Package com.nimbusds.oauth2.sdk.as

Interface ReadOnlyAuthorizationServerMetadata

All Superinterfaces:
ReadOnlyAuthorizationServerEndpointMetadata
All Known Subinterfaces:
ReadOnlyOIDCProviderMetadata
All Known Implementing Classes:
AuthorizationServerMetadata, OIDCProviderMetadata
public interface ReadOnlyAuthorizationServerMetadata extends ReadOnlyAuthorizationServerEndpointMetadata
Read-only OAuth 2.0 Authorisation Server (AS) metadata.

Related specifications:

  • OAuth 2.0 Authorization Server Metadata (RFC 8414)
  • OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705)
  • OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (RFC 9449)
  • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
  • OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)
  • Financial-grade API - Part 2: Read and Write API Security Profile
  • OAuth 2.0 Pushed Authorization Requests (RFC 9126)
  • OAuth 2.0 Rich Authorization Requests (RFC 9396)
  • OAuth 2.0 Device Authorization Grant (RFC 8628)
  • OpenID Connect Client Initiated Backchannel Authentication Flow - Core 1.0
  • OAuth 2.0 Incremental Authorization (draft-ietf-oauth-incremental-authz-04)
  • Initiating User Registration via OpenID Connect 1.0
  • OpenID Connect Federation 1.0 (draft 22)

  • Method Details

    • getIssuer

      Issuer getIssuer()
      Gets the issuer identifier. Corresponds to the issuer metadata field.
      Returns:
      The issuer identifier.

    • getJWKSetURI

      URI getJWKSetURI()
      Gets the JSON Web Key (JWK) set URI. Corresponds to the jwks_uri metadata field.
      Returns:
      The JWK set URI, null if not specified.

    • getScopes

      Scope getScopes()
      Gets the supported scope values. Corresponds to the scopes_supported metadata field.
      Returns:
      The supported scope values, null if not specified.

    • getResponseTypes

      List<ResponseType> getResponseTypes()
      Gets the supported response type values. Corresponds to the response_types_supported metadata field.
      Returns:
      The supported response type values, null if not specified.

    • getResponseModes

      List<ResponseMode> getResponseModes()
      Gets the supported response mode values. Corresponds to the response_modes_supported.
      Returns:
      The supported response mode values, null if not specified.

    • getGrantTypes

      List<GrantType> getGrantTypes()
      Gets the supported OAuth 2.0 grant types. Corresponds to the grant_types_supported metadata field.
      Returns:
      The supported grant types, null if not specified.

    • getCodeChallengeMethods

      List<CodeChallengeMethod> getCodeChallengeMethods()
      Gets the supported authorisation code challenge methods for PKCE. Corresponds to the code_challenge_methods_supported metadata field.
      Returns:
      The supported code challenge methods, null if not specified.

    • getTokenEndpointAuthMethods

      List<ClientAuthenticationMethod> getTokenEndpointAuthMethods()
      Gets the supported token endpoint authentication methods. Corresponds to the token_endpoint_auth_methods_supported metadata field.
      Returns:
      The supported token endpoint authentication methods, null if not specified.

    • getTokenEndpointJWSAlgs

      List<com.nimbusds.jose.JWSAlgorithm> getTokenEndpointJWSAlgs()
      Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt token endpoint authentication methods. Corresponds to the token_endpoint_auth_signing_alg_values_supported metadata field.
      Returns:
      The supported JWS algorithms, null if not specified.

    • getIntrospectionEndpointAuthMethods

      List<ClientAuthenticationMethod> getIntrospectionEndpointAuthMethods()
      Gets the supported introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_methods_supported metadata field.
      Returns:
      The supported introspection endpoint authentication methods, null if not specified.

    • getIntrospectionEndpointJWSAlgs

      List<com.nimbusds.jose.JWSAlgorithm> getIntrospectionEndpointJWSAlgs()
      Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_signing_alg_values_supported metadata field.
      Returns:
      The supported JWS algorithms, null if not specified.

    • getRevocationEndpointAuthMethods

      List<ClientAuthenticationMethod> getRevocationEndpointAuthMethods()
      Gets the supported revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_methods_supported metadata field.
      Returns:
      The supported revocation endpoint authentication methods, null if not specified.

    • getRevocationEndpointJWSAlgs

      List<com.nimbusds.jose.JWSAlgorithm> getRevocationEndpointJWSAlgs()
      Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_signing_alg_values_supported metadata field.
      Returns:
      The supported JWS algorithms, null if not specified.

    • getRequestObjectJWSAlgs

      List<com.nimbusds.jose.JWSAlgorithm> getRequestObjectJWSAlgs()
      Gets the supported JWS algorithms for request objects. Corresponds to the request_object_signing_alg_values_supported metadata field.
      Returns:
      The supported JWS algorithms, null if not specified.

