Package com.nimbusds.openid.connect.sdk.op

Class OIDCProviderMetadata

java.lang.Object

com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata

com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata

com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata

All Implemented Interfaces:

ReadOnlyAuthorizationServerEndpointMetadata, ReadOnlyAuthorizationServerMetadata, ReadOnlyOIDCProviderEndpointMetadata, ReadOnlyOIDCProviderMetadata

public class OIDCProviderMetadata
extends AuthorizationServerMetadata
implements ReadOnlyOIDCProviderMetadata

OpenID Provider (OP) metadata.

Related specifications:

• OpenID Connect Discovery 1.0, section 3.
• OpenID Connect Session Management 1.0, section 2.1.
• OpenID Connect Front-Channel Logout 1.0, section 3.
• OpenID Connect Back-Channel Logout 1.0, section 2.1.
• OpenID Connect for Identity Assurance 1.0 (draft 12).
• OpenID Connect Federation 1.0 (draft 23).
• Initiating User Registration via OpenID Connect 1.0
• OAuth 2.0 Authorization Server Metadata (RFC 8414)
• OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705)
• Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
• OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)
• Financial-grade API - Part 2: Read and Write API Security Profile
• OAuth 2.0 Pushed Authorization Requests (RFC 9126)
• OAuth 2.0 Rich Authorization Requests (RFC 9396)
• OAuth 2.0 Device Authorization Grant (RFC 8628)
• OAuth 2.0 Incremental Authorization (draft-ietf-oauth-incremental-authz-04)

Constructor Summary

Constructors

Constructor	Description
OIDCProviderMetadata(Issuer issuer, List<SubjectType> subjectTypes, URI jwkSetURI)	Creates a new OpenID Connect provider metadata instance.
OIDCProviderMetadata(Issuer issuer, List<SubjectType> subjectTypes, List<ClientRegistrationType> clientRegistrationTypes, URI jwkSetURI, URI signedJWKSetURI, com.nimbusds.jose.jwk.JWKSet jwkSet)	Creates a new OpenID Connect Federation 1.0 provider metadata instance.

