
     "nickname": null,
     "email": {"essential": true},
     "email_verified": {"essential": true},
     "picture": null,
     "http://example.info/claims/groups": null
    },
   "id_token":
    {
     "auth_time": {"essential": true},
     "acr": {"values": ["urn:mace:incommon:iap:silver"] }
    }
 }

Related specifications:

  • OpenID Connect Core 1.0, section 5.5.
  • OpenID Connect for Identity Assurance 1.0.

  • Constructor Details

    • OIDCClaimsRequest

      public OIDCClaimsRequest()
      Creates a new empty OpenID claims request.

  • Method Details

    • add

      public OIDCClaimsRequest add(OIDCClaimsRequest other)
      Adds the entries from the specified other OpenID claims request.
      Parameters:
      other - The other OpenID claims request. If null no claims request entries will be added to this claims request.
      Returns:
      The updated OpenID claims request.

    • getIDTokenClaimsRequest

      public ClaimsSetRequest getIDTokenClaimsRequest()
      Returns the claims requested in the ID token.
      Returns:
      The ID token claims request, null if not specified.

    • withIDTokenClaimsRequest

      public OIDCClaimsRequest withIDTokenClaimsRequest(ClaimsSetRequest idToken)
      Sets the claims requested in the ID token.
      Parameters:
      idToken - The ID token claims request, null if not specified.
      Returns:
      The updated OpenID claims request.

    • getUserInfoClaimsRequest

      public ClaimsSetRequest getUserInfoClaimsRequest()
      Returns the claims requested at the UserInfo endpoint.
      Returns:
      The UserInfo claims request, null if not specified.

    • withUserInfoClaimsRequest

      public OIDCClaimsRequest withUserInfoClaimsRequest(ClaimsSetRequest userInfo)
      Sets the claims requested at the UserInfo endpoint.
      Parameters:
      userInfo - The UserInfo claims request, null if not specified.
      Returns:
      The updated OpenID claims request.

    • getIDTokenVerifiedClaimsRequests

      public List<VerifiedClaimsSetRequest> getIDTokenVerifiedClaimsRequests()
      Returns the list of verified claims sets requested in the ID token.
      Returns:
      The ID token verified claims request list, empty list if not specified.

    • getIDTokenVerifiedClaimsRequestList

      @Deprecated public List<VerifiedClaimsSetRequest> getIDTokenVerifiedClaimsRequestList()
      Deprecated.
      Returns the list of verified claims sets requested in the ID token.
      Returns:
      The ID token verified claims request list, empty list if not specified.

    • withIDTokenVerifiedClaimsRequests

      public OIDCClaimsRequest withIDTokenVerifiedClaimsRequests(List<VerifiedClaimsSetRequest> idTokenVerifiedList)
      Sets the list of verified claims sets requested in the ID token.
      Parameters:
      idTokenVerifiedList - One or more ID token verified claims requests, empty list if not specified.
      Returns:
      The updated OpenID claims request.

    • withIDTokenVerifiedClaimsRequestList

      @Deprecated public OIDCClaimsRequest withIDTokenVerifiedClaimsRequestList(List<VerifiedClaimsSetRequest> idTokenVerifiedList)
      Deprecated.
      Sets the list of verified claims sets requested in the ID token.
      Parameters:
      idTokenVerifiedList - One or more ID token verified claims requests, empty list if not specified.
      Returns:
      The updated OpenID claims request.

    • withIDTokenVerifiedClaimsRequest

      public OIDCClaimsRequest withIDTokenVerifiedClaimsRequest(VerifiedClaimsSetRequest idTokenVerified)
      Sets a single verified claims set requested in the ID token.
      Parameters:
      idTokenVerified - The ID token verified claims request, null if not specified.
      Returns:
      The updated OpenID claims request.

    • withIDTokenVerifiedClaimsRequest

      @Deprecated public OIDCClaimsRequest withIDTokenVerifiedClaimsRequest(VerifiedClaimsSetRequest idTokenVerified)
      Deprecated.
      Sets a single verified claims set requested in the ID token.
      Parameters:
      idTokenVerified - The ID token verified claims request, null if not specified.
      Returns:
      The updated OpenID claims request.

    • getUserInfoVerifiedClaimsRequests

      public List<VerifiedClaimsSetRequest> getUserInfoVerifiedClaimsRequests()
      Returns the list of verified claims sets requested at the UserInfo endpoint.
      Returns:
      The UserInfo verified claims request list, empty list if not specified.

    • getUserInfoVerifiedClaimsRequestList

      @Deprecated public List<VerifiedClaimsSetRequest> getUserInfoVerifiedClaimsRequestList()
      Deprecated.
      Returns the list of verified claims sets requested at the UserInfo endpoint.
      Returns:
      The UserInfo verified claims request list, empty list if not specified.

    • withUserInfoVerifiedClaimsRequests

      public OIDCClaimsRequest withUserInfoVerifiedClaimsRequests(List<VerifiedClaimsSetRequest> userInfoVerifiedList)
      Sets the list of verified claims sets requested at the UserInfo endpoint.
      Parameters:
      userInfoVerifiedList - One or more UserInfo verified claims requests, empty list if not specified.
      Returns:
      The updated OpenID claims request.