    • getRequestObjectJWEAlgs

      List<com.nimbusds.jose.JWEAlgorithm> getRequestObjectJWEAlgs()
      Gets the supported JWE algorithms for request objects. Corresponds to the request_object_encryption_alg_values_supported metadata field.
      Returns:
      The supported JWE algorithms, null if not specified.

    • getRequestObjectJWEEncs

      List<com.nimbusds.jose.EncryptionMethod> getRequestObjectJWEEncs()
      Gets the supported encryption methods for request objects. Corresponds to the request_object_encryption_enc_values_supported metadata field.
      Returns:
      The supported encryption methods, null if not specified.

    • supportsRequestParam

      boolean supportsRequestParam()
      Gets the support for the request authorisation request parameter. Corresponds to the request_parameter_supported metadata field.
      Returns:
      true if the reqeust parameter is supported, else false.

    • supportsRequestURIParam

      boolean supportsRequestURIParam()
      Gets the support for the request_uri authorisation request parameter. Corresponds to the request_uri_parameter_supported metadata field.
      Returns:
      true if the request_uri parameter is supported, else false.

    • requiresRequestURIRegistration

      boolean requiresRequestURIRegistration()
      Gets the requirement for the request_uri parameter pre-registration. Corresponds to the require_request_uri_registration metadata field.
      Returns:
      true if the request_uri parameter values must be pre-registered, else false.

    • supportsAuthorizationResponseIssuerParam

      boolean supportsAuthorizationResponseIssuerParam()
      Gets the support for the iss authorisation response parameter. Corresponds to the authorization_response_iss_parameter_supported metadata field.
      Returns:
      true if the iss authorisation response parameter is provided, else false.

    • getUILocales

      List<com.nimbusds.langtag.LangTag> getUILocales()
      Gets the supported UI locales. Corresponds to the ui_locales_supported metadata field.
      Returns:
      The supported UI locales, null if not specified.

    • getServiceDocsURI

      URI getServiceDocsURI()
      Gets the service documentation URI. Corresponds to the service_documentation metadata field.
      Returns:
      The service documentation URI, null if not specified.

    • getPolicyURI

      URI getPolicyURI()
      Gets the provider's policy regarding relying party use of data. Corresponds to the op_policy_uri metadata field.
      Returns:
      The policy URI, null if not specified.

    • getTermsOfServiceURI

      URI getTermsOfServiceURI()
      Gets the provider's terms of service. Corresponds to the op_tos_uri metadata field.
      Returns:
      The terms of service URI, null if not specified.

    • getReadOnlyMtlsEndpointAliases

      ReadOnlyAuthorizationServerEndpointMetadata getReadOnlyMtlsEndpointAliases()
      Gets the aliases for communication with mutual TLS. Corresponds to the mtls_endpoint_aliases metadata field.
      Returns:
      The aliases for communication with mutual TLS, null when no aliases are defined.

    • supportsTLSClientCertificateBoundAccessTokens

      boolean supportsTLSClientCertificateBoundAccessTokens()
      Gets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.
      Returns:
      true if TLS client certificate bound access tokens are supported, else false.

    • supportsMutualTLSSenderConstrainedAccessTokens

      @Deprecated boolean supportsMutualTLSSenderConstrainedAccessTokens()
      Deprecated.
      Gets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.
      Returns:
      true if TLS client certificate bound access tokens are supported, else false.

    • getDPoPJWSAlgs

      List<com.nimbusds.jose.JWSAlgorithm> getDPoPJWSAlgs()
      Gets the supported JWS algorithms for Demonstrating Proof-of-Possession at the Application Layer (DPoP). Corresponds to the "dpop_signing_alg_values_supported" metadata field.
      Returns:
      The supported JWS algorithms for DPoP, null if none.

    • getAuthorizationJWSAlgs

      List<com.nimbusds.jose.JWSAlgorithm> getAuthorizationJWSAlgs()
      Gets the supported JWS algorithms for JWT-encoded authorisation responses. Corresponds to the authorization_signing_alg_values_supported metadata field.
      Returns:
      The supported JWS algorithms, null if not specified.

    • getAuthorizationJWEAlgs

      List<com.nimbusds.jose.JWEAlgorithm> getAuthorizationJWEAlgs()
      Gets the supported JWE algorithms for JWT-encoded authorisation responses. Corresponds to the authorization_encryption_alg_values_supported metadata field.
      Returns:
      The supported JWE algorithms, null if not specified.

    • getAuthorizationJWEEncs

      List<com.nimbusds.jose.EncryptionMethod> getAuthorizationJWEEncs()
      Gets the supported encryption methods for JWT-encoded authorisation responses. Corresponds to the authorization_encryption_enc_values_supported metadata field.
      Returns:
      The supported encryption methods, null if not specified.