Method Summary

Modifier and Type	Method	Description
void	applyDefaults()	Applies the OpenID Provider metadata defaults where no values have been specified.
List<ACR>	getACRs()	Gets the supported Authentication Context Class References (ACRs).
List<HashAlgorithm>	getAttachmentDigestAlgs()	Gets the supported digest algorithms for the external evidence attachments.
List<AttachmentType>	getAttachmentTypes()	Gets the supported evidence attachment types.
URI	getCheckSessionIframeURI()	Gets the cross-origin check session iframe URI.
List<String>	getClaims()	Gets the supported claims names.
List<com.nimbusds.langtag.LangTag>	getClaimsLocales()	Gets the supported claims locales.
List<ClaimType>	getClaimTypes()	Gets the supported claim types.
List<Display>	getDisplays()	Gets the supported displays.
List<IdentityVerificationMethod>	getDocumentMethods()	Gets the supported coarse identity verification methods for evidences of type document.
List<DocumentType>	getDocumentTypes()	Gets the supported identity document types.
List<ValidationMethodType>	getDocumentValidationMethods()	Gets the supported validation methods for evidences of type document.
List<VerificationMethodType>	getDocumentVerificationMethods()	Gets the supported verification methods for evidences of type document.
List<ElectronicRecordType>	getElectronicRecordTypes()	Gets the supported electronic record types.
URI	getEndSessionEndpointURI()	Gets the logout endpoint URI.
List<IDDocumentType>	getIdentityDocumentTypes()	Deprecated.
List<IdentityEvidenceType>	getIdentityEvidenceTypes()	Gets the supported identity evidence types.
List<IdentityTrustFramework>	getIdentityTrustFrameworks()	Gets the supported identity trust frameworks.
List<IdentityVerificationMethod>	getIdentityVerificationMethods()	Deprecated.
List<com.nimbusds.jose.JWEAlgorithm>	getIDTokenJWEAlgs()	Gets the supported JWE algorithms for ID tokens.
List<com.nimbusds.jose.EncryptionMethod>	getIDTokenJWEEncs()	Gets the supported encryption methods for ID tokens.
List<com.nimbusds.jose.JWSAlgorithm>	getIDTokenJWSAlgs()	Gets the supported JWS algorithms for ID tokens.
OIDCProviderEndpointMetadata	getMtlsEndpointAliases()	Gets the aliases for communication with mutual TLS.
OIDCProviderEndpointMetadata	getReadOnlyMtlsEndpointAliases()	Gets the aliases for communication with mutual TLS.
static Set<String>	getRegisteredParameterNames()	Gets the registered OpenID Connect provider metadata parameter names.
List<SubjectType>	getSubjectTypes()	Gets the supported subject types.
URI	getUserInfoEndpointURI()	Gets the UserInfo endpoint URI.
List<com.nimbusds.jose.JWEAlgorithm>	getUserInfoJWEAlgs()	Gets the supported JWE algorithms for UserInfo JWTs.
List<com.nimbusds.jose.EncryptionMethod>	getUserInfoJWEEncs()	Gets the supported encryption methods for UserInfo JWTs.
List<com.nimbusds.jose.JWSAlgorithm>	getUserInfoJWSAlgs()	Gets the supported JWS algorithms for UserInfo JWTs.
List<String>	getVerifiedClaims()	Gets the names of the supported verified claims.
static OIDCProviderMetadata	parse(String s)	Parses an OpenID Provider metadata from the specified JSON object string.
static OIDCProviderMetadata	parse(net.minidev.json.JSONObject jsonObject)	Parses an OpenID Provider metadata from the specified JSON object.
static OIDCProviderMetadata	resolve(Issuer issuer)	Resolves OpenID Provider metadata from the specified issuer identifier.
static OIDCProviderMetadata	resolve(Issuer issuer, int connectTimeout, int readTimeout)	Resolves OpenID Provider metadata from the specified issuer identifier.
static OIDCProviderMetadata	resolve(Issuer issuer, HTTPRequestConfigurator requestConfigurator)	Resolves OpenID Provider metadata from the specified issuer identifier.
static URL	resolveURL(Issuer issuer)	Resolves OpenID Provider metadata URL from the specified issuer identifier.
void	setACRs(List<ACR> acrValues)	Sets the supported Authentication Context Class References (ACRs).
void	setAttachmentDigestAlgs(List<HashAlgorithm> digestAlgs)	Sets the supported digest algorithms for the external evidence attachments.
void	setAttachmentTypes(List<AttachmentType> attachmentTypes)	Sets the supported evidence attachment types.
void	setCheckSessionIframeURI(URI checkSessionIframe)	Sets the cross-origin check session iframe URI.
void	setClaimLocales(List<com.nimbusds.langtag.LangTag> claimsLocales)	Sets the supported claims locales.
void	setClaims(List<String> claims)	Sets the supported claims names.
void	setClaimTypes(List<ClaimType> claimTypes)	Sets the supported claim types.
void	setDisplays(List<Display> displays)	Sets the supported displays.
void	setDocumentMethods(List<IdentityVerificationMethod> methods)	Sets the supported coarse identity verification methods for evidences of type document.
void	setDocumentTypes(List<DocumentType> documentTypes)	Sets the supported identity document types.
void	setDocumentValidationMethods(List<ValidationMethodType> methods)	Sets the supported validation methods for evidences of type document.
void	setDocumentVerificationMethods(List<VerificationMethodType> methods)	Sets the supported verification methods for evidences of type document.
void	setElectronicRecordTypes(List<ElectronicRecordType> electronicRecordTypes)	Sets the supported electronic record types.
void	setEndSessionEndpointURI(URI endSessionEndpoint)	Sets the logout endpoint URI.
void	setIdentityDocumentTypes(List<IDDocumentType> idDocuments)	Deprecated. Use setDocumentTypes(java.util.List<com.nimbusds.openid.connect.sdk.assurance.evidences.DocumentType>) instead.
void	setIdentityEvidenceTypes(List<IdentityEvidenceType> evidenceTypes)	Sets the supported identity evidence types.
void	setIdentityTrustFrameworks(List<IdentityTrustFramework> trustFrameworks)	Sets the supported identity trust frameworks.
void	setIdentityVerificationMethods(List<IdentityVerificationMethod> idVerificationMethods)	Deprecated.
void	setIDTokenJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> idTokenJWEAlgs)	Sets the supported JWE algorithms for ID tokens.
void	setIDTokenJWEEncs(List<com.nimbusds.jose.EncryptionMethod> idTokenJWEEncs)	Sets the supported encryption methods for ID tokens.
void	setIDTokenJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> idTokenJWSAlgs)	Sets the supported JWS algorithms for ID tokens.
void	setMtlsEndpointAliases(AuthorizationServerEndpointMetadata mtlsEndpointAliases)	Sets the aliases for communication with mutual TLS.
void	setSupportsBackChannelLogout(boolean backChannelLogoutSupported)	Sets the support for back-channel logout.
void	setSupportsBackChannelLogoutSession(boolean backChannelLogoutSessionSupported)	Sets the support for back-channel logout with a session ID.
void	setSupportsClaimsParams(boolean claimsParamSupported)	Sets the support for the claims authorisation request parameter.
void	setSupportsFrontChannelLogout(boolean frontChannelLogoutSupported)	Sets the support for front-channel logout.
void	setSupportsFrontChannelLogoutSession(boolean frontChannelLogoutSessionSupported)	Sets the support for front-channel logout with a session ID.
void	setSupportsVerifiedClaims(boolean verifiedClaimsSupported)	Sets support for verified claims.
void	setUserInfoEndpointURI(URI userInfoEndpoint)	Sets the UserInfo endpoint URI.
void	setUserInfoJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> userInfoJWEAlgs)	Sets the supported JWE algorithms for UserInfo JWTs.
void	setUserInfoJWEEncs(List<com.nimbusds.jose.EncryptionMethod> userInfoJWEEncs)	Sets the supported encryption methods for UserInfo JWTs.
void	setUserInfoJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> userInfoJWSAlgs)	Sets the supported JWS algorithms for UserInfo JWTs.
void	setVerifiedClaims(List<String> verifiedClaims)	Sets the names of the supported verified claims.
boolean	supportsBackChannelLogout()	Gets the support for back-channel logout.
boolean	supportsBackChannelLogoutSession()	Gets the support for back-channel logout with a session ID.
boolean	supportsClaimsParam()	Gets the support for the claims authorisation request parameter.
boolean	supportsFrontChannelLogout()	Gets the support for front-channel logout.
boolean	supportsFrontChannelLogoutSession()	Gets the support for front-channel logout with a session ID.
boolean	supportsVerifiedClaims()	Gets support for verified claims.
net.minidev.json.JSONObject	toJSONObject()	Returns the JSON object representation of the metadata.

