001package com.nimbusds.openid.connect.sdk.rp; 002 003 004import java.net.URL; 005 006import org.apache.commons.lang3.StringUtils; 007 008import net.minidev.json.JSONObject; 009 010import net.jcip.annotations.Immutable; 011 012import com.nimbusds.oauth2.sdk.ParseException; 013import com.nimbusds.oauth2.sdk.client.ClientRegistrationRequest; 014import com.nimbusds.oauth2.sdk.http.HTTPRequest; 015import com.nimbusds.oauth2.sdk.token.BearerAccessToken; 016 017 018/** 019 * OpenID Connect client registration request. 020 * 021 * <p>Example HTTP request: 022 * 023 * <pre> 024 * POST /connect/register HTTP/1.1 025 * Content-Type: application/json 026 * Accept: application/json 027 * Host: server.example.com 028 * Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJ ... 029 * 030 * { 031 * "application_type" : "web", 032 * "redirect_uris" : [ "https://client.example.org/callback", 033 * "https://client.example.org/callback2" ], 034 * "client_name" : "My Example", 035 * "client_name#ja-Jpan-JP" : "クライアント名", 036 * "logo_uri" : "https://client.example.org/logo.png", 037 * "subject_type" : "pairwise", 038 * "sector_identifier_uri" : "https://other.example.net/file_of_redirect_uris.json", 039 * "token_endpoint_auth_method" : "client_secret_basic", 040 * "jwks_uri" : "https://client.example.org/my_public_keys.jwks", 041 * "userinfo_encrypted_response_alg" : "RSA1_5", 042 * "userinfo_encrypted_response_enc" : "A128CBC-HS256", 043 * "contacts" : [ "[email protected]", "[email protected]" ], 044 * "request_uris" : [ "https://client.example.org/rf.txt#qpXaRLh_n93TTR9F252ValdatUQvQiJi5BDub2BeznA" ] 045 * } 046 * </pre> 047 * 048 * <p>Related specifications: 049 * 050 * <ul> 051 * <li>OpenID Connect Dynamic Client Registration 1.0, section 3.1. 052 * <li>OAuth 2.0 Dynamic Client Registration Protocol 053 * (draft-ietf-oauth-dyn-reg-14), section 3.1. 054 * </ul> 055 */ 056@Immutable 057public class OIDCClientRegistrationRequest extends ClientRegistrationRequest { 058 059 060 /** 061 * Creates a new OpenID Connect client registration request. 062 * 063 * @param uri The URI of the client registration endpoint. May 064 * be {@code null} if the {@link #toHTTPRequest()} 065 * method will not be used. 066 * @param metadata The OpenID Connect client metadata. Must not be 067 * {@code null} and must specify one or more 068 * redirection URIs. 069 * @param accessToken An OAuth 2.0 Bearer access token for the request, 070 * {@code null} if none. 071 */ 072 public OIDCClientRegistrationRequest(final URL uri, 073 final OIDCClientMetadata metadata, 074 final BearerAccessToken accessToken) { 075 076 super(uri, metadata, accessToken); 077 } 078 079 080 /** 081 * Gets the associated OpenID Connect client metadata. 082 * 083 * @return The OpenID Connect client metadata. 084 */ 085 public OIDCClientMetadata getOIDCClientMetadata() { 086 087 return (OIDCClientMetadata)getClientMetadata(); 088 } 089 090 091 /** 092 * Parses an OpenID Connect client registration request from the 093 * specified HTTP POST request. 094 * 095 * @param httpRequest The HTTP request. Must not be {@code null}. 096 * 097 * @return The OpenID Connect client registration request. 098 * 099 * @throws ParseException If the HTTP request couldn't be parsed to an 100 * OpenID Connect client registration request. 101 */ 102 public static OIDCClientRegistrationRequest parse(final HTTPRequest httpRequest) 103 throws ParseException { 104 105 httpRequest.ensureMethod(HTTPRequest.Method.POST); 106 107 // Parse the client metadata 108 JSONObject jsonObject = httpRequest.getQueryAsJSONObject(); 109 110 OIDCClientMetadata metadata = OIDCClientMetadata.parse(jsonObject); 111 112 // Parse the optional bearer access token 113 BearerAccessToken accessToken = null; 114 115 String authzHeaderValue = httpRequest.getAuthorization(); 116 117 if (StringUtils.isNotBlank(authzHeaderValue)) 118 accessToken = BearerAccessToken.parse(authzHeaderValue); 119 120 return new OIDCClientRegistrationRequest(httpRequest.getURL(), metadata, accessToken); 121 } 122}