Package com.nimbusds.oauth2.sdk.auth

Class ClientAuthenticationMethod

java.lang.Object
com.nimbusds.oauth2.sdk.id.Identifier
com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod
All Implemented Interfaces:
Serializable, Comparable<Identifier>, net.minidev.json.JSONAware
@Immutable public final class ClientAuthenticationMethod extends Identifier
Client authentication method at the Token endpoint.

Constants are provided for four client authentication methods:

Use the constructor to define a custom client authentication method.

Related specifications:

  • OAuth 2.0 (RFC 6749), section 2.3.
  • OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591), section 2.
  • OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 2.
  • OpenID Connect Federation 1.0.
See Also:

  • Field Details

    • CLIENT_SECRET_BASIC

      public static final ClientAuthenticationMethod CLIENT_SECRET_BASIC
      Clients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 using HTTP Basic authentication. This is the default if no method has been registered for the client.

    • CLIENT_SECRET_POST

      public static final ClientAuthenticationMethod CLIENT_SECRET_POST
      Clients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 by including the client credentials in the request body.

    • CLIENT_SECRET_JWT

      public static final ClientAuthenticationMethod CLIENT_SECRET_JWT
      Clients that have received a client secret from the authorisation server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the value of client secret as the shared key. The client authenticates in accordance with section 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile.

    • PRIVATE_KEY_JWT

      public static final ClientAuthenticationMethod PRIVATE_KEY_JWT
      Clients that have registered a public key sign a JWT using the RSA algorithm if a RSA key was registered or the ECDSA algorithm if an Elliptic Curve key was registered (see JWA for the algorithm identifiers). The client authenticates in accordance with section 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile.

    • TLS_CLIENT_AUTH

      public static final ClientAuthenticationMethod TLS_CLIENT_AUTH
      PKI mutual TLS OAuth client authentication. See OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 2.1.

    • SELF_SIGNED_TLS_CLIENT_AUTH

      public static final ClientAuthenticationMethod SELF_SIGNED_TLS_CLIENT_AUTH
      Self-signed certificate mutual TLS OAuth client authentication. See OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 2.2.

    • REQUEST_OBJECT

      public static final ClientAuthenticationMethod REQUEST_OBJECT
      Client verification by means of a request object at the authorisation or PAR endpoints. Intended for OpenID Connect Federation 1.0 clients undertaking automatic registration. See OpenID Connect Federation 1.0.

    • NONE

      public static final ClientAuthenticationMethod NONE
      The client is a public client as defined in OAuth 2.0 and does not have a client secret.

  • Constructor Details

    • ClientAuthenticationMethod

      public ClientAuthenticationMethod(String value)
      Creates a new client authentication method with the specified value.
      Parameters:
      value - The authentication method value. Must not be null or empty string.

  • Method Details