Methods inherited from class com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata

getAuthorizationDetailsTypes, getAuthorizationJWEAlgs, getAuthorizationJWEEncs, getAuthorizationJWSAlgs, getBackChannelAuthenticationRequestJWSAlgs, getBackChannelTokenDeliveryModes, getClientRegistrationAuthnJWSAlgs, getClientRegistrationAuthnMethods, getClientRegistrationTypes, getCodeChallengeMethods, getCustomParameter, getCustomParameters, getCustomURIParameter, getDPoPJWSAlgs, getFederationRegistrationEndpointURI, getGrantTypes, getIncrementalAuthorizationTypes, getIntrospectionEndpointAuthMethods, getIntrospectionEndpointJWSAlgs, getIssuer, getJWKSet, getJWKSetURI, getOrganizationName, getPolicyURI, getPromptTypes, getRequestObjectJWEAlgs, getRequestObjectJWEEncs, getRequestObjectJWSAlgs, getResponseModes, getResponseTypes, getRevocationEndpointAuthMethods, getRevocationEndpointJWSAlgs, getScopes, getServiceDocsURI, getSignedJWKSetURI, getTermsOfServiceURI, getTokenEndpointAuthMethods, getTokenEndpointJWSAlgs, getUILocales, requiresPushedAuthorizationRequests, requiresPushedAuthorizationRequests, requiresRequestURIRegistration, setAuthorizationDetailsTypes, setAuthorizationJWEAlgs, setAuthorizationJWEEncs, setAuthorizationJWSAlgs, setBackChannelAuthenticationRequestJWSAlgs, setBackChannelTokenDeliveryModes, setClientRegistrationAuthnJWSAlgs, setClientRegistrationAuthnMethods, setClientRegistrationTypes, setCodeChallengeMethods, setCustomParameter, setDPoPJWSAlgs, setFederationRegistrationEndpointURI, setGrantTypes, setIncrementalAuthorizationTypes, setIntrospectionEndpointAuthMethods, setIntrospectionEndpointJWSAlgs, setJWKSet, setJWKSetURI, setOrganizationName, setPolicyURI, setPromptTypes, setRequestObjectJWEAlgs, setRequestObjectJWEEncs, setRequestObjectJWSAlgs, setRequiresRequestURIRegistration, setResponseModes, setResponseTypes, setRevocationEndpointAuthMethods, setRevocationEndpointJWSAlgs, setScopes, setServiceDocsURI, setSignedJWKSetURI, setSupportsAuthorizationResponseIssuerParam, setSupportsBackChannelUserCodeParam, setSupportsMutualTLSSenderConstrainedAccessTokens, setSupportsRequestParam, setSupportsRequestURIParam, setSupportsTLSClientCertificateBoundAccessTokens, setTermsOfServiceURI, setTokenEndpointAuthMethods, setTokenEndpointJWSAlgs, setUILocales, supportsAuthorizationResponseIssuerParam, supportsBackChannelUserCodeParam, supportsMutualTLSSenderConstrainedAccessTokens, supportsRequestParam, supportsRequestURIParam, supportsTLSClientCertificateBoundAccessTokens

Methods inherited from class com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata

getAuthorizationEndpointURI, getBackChannelAuthenticationEndpoint, getBackChannelAuthenticationEndpointURI, getDeviceAuthorizationEndpointURI, getIntrospectionEndpointURI, getPushedAuthorizationRequestEndpointURI, getRegistrationEndpointURI, getRequestObjectEndpoint, getRevocationEndpointURI, getTokenEndpointURI, setAuthorizationEndpointURI, setBackChannelAuthenticationEndpoint, setBackChannelAuthenticationEndpointURI, setDeviceAuthorizationEndpointURI, setIntrospectionEndpointURI, setPushedAuthorizationRequestEndpointURI, setRegistrationEndpointURI, setRequestObjectEndpoint, setRevocationEndpointURI, setTokenEndpointURI, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.nimbusds.oauth2.sdk.as.ReadOnlyAuthorizationServerEndpointMetadata

getAuthorizationEndpointURI, getBackChannelAuthenticationEndpoint, getBackChannelAuthenticationEndpointURI, getDeviceAuthorizationEndpointURI, getFederationRegistrationEndpointURI, getIntrospectionEndpointURI, getPushedAuthorizationRequestEndpointURI, getRegistrationEndpointURI, getRequestObjectEndpoint, getRevocationEndpointURI, getTokenEndpointURI