    • withUserInfoVerifiedClaimsRequestList

      @Deprecated public OIDCClaimsRequest withUserInfoVerifiedClaimsRequestList(List<VerifiedClaimsSetRequest> userInfoVerifiedList)
      Deprecated.
      Sets the list of verified claims sets requested at the UserInfo endpoint.
      Parameters:
      userInfoVerifiedList - One or more UserInfo verified claims requests, empty list if not specified.
      Returns:
      The updated OpenID claims request.

    • withUserInfoVerifiedClaimsRequest

      public OIDCClaimsRequest withUserInfoVerifiedClaimsRequest(VerifiedClaimsSetRequest userInfoVerified)
      Sets a single verified claims set requested at the UserInfo endpoint.
      Parameters:
      userInfoVerified - The UserInfo verified claims request, null if not specified.
      Returns:
      The updated OpenID claims request.

    • withUserInfoVerifiedClaimsRequest

      @Deprecated public OIDCClaimsRequest withUserInfoVerifiedClaimsRequest(VerifiedClaimsSetRequest userInfoVerified)
      Deprecated.
      Sets a single verified claims set requested at the UserInfo endpoint.
      Parameters:
      userInfoVerified - The UserInfo verified claims request, null if not specified.
      Returns:
      The updated OpenID claims request.

    • toJSONObject

      public net.minidev.json.JSONObject toJSONObject()
      Returns the JSON object representation of this OpenID claims request.

      Example: 

       {
   "userinfo":
    {
     "given_name": {"essential": true},
     "nickname": null,
     "email": {"essential": true},
     "email_verified": {"essential": true},
     "picture": null,
     "http://example.info/claims/groups": null
    },
   "id_token":
    {
     "auth_time": {"essential": true},
     "acr": {"values": ["urn:mace:incommon:iap:silver"] }
    }
 }
      Returns:
      The JSON object, empty if no ID token and UserInfo claims are specified.

    • toJSONString

      public String toJSONString()
      Specified by:
      toJSONString in interface net.minidev.json.JSONAware

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • resolve

      public static OIDCClaimsRequest resolve(ResponseType responseType, Scope scope)
      Resolves the OpenID claims request for the specified response type and scope. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
      Parameters:
      responseType - The response type. Must not be null.
      scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
      Returns:
      The OpenID claims request.

    • resolve

      public static OIDCClaimsRequest resolve(ResponseType responseType, Scope scope, Map<Scope.Value,Set<String>> customClaims)
      Resolves the OpenID claims request for the specified response type and scope. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are checked in the specified custom claims map and resolved accordingly.
      Parameters:
      responseType - The response type. Must not be null.
      scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
      customClaims - Custom scope value to set of claim names map, null if not specified.
      Returns:
      The OpenID claims request.

    • resolve

      public static OIDCClaimsRequest resolve(ResponseType responseType, Scope scope, OIDCClaimsRequest claimsRequest)
      Resolves the merged OpenID claims request from the specified OpenID authentication request parameters. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
      Parameters:
      responseType - The response type. Must not be null.
      scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
      claimsRequest - The OpenID claims request, corresponding to the optional claims OpenID authentication request parameter, null if not specified.
      Returns:
      The merged OpenID claims request.

    • resolve

      public static OIDCClaimsRequest resolve(ResponseType responseType, Scope scope, OIDCClaimsRequest claimsRequest, Map<Scope.Value,Set<String>> customClaims)
      Resolves the merged OpenID claims request from the specified OpenID authentication request parameters. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are checked in the specified custom claims map and resolved accordingly.
      Parameters:
      responseType - The response type. Must not be null.
      scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
      claimsRequest - The OpenID claims request, corresponding to the optional claims OpenID authentication request parameter, null if not specified.
      customClaims - Custom scope value to set of claim names map, null if not specified.
      Returns:
      The merged OpenID claims request.

    • resolve

      public static OIDCClaimsRequest resolve(AuthenticationRequest authRequest)
      Resolves the merged OpenID claims request for the specified OpenID authentication request. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
      Parameters:
      authRequest - The OpenID authentication request. Must not be null.
      Returns:
      The merged OpenID claims request.

    • parse

      public static OIDCClaimsRequest parse(net.minidev.json.JSONObject jsonObject) throws ParseException
      Parses an OpenID claims request from the specified JSON object representation.

      Example: 

       {
   "userinfo":
    {
     "given_name": {"essential": true},
     "nickname": null,
     "email": {"essential": true},
     "email_verified": {"essential": true},
     "picture": null,
     "http://example.info/claims/groups": null
    },
   "id_token":
    {
     "auth_time": {"essential": true},
     "acr": {"values": ["urn:mace:incommon:iap:silver"] }
    }
 }
      Parameters:
      jsonObject - The JSON object to parse. Must not be null.
      Returns:
      The OpenID claims request.
      Throws:
      ParseException - If parsing failed.

    • parse

      public static OIDCClaimsRequest parse(String json) throws ParseException
      Parses an OpenID claims request from the specified JSON object string representation.

      Example: 

       {
   "userinfo":
    {
     "given_name": {"essential": true},
     "nickname": null,
     "email": {"essential": true},
     "email_verified": {"essential": true},
     "picture": null,
     "http://example.info/claims/groups": null
    },
   "id_token":
    {
     "auth_time": {"essential": true},
     "acr": {"values": ["urn:mace:incommon:iap:silver"] }
    }
 }
      Parameters:
      json - The JSON object string to parse. Must not be null.
      Returns:
      The OpenID claims request.
      Throws:
      ParseException - If parsing failed.