001/*
002 * oauth2-oidc-sdk
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.openid.connect.sdk.claims;
019
020
021import net.jcip.annotations.Immutable;
022
023import com.nimbusds.oauth2.sdk.id.Identifier;
024
025
026/**
027 * Authentication Method Reference ({@code amr}). It identifies the method
028 * used in authentication.
029 *
030 * <p>The AMR is represented by a string or an URI string.
031 *
032 * <p>Related specifications:
033 *
034 * <ul>
035 *     <li>RFC 8176.
036 *     <li>OpenID Connect Core 1.0, section 2.
037 * </ul>
038 */
039@Immutable
040public final class AMR extends Identifier {
041        
042        
043        private static final long serialVersionUID = -6833651441441953910L;
044        
045        
046        /**
047         * Biometric authentication (RFC 4949) using facial recognition.
048         */
049        public static final AMR FACE = new AMR("face");
050        
051        
052        /**
053         * Biometric authentication (RFC 4949) using a fingerprint.
054         */
055        public static final AMR FPT = new AMR("fpt");
056        
057        
058        /**
059         * Use of geolocation information for authentication, such as that
060         * provided by W3C REC-geolocation-API-20161108.
061         */
062        public static final AMR GEO = new AMR("geo");
063        
064        
065        /**
066         * Proof-of-Possession (PoP) of a hardware-secured key. See Appendix C
067         * of RFC 4211 for a discussion on PoP.
068         */
069        public static final AMR HWK = new AMR("hwk");
070        
071        
072        /**
073         * Biometric authentication (RFC 4949) using an iris scan.
074         */
075        public static final AMR IRIS = new AMR("iris");
076        
077        
078        /**
079         * Retina scan biometric.
080         */
081        @Deprecated
082        public static final AMR EYE = new AMR("eye");
083        
084        
085        /**
086         * Knowledge-based authentication (NIST.800-63-2, ISO29115).
087         */
088        public static final AMR KBA = new AMR("kba");
089        
090        
091        /**
092         * Multiple-channel authentication (MCA). The authentication involves
093         * communication over more than one distinct communication channel. For
094         * instance, a multiple-channel authentication might involve both
095         * entering information into a workstation's browser and providing
096         * information on a telephone call to a pre-registered number.
097         */
098        public static final AMR MCA = new AMR("mca");
099        
100        
101        /**
102         * Multiple-factor authentication (NIST.800-63-2, ISO29115). When this
103         * is present, specific authentication methods used may also be
104         * included.
105         */
106        public static final AMR MFA = new AMR("mfa");
107        
108        
109        /**
110         * One-time password (RFC 4949). One-time password specifications that
111         * this authentication method applies to include RFC 4226 and RFC 6238.
112         */
113        public static final AMR OTP = new AMR("otp");
114        
115        
116        /**
117         * Personal Identification Number (PIN) (RFC 4949) or pattern (not
118         * restricted to containing only numbers) that a user enters to unlock
119         * a key on the device. This mechanism should have a way to deter an
120         * attacker from obtaining the PIN by trying repeated guesses.
121         */
122        public static final AMR PIN = new AMR("pin");
123        
124        
125        /**
126         * Proof-of-possession (PoP) of a key. See Appendix C of RFC 4211 for a
127         * discussion on PoP.
128         */
129        @Deprecated
130        public static final AMR POP = new AMR("pop");
131        
132        
133        /**
134         * Password-based authentication (RFC 4949).
135         */
136        public static final AMR PWD = new AMR("pwd");
137        
138        
139        /**
140         * Risk-based authentication (Williamson, G., "Enhanced Authentication
141         * In Online Banking", Journal of Economic Crime Management 4.2: 18-19,
142         * 2006).
143         */
144        public static final AMR RBA = new AMR("rba");
145        
146        
147        /**
148         * Smart card (RFC 4949).
149         */
150        public static final AMR SC = new AMR("sc");
151        
152        
153        /**
154         * Confirmation using SMS text message to the user at a registered
155         * number.
156         */
157        public static final AMR SMS = new AMR("sms");
158        
159        
160        /**
161         * Proof-of-Possession (PoP) of a software-secured key. See Appendix C
162         * of RFC 4211 for a discussion on PoP.
163         */
164        public static final AMR SWK = new AMR("swk");
165        
166        
167        /**
168         * Confirmation by telephone call to the user at a registered number.
169         * This authentication technique is sometimes also referred to as
170         * "call back" (RFC 4949).
171         */
172        public static final AMR TEL = new AMR("tel");
173        
174        
175        /**
176         * User presence test. Evidence that the end user is present and
177         * interacting with the device.  This is sometimes also referred to as
178         * "test of user presence" (W3C WD-webauthn-20170216).
179         */
180        public static final AMR USER = new AMR("user");
181        
182        
183        /**
184         * Biometric authentication (RFC 4949) using a voiceprint.
185         */
186        public static final AMR VBM = new AMR("vbm");
187        
188        
189        /**
190         * Windows integrated authentication (Microsoft, "Integrated Windows
191         * Authentication with Negotiate", September 2011).
192         */
193        public static final AMR WIA = new AMR("wia");
194        
195        
196        /**
197         * Creates a new Authentication Method Reference (AMR) with the
198         * specified value.
199         *
200         * @param value The AMR value. Must not be {@code null}.
201         */
202        public AMR(final String value) {
203
204                super(value);
205        }
206
207
208        @Override
209        public boolean equals(final Object object) {
210
211                return object instanceof AMR &&
212                       this.toString().equals(object.toString());
213        }
214}