Methods inherited from interface com.nimbusds.oauth2.sdk.as.ReadOnlyAuthorizationServerMetadata

getAuthorizationDetailsTypes, getAuthorizationJWEAlgs, getAuthorizationJWEEncs, getAuthorizationJWSAlgs, getBackChannelAuthenticationRequestJWSAlgs, getBackChannelTokenDeliveryModes, getClientRegistrationAuthnJWSAlgs, getClientRegistrationAuthnMethods, getClientRegistrationTypes, getCodeChallengeMethods, getCustomParameter, getCustomParameters, getCustomURIParameter, getDPoPJWSAlgs, getGrantTypes, getIncrementalAuthorizationTypes, getIntrospectionEndpointAuthMethods, getIntrospectionEndpointJWSAlgs, getIssuer, getJWKSet, getJWKSetURI, getOrganizationName, getPolicyURI, getPromptTypes, getRequestObjectJWEAlgs, getRequestObjectJWEEncs, getRequestObjectJWSAlgs, getResponseModes, getResponseTypes, getRevocationEndpointAuthMethods, getRevocationEndpointJWSAlgs, getScopes, getServiceDocsURI, getSignedJWKSetURI, getTermsOfServiceURI, getTokenEndpointAuthMethods, getTokenEndpointJWSAlgs, getUILocales, requiresPushedAuthorizationRequests, requiresRequestURIRegistration, supportsAuthorizationResponseIssuerParam, supportsBackChannelUserCodeParam, supportsMutualTLSSenderConstrainedAccessTokens, supportsRequestParam, supportsRequestURIParam, supportsTLSClientCertificateBoundAccessTokens

Constructor Details

OIDCProviderMetadata

public OIDCProviderMetadata(Issuer issuer,
 List<SubjectType> subjectTypes,
 URI jwkSetURI)

Creates a new OpenID Connect provider metadata instance.

Parameters:

issuer - The issuer identifier. Must be a URI using the https scheme with no query or fragment component. Must not be null.

subjectTypes - The supported subject types. At least one must be specified. Must not be null.

jwkSetURI - The JWK set URI. Must not be null.

OIDCProviderMetadata

public OIDCProviderMetadata(Issuer issuer,
 List<SubjectType> subjectTypes,
 List<ClientRegistrationType> clientRegistrationTypes,
 URI jwkSetURI,
 URI signedJWKSetURI,
 com.nimbusds.jose.jwk.JWKSet jwkSet)

Creates a new OpenID Connect Federation 1.0 provider metadata instance. The provider JWK set should be specified by jwks_uri, signed_jwks_uri or jwks.

Parameters:

issuer - The issuer identifier. Must be a URI using the https scheme with no query or fragment component. Must not be null.

subjectTypes - The supported subject types. At least one must be specified. Must not be null.

clientRegistrationTypes - The supported client registration types. At least one must be specified. Must not be null.

jwkSetURI - The JWK set URI, null if specified by another field.

signedJWKSetURI - The signed JWK set URI, null if specified by another field.

jwkSet - the JWK set, null if specified by another field.

Method Details

setMtlsEndpointAliases

public void setMtlsEndpointAliases(AuthorizationServerEndpointMetadata mtlsEndpointAliases)

Description copied from class: AuthorizationServerMetadata

Sets the aliases for communication with mutual TLS. Corresponds to the mtls_endpoint_aliases metadata field.

Overrides:

setMtlsEndpointAliases in class AuthorizationServerMetadata

Parameters:

mtlsEndpointAliases - The aliases for communication with mutual TLS, or null when no aliases are defined.

getReadOnlyMtlsEndpointAliases

public OIDCProviderEndpointMetadata getReadOnlyMtlsEndpointAliases()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the aliases for communication with mutual TLS. Corresponds to the mtls_endpoint_aliases metadata field.

Specified by:

getReadOnlyMtlsEndpointAliases in interface ReadOnlyAuthorizationServerMetadata

Specified by:

getReadOnlyMtlsEndpointAliases in interface ReadOnlyOIDCProviderMetadata

Overrides:

getReadOnlyMtlsEndpointAliases in class AuthorizationServerMetadata

Returns:

The aliases for communication with mutual TLS, null when no aliases are defined.

getMtlsEndpointAliases

public OIDCProviderEndpointMetadata getMtlsEndpointAliases()

Description copied from class: AuthorizationServerMetadata

Gets the aliases for communication with mutual TLS. Corresponds to the mtls_endpoint_aliases metadata field.

Overrides:

getMtlsEndpointAliases in class AuthorizationServerMetadata

Returns:

The aliases for communication with mutual TLS, null when no aliases are defined.

getRegisteredParameterNames

public static Set<String> getRegisteredParameterNames()

Gets the registered OpenID Connect provider metadata parameter names.

Returns:

The registered OpenID Connect provider metadata parameter names, as an unmodifiable set.

getUserInfoEndpointURI

public URI getUserInfoEndpointURI()

Description copied from interface: ReadOnlyOIDCProviderEndpointMetadata

Gets the UserInfo endpoint URI. Corresponds the userinfo_endpoint metadata field.

Specified by:

getUserInfoEndpointURI in interface ReadOnlyOIDCProviderEndpointMetadata

Returns:

The UserInfo endpoint URI, null if not specified.

setUserInfoEndpointURI

public void setUserInfoEndpointURI(URI userInfoEndpoint)

Sets the UserInfo endpoint URI. Corresponds the userinfo_endpoint metadata field.

Parameters:

userInfoEndpoint - The UserInfo endpoint URI, null if not specified.

getCheckSessionIframeURI

public URI getCheckSessionIframeURI()

Description copied from interface: ReadOnlyOIDCProviderEndpointMetadata

Gets the cross-origin check session iframe URI. Corresponds to the check_session_iframe metadata field.

Specified by:

getCheckSessionIframeURI in interface ReadOnlyOIDCProviderEndpointMetadata

Returns:

The check session iframe URI, null if not specified.

setCheckSessionIframeURI

public void setCheckSessionIframeURI(URI checkSessionIframe)

Sets the cross-origin check session iframe URI. Corresponds to the check_session_iframe metadata field.