    • requiresPushedAuthorizationRequests

      boolean requiresPushedAuthorizationRequests()
      Gets the requirement for pushed authorisation requests (PAR). Corresponds to the pushed_authorization_request_endpoint metadata field.
      Returns:
      true if PAR is required, else false.

    • getAuthorizationDetailsTypes

      List<AuthorizationType> getAuthorizationDetailsTypes()
      Gets the supported authorisation details types for Rich Authorisation Requests (RAR). Corresponds to the authorization_details_types_supported metadata field.
      Returns:
      The supported authorisation types, null if not specified.

    • getIncrementalAuthorizationTypes

      List<ClientType> getIncrementalAuthorizationTypes()
      Gets the supported OAuth 2.0 client types for incremental authorisation. Corresponds to the incremental_authz_types_supported metadata field.
      Returns:
      The supported client types for incremental authorisation, null if not specified.

    • getBackChannelTokenDeliveryModes

      List<BackChannelTokenDeliveryMode> getBackChannelTokenDeliveryModes()
      Gets the supported CIBA token delivery modes. Corresponds to the backchannel_token_delivery_modes_supported metadata field.
      Returns:
      The CIBA token delivery modes, null if not specified.

    • getBackChannelAuthenticationRequestJWSAlgs

      List<com.nimbusds.jose.JWSAlgorithm> getBackChannelAuthenticationRequestJWSAlgs()
      Gets the supported JWS algorithms for CIBA requests. Corresponds to the backchannel_authentication_request_signing_alg_values_supported metadata field.
      Returns:
      The supported JWS algorithms, null if not specified.

    • supportsBackChannelUserCodeParam

      boolean supportsBackChannelUserCodeParam()
      Gets the support for the user_code CIBA request parameter. Corresponds to the backchannel_user_code_parameter_supported metadata field.
      Returns:
      true if the user_code parameter is supported, else false.

    • getPromptTypes

      List<Prompt.Type> getPromptTypes()
      Gets the supported prompt types. Corresponds to the prompt_values_supported metadata field.
      Returns:
      The supported prompt types, null if not specified.

    • getOrganizationName

      String getOrganizationName()
      Gets the organisation name (OpenID Connect Federation 1.0). Corresponds to the organization_name metadata field.
      Returns:
      The organisation name, null if not specified.

    • getJWKSet

      com.nimbusds.jose.jwk.JWKSet getJWKSet()
      Gets the JWK set (OpenID Connect Federation 1.0). Corresponds to the jwks metadata field.
      Returns:
      The JWK set, null if not specified.

    • getSignedJWKSetURI

      URI getSignedJWKSetURI()
      Gets the signed JWK set URI (OpenID Connect Federation 1.0). Corresponds to the signed_jwks_uri metadata field.
      Returns:
      The signed JWK set URI, null if not specified.

    • getClientRegistrationTypes

      List<ClientRegistrationType> getClientRegistrationTypes()
      Gets the supported OpenID Connect Federation 1.0 client registration types. Corresponds to the client_registration_types_supported metadata field.
      Returns:
      The supported client registration types, null if not specified.

    • getClientRegistrationAuthnMethods

      Map<EndpointName,List<ClientAuthenticationMethod>> getClientRegistrationAuthnMethods()
      Gets the supported request authentication methods for automatic OpenID Connect Federation 1.0 client registration. Corresponds to the request_authentication_methods_supported field.
      Returns:
      The supported request authentication methods for automatic federation client registration, null if not specified.

    • getClientRegistrationAuthnJWSAlgs

      List<com.nimbusds.jose.JWSAlgorithm> getClientRegistrationAuthnJWSAlgs()
      Gets the supported JWS algorithms for authenticating automatic OpenID Connect Federation 1.0 client registration requests. Corresponds to the request_authentication_signing_alg_values_supported.
      Returns:
      The supported JWS algorithms, null if not specified.

    • getCustomParameter

      Object getCustomParameter(String name)
      Gets the specified custom (not registered) parameter.
      Parameters:
      name - The parameter name. Must not be null.
      Returns:
      The parameter value, null if not specified.

    • getCustomURIParameter

      URI getCustomURIParameter(String name)
      Gets the specified custom (not registered) URI parameter.
      Parameters:
      name - The parameter name. Must not be null.
      Returns:
      The parameter URI value, null if not specified.

    • getCustomParameters

      net.minidev.json.JSONObject getCustomParameters()
      Gets the custom (not registered) parameters.
      Returns:
      The custom parameters, empty JSON object if none.

    • toJSONObject

      net.minidev.json.JSONObject toJSONObject()
      Returns the JSON object representation of the metadata.
      Specified by:
      toJSONObject in interface ReadOnlyAuthorizationServerEndpointMetadata
      Returns:
      The JSON object representation.