Parameters:

checkSessionIframe - The check session iframe URI, null if not specified.

getEndSessionEndpointURI

public URI getEndSessionEndpointURI()

Description copied from interface: ReadOnlyOIDCProviderEndpointMetadata

Gets the logout endpoint URI. Corresponds to the end_session_endpoint metadata field.

Specified by:

getEndSessionEndpointURI in interface ReadOnlyOIDCProviderEndpointMetadata

Returns:

The logoout endpoint URI, null if not specified.

setEndSessionEndpointURI

public void setEndSessionEndpointURI(URI endSessionEndpoint)

Sets the logout endpoint URI. Corresponds to the end_session_endpoint metadata field.

Parameters:

endSessionEndpoint - The logoout endpoint URI, null if not specified.

getACRs

public List<ACR> getACRs()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported Authentication Context Class References (ACRs). Corresponds to the acr_values_supported metadata field.

Specified by:

getACRs in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported ACRs, null if not specified.

setACRs

public void setACRs(List<ACR> acrValues)

Sets the supported Authentication Context Class References (ACRs). Corresponds to the acr_values_supported metadata field.

Parameters:

acrValues - The supported ACRs, null if not specified.

getSubjectTypes

public List<SubjectType> getSubjectTypes()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported subject types. Corresponds to the subject_types_supported metadata field.

Specified by:

getSubjectTypes in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported subject types.

getIDTokenJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getIDTokenJWSAlgs()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported JWS algorithms for ID tokens. Corresponds to the id_token_signing_alg_values_supported metadata field.

Specified by:

getIDTokenJWSAlgs in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported JWS algorithms, null if not specified.

setIDTokenJWSAlgs

public void setIDTokenJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> idTokenJWSAlgs)

Sets the supported JWS algorithms for ID tokens. Corresponds to the id_token_signing_alg_values_supported metadata field.

Parameters:

idTokenJWSAlgs - The supported JWS algorithms, null if not specified.

getIDTokenJWEAlgs

public List<com.nimbusds.jose.JWEAlgorithm> getIDTokenJWEAlgs()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported JWE algorithms for ID tokens. Corresponds to the id_token_encryption_alg_values_supported metadata field.

Specified by:

getIDTokenJWEAlgs in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported JWE algorithms, null if not specified.

setIDTokenJWEAlgs

public void setIDTokenJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> idTokenJWEAlgs)

Sets the supported JWE algorithms for ID tokens. Corresponds to the id_token_encryption_alg_values_supported metadata field.

Parameters:

idTokenJWEAlgs - The supported JWE algorithms, null if not specified.

getIDTokenJWEEncs

public List<com.nimbusds.jose.EncryptionMethod> getIDTokenJWEEncs()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported encryption methods for ID tokens. Corresponds to the id_token_encryption_enc_values_supported metadata field.

Specified by:

getIDTokenJWEEncs in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported encryption methods, null if not specified.

setIDTokenJWEEncs

public void setIDTokenJWEEncs(List<com.nimbusds.jose.EncryptionMethod> idTokenJWEEncs)

Sets the supported encryption methods for ID tokens. Corresponds to the id_token_encryption_enc_values_supported metadata field.

Parameters:

idTokenJWEEncs - The supported encryption methods, null if not specified.

getUserInfoJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getUserInfoJWSAlgs()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported JWS algorithms for UserInfo JWTs. Corresponds to the userinfo_signing_alg_values_supported metadata field.

Specified by:

getUserInfoJWSAlgs in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported JWS algorithms, null if not specified.

setUserInfoJWSAlgs

public void setUserInfoJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> userInfoJWSAlgs)

Sets the supported JWS algorithms for UserInfo JWTs. Corresponds to the userinfo_signing_alg_values_supported metadata field.

Parameters:

userInfoJWSAlgs - The supported JWS algorithms, null if not specified.

getUserInfoJWEAlgs

public List<com.nimbusds.jose.JWEAlgorithm> getUserInfoJWEAlgs()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported JWE algorithms for UserInfo JWTs. Corresponds to the userinfo_encryption_alg_values_supported metadata field.

Specified by:

getUserInfoJWEAlgs in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported JWE algorithms, null if not specified.

setUserInfoJWEAlgs

public void setUserInfoJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> userInfoJWEAlgs)

Sets the supported JWE algorithms for UserInfo JWTs. Corresponds to the userinfo_encryption_alg_values_supported metadata field.

Parameters:

userInfoJWEAlgs - The supported JWE algorithms, null if not specified.

getUserInfoJWEEncs

public List<com.nimbusds.jose.EncryptionMethod> getUserInfoJWEEncs()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported encryption methods for UserInfo JWTs. Corresponds to the userinfo_encryption_enc_values_supported metadata field.

Specified by:

getUserInfoJWEEncs in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported encryption methods, null if not specified.

setUserInfoJWEEncs

public void setUserInfoJWEEncs(List<com.nimbusds.jose.EncryptionMethod> userInfoJWEEncs)

Sets the supported encryption methods for UserInfo JWTs. Corresponds to the userinfo_encryption_enc_values_supported metadata field.

Parameters:

userInfoJWEEncs - The supported encryption methods, null if not specified.

getDisplays

public List<Display> getDisplays()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported displays. Corresponds to the display_values_supported metadata field.

Specified by:

getDisplays in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported displays, null if not specified.

setDisplays

public void setDisplays(List<Display> displays)

Sets the supported displays. Corresponds to the display_values_supported metadata field.

Parameters:

displays - The supported displays, null if not specified.

getClaimTypes

public List<ClaimType> getClaimTypes()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported claim types. Corresponds to the claim_types_supported metadata field.

Specified by:

getClaimTypes in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported claim types, null if not specified.

setClaimTypes

public void setClaimTypes(List<ClaimType> claimTypes)

Sets the supported claim types. Corresponds to the claim_types_supported metadata field.

Parameters:

claimTypes - The supported claim types, null if not specified.

getClaims

public List<String> getClaims()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported claims names. Corresponds to the claims_supported metadata field.

Specified by:

getClaims in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported claims names, null if not specified.

setClaims

public void setClaims(List<String> claims)

Sets the supported claims names. Corresponds to the claims_supported metadata field.

Parameters:

claims - The supported claims names, null if not specified.

getClaimsLocales

public List<com.nimbusds.langtag.LangTag> getClaimsLocales()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported claims locales. Corresponds to the claims_locales_supported metadata field.

Specified by:

getClaimsLocales in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported claims locales, null if not specified.

setClaimLocales

public void setClaimLocales(List<com.nimbusds.langtag.LangTag> claimsLocales)

Sets the supported claims locales. Corresponds to the claims_locales_supported metadata field.

Parameters:

claimsLocales - The supported claims locales, null if not specified.

supportsClaimsParam

public boolean supportsClaimsParam()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the support for the claims authorisation request parameter. Corresponds to the claims_parameter_supported metadata field.

Specified by:

supportsClaimsParam in interface ReadOnlyOIDCProviderMetadata

Returns:

true if the claim parameter is supported, else false.

setSupportsClaimsParams

public void setSupportsClaimsParams(boolean claimsParamSupported)

Sets the support for the claims authorisation request parameter. Corresponds to the claims_parameter_supported metadata field.

Parameters:

claimsParamSupported - true if the claim parameter is supported, else false.

supportsFrontChannelLogout

public boolean supportsFrontChannelLogout()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the support for front-channel logout. Corresponds to the frontchannel_logout_supported metadata field.

Specified by:

supportsFrontChannelLogout in interface ReadOnlyOIDCProviderMetadata

Returns:

true if front-channel logout is supported, else false.

setSupportsFrontChannelLogout

public void setSupportsFrontChannelLogout(boolean frontChannelLogoutSupported)

Sets the support for front-channel logout. Corresponds to the frontchannel_logout_supported metadata field.

Parameters:

frontChannelLogoutSupported - true if front-channel logout is supported, else false.

supportsFrontChannelLogoutSession

public boolean supportsFrontChannelLogoutSession()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the support for front-channel logout with a session ID. Corresponds to the frontchannel_logout_session_supported metadata field.

Specified by:

supportsFrontChannelLogoutSession in interface ReadOnlyOIDCProviderMetadata

Returns:

true if front-channel logout with a session ID is supported, else false.

setSupportsFrontChannelLogoutSession

public void setSupportsFrontChannelLogoutSession(boolean frontChannelLogoutSessionSupported)

Sets the support for front-channel logout with a session ID. Corresponds to the frontchannel_logout_session_supported metadata field.

Parameters:

frontChannelLogoutSessionSupported - true if front-channel logout with a session ID is supported, else false.

supportsBackChannelLogout

public boolean supportsBackChannelLogout()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the support for back-channel logout. Corresponds to the backchannel_logout_supported metadata field.

Specified by:

supportsBackChannelLogout in interface ReadOnlyOIDCProviderMetadata

Returns:

true if back-channel logout is supported, else false.

setSupportsBackChannelLogout

public void setSupportsBackChannelLogout(boolean backChannelLogoutSupported)

Sets the support for back-channel logout. Corresponds to the backchannel_logout_supported metadata field.

Parameters:

backChannelLogoutSupported - true if back-channel logout is supported, else false.

supportsBackChannelLogoutSession

public boolean supportsBackChannelLogoutSession()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the support for back-channel logout with a session ID. Corresponds to the backchannel_logout_session_supported metadata field.

Specified by:

supportsBackChannelLogoutSession in interface ReadOnlyOIDCProviderMetadata

Returns:

true if back-channel logout with a session ID is supported, else false.

setSupportsBackChannelLogoutSession

public void setSupportsBackChannelLogoutSession(boolean backChannelLogoutSessionSupported)

Sets the support for back-channel logout with a session ID. Corresponds to the backchannel_logout_session_supported metadata field.

Parameters:

backChannelLogoutSessionSupported - true if back-channel logout with a session ID is supported, else false.

supportsVerifiedClaims

public boolean supportsVerifiedClaims()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets support for verified claims. Corresponds to the verified_claims_supported metadata field.

Specified by:

supportsVerifiedClaims in interface ReadOnlyOIDCProviderMetadata

Returns:

true if verified claims are supported, else false.

setSupportsVerifiedClaims

public void setSupportsVerifiedClaims(boolean verifiedClaimsSupported)

Sets support for verified claims. Corresponds to the verified_claims_supported metadata field.

Parameters:

verifiedClaimsSupported - true if verified claims are supported, else false.

getIdentityTrustFrameworks

public List<IdentityTrustFramework> getIdentityTrustFrameworks()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported identity trust frameworks. Corresponds to the trust_frameworks_supported metadata field.

Specified by:

getIdentityTrustFrameworks in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported identity trust frameworks, null if not specified.

setIdentityTrustFrameworks

public void setIdentityTrustFrameworks(List<IdentityTrustFramework> trustFrameworks)

Sets the supported identity trust frameworks. Corresponds to the trust_frameworks_supported metadata field.

Parameters:

trustFrameworks - The supported identity trust frameworks, null if not specified.

getIdentityEvidenceTypes

public List<IdentityEvidenceType> getIdentityEvidenceTypes()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported identity evidence types. Corresponds to the evidence_supported metadata field.

Specified by:

getIdentityEvidenceTypes in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported identity evidence types, null if not specified.

setIdentityEvidenceTypes

public void setIdentityEvidenceTypes(List<IdentityEvidenceType> evidenceTypes)

Sets the supported identity evidence types. Corresponds to the evidence_supported metadata field.

Parameters:

evidenceTypes - The supported identity evidence types, null if not specified.

getDocumentTypes

public List<DocumentType> getDocumentTypes()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported identity document types. Corresponds to the documents_supported metadata field.

Specified by:

getDocumentTypes in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported identity document types, null if not specified.

setDocumentTypes

public void setDocumentTypes(List<DocumentType> documentTypes)

Sets the supported identity document types. Corresponds to the documents_supported metadata field.

Parameters:

documentTypes - The supported identity document types, null if not specified.

getIdentityDocumentTypes

@Deprecated
public List<IDDocumentType> getIdentityDocumentTypes()

Deprecated.

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported identity document types. Corresponds to the id_documents_supported metadata field.

Specified by:

getIdentityDocumentTypes in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported identity documents types, null if not specified.

setIdentityDocumentTypes

@Deprecated
public void setIdentityDocumentTypes(List<IDDocumentType> idDocuments)

Deprecated.

Use setDocumentTypes(java.util.List<com.nimbusds.openid.connect.sdk.assurance.evidences.DocumentType>) instead.

Sets the supported identity document types. Corresponds to the id_documents_supported metadata field.

Parameters:

idDocuments - The supported identity document types, null if not specified.

getDocumentMethods

public List<IdentityVerificationMethod> getDocumentMethods()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported coarse identity verification methods for evidences of type document. Corresponds to the documents_methods_supported metadata field.

Specified by:

getDocumentMethods in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported identity verification methods for document evidences, null if not specified.

setDocumentMethods

public void setDocumentMethods(List<IdentityVerificationMethod> methods)

Sets the supported coarse identity verification methods for evidences of type document. Corresponds to the documents_methods_supported metadata field.

Parameters:

methods - The supported identity verification methods for document evidences, null if not specified.

getDocumentValidationMethods

public List<ValidationMethodType> getDocumentValidationMethods()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported validation methods for evidences of type document. Corresponds to the documents_validation_methods_supported metadata field.

Specified by:

getDocumentValidationMethods in interface ReadOnlyOIDCProviderMetadata

Returns:

The validation methods for document evidences, null if not specified.

setDocumentValidationMethods

public void setDocumentValidationMethods(List<ValidationMethodType> methods)

Sets the supported validation methods for evidences of type document. Corresponds to the documents_validation_methods_supported metadata field.

Parameters:

methods - The validation methods for document evidences, null if not specified.

getDocumentVerificationMethods

public List<VerificationMethodType> getDocumentVerificationMethods()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported verification methods for evidences of type document. Corresponds to the documents_verification_methods_supported metadata field.

Specified by:

getDocumentVerificationMethods in interface ReadOnlyOIDCProviderMetadata

Returns:

The verification methods for document evidences, null if not specified.

setDocumentVerificationMethods

public void setDocumentVerificationMethods(List<VerificationMethodType> methods)

Sets the supported verification methods for evidences of type document. Corresponds to the documents_verification_methods_supported metadata field.

Parameters:

methods - The verification methods for document evidences, null if not specified.

getElectronicRecordTypes

public List<ElectronicRecordType> getElectronicRecordTypes()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported electronic record types. Corresponds to the electronic_records_supported metadata field.

Specified by:

getElectronicRecordTypes in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported electronic record types, null if not specified.

setElectronicRecordTypes

public void setElectronicRecordTypes(List<ElectronicRecordType> electronicRecordTypes)

Sets the supported electronic record types. Corresponds to the electronic_records_supported metadata field.

Parameters:

electronicRecordTypes - The supported electronic record types, null if not specified.

getIdentityVerificationMethods

@Deprecated
public List<IdentityVerificationMethod> getIdentityVerificationMethods()

Deprecated.

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported identity verification methods. Corresponds to the id_documents_verification_methods_supported metadata field.

Specified by:

getIdentityVerificationMethods in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported identity verification methods, null if not specified.

setIdentityVerificationMethods

@Deprecated
public void setIdentityVerificationMethods(List<IdentityVerificationMethod> idVerificationMethods)

Deprecated.

Sets the supported identity verification methods. Corresponds to the id_documents_verification_methods_supported metadata field.

Parameters:

idVerificationMethods - The supported identity verification methods, null if not specified.

getVerifiedClaims

public List<String> getVerifiedClaims()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the names of the supported verified claims. Corresponds to the claims_in_verified_claims_supported metadata field.

Specified by:

getVerifiedClaims in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported verified claims names, null if not specified.

setVerifiedClaims

public void setVerifiedClaims(List<String> verifiedClaims)

Sets the names of the supported verified claims. Corresponds to the claims_in_verified_claims_supported metadata field.

Parameters:

verifiedClaims - The supported verified claims names, null if not specified.

getAttachmentTypes

public List<AttachmentType> getAttachmentTypes()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported evidence attachment types. Corresponds to the attachments_supported metadata field.

Specified by:

getAttachmentTypes in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported evidence attachment types, empty if attachments are not supported, null if not specified.

setAttachmentTypes

public void setAttachmentTypes(List<AttachmentType> attachmentTypes)

Sets the supported evidence attachment types. Corresponds to the attachments_supported metadata field.

Parameters:

attachmentTypes - The supported evidence attachment types, empty if attachments are not supported, null if not specified.

getAttachmentDigestAlgs

public List<HashAlgorithm> getAttachmentDigestAlgs()

Description copied from interface: ReadOnlyOIDCProviderMetadata

Gets the supported digest algorithms for the external evidence attachments. Corresponds to the digest_algorithms_supported metadata field.

Specified by:

getAttachmentDigestAlgs in interface ReadOnlyOIDCProviderMetadata

Returns:

The supported digest algorithms, null if not specified.

setAttachmentDigestAlgs

public void setAttachmentDigestAlgs(List<HashAlgorithm> digestAlgs)

Sets the supported digest algorithms for the external evidence attachments. Corresponds to the digest_algorithms_supported metadata field.

Parameters:

digestAlgs - The supported digest algorithms, null if not specified.

applyDefaults

public void applyDefaults()

Applies the OpenID Provider metadata defaults where no values have been specified.

• The response modes default to ["query", "fragment"].
• The grant types default to ["authorization_code", "implicit"].
• The token endpoint authentication methods default to ["client_secret_basic"].
• The claim types default to ["normal].

Overrides:

applyDefaults in class AuthorizationServerMetadata

toJSONObject

public net.minidev.json.JSONObject toJSONObject()

Description copied from interface: ReadOnlyAuthorizationServerEndpointMetadata

Returns the JSON object representation of the metadata.

Specified by:

toJSONObject in interface ReadOnlyAuthorizationServerEndpointMetadata

Specified by:

toJSONObject in interface ReadOnlyAuthorizationServerMetadata

Overrides:

toJSONObject in class AuthorizationServerMetadata

Returns:

The JSON object.

parse

public static OIDCProviderMetadata parse(net.minidev.json.JSONObject jsonObject)
                                  throws ParseException

Parses an OpenID Provider metadata from the specified JSON object.

Parameters:

jsonObject - The JSON object to parse. Must not be null.

Returns:

The OpenID Provider metadata.

Throws:

ParseException - If the JSON object couldn't be parsed to an OpenID Provider metadata.

parse

public static OIDCProviderMetadata parse(String s)
                                  throws ParseException

Parses an OpenID Provider metadata from the specified JSON object string.

Parameters:

s - The JSON object sting to parse. Must not be null.

Returns:

The OpenID Provider metadata.

Throws:

ParseException - If the JSON object string couldn't be parsed to an OpenID Provider metadata.

resolveURL

public static URL resolveURL(Issuer issuer)
                      throws GeneralException

Resolves OpenID Provider metadata URL from the specified issuer identifier.

Parameters:

issuer - The OpenID Provider issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

Returns:

The OpenID Provider metadata URL.

Throws:

GeneralException - If the issuer identifier is invalid.

resolve

public static OIDCProviderMetadata resolve(Issuer issuer)
                                    throws GeneralException,
IOException

Resolves OpenID Provider metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from [issuer-url]/.well-known/openid-configuration.

Parameters:

issuer - The OpenID Provider issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

Returns:

The OpenID Provider metadata.

Throws:

GeneralException - If the issuer identifier or the downloaded metadata are invalid.

IOException - On a HTTP exception.

resolve

public static OIDCProviderMetadata resolve(Issuer issuer,
 int connectTimeout,
 int readTimeout)
                                    throws GeneralException,
IOException

Resolves OpenID Provider metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from [issuer-url]/.well-known/openid-configuration, using the specified HTTP timeouts.

Parameters:

issuer - The issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

connectTimeout - The HTTP connect timeout, in milliseconds. Zero implies no timeout. Must not be negative.

readTimeout - The HTTP response read timeout, in milliseconds. Zero implies no timeout. Must not be negative.

Returns:

The OpenID Provider metadata.

Throws:

GeneralException - If the issuer identifier or the downloaded metadata are invalid.

IOException - On an HTTP exception.

resolve

public static OIDCProviderMetadata resolve(Issuer issuer,
 HTTPRequestConfigurator requestConfigurator)
                                    throws GeneralException,
IOException

Resolves OpenID Provider metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from [issuer-url]/.well-known/openid-configuration, using the specified HTTP request configurator.

Parameters:

issuer - The issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

requestConfigurator - An HTTPRequestConfigurator instance to perform additional HTTPRequest configuration to fetch the OpenID Provider metadata. Must not be null.

Returns:

The OpenID Provider metadata.

Throws:

GeneralException - If the issuer identifier or the downloaded metadata are invalid.

IOException - On an HTTP exception.