001package com.nimbusds.openid.connect.sdk.rp; 002 003 004import java.net.MalformedURLException; 005import java.net.URL; 006import java.util.LinkedHashSet; 007import java.util.LinkedList; 008import java.util.List; 009import java.util.Set; 010 011import net.minidev.json.JSONArray; 012import net.minidev.json.JSONObject; 013 014import com.nimbusds.jose.EncryptionMethod; 015import com.nimbusds.jose.JWEAlgorithm; 016import com.nimbusds.jose.JWSAlgorithm; 017 018import com.nimbusds.oauth2.sdk.ParseException; 019import com.nimbusds.oauth2.sdk.client.ClientMetadata; 020import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 021 022import com.nimbusds.openid.connect.sdk.SubjectType; 023import com.nimbusds.openid.connect.sdk.claims.ACR; 024 025 026/** 027 * OpenID Connect client metadata. 028 * 029 * <p>Related specifications: 030 * 031 * <ul> 032 * <li>OpenID Connect Dynamic Client Registration 1.0, section 2. 033 * <li>OAuth 2.0 Dynamic Client Registration Protocol 034 * (draft-ietf-oauth-dyn-reg-14), section 2. 035 * </ul> 036 * 037 * @author Vladimir Dzhuvinov 038 */ 039public class OIDCClientMetadata extends ClientMetadata { 040 041 042 /** 043 * The client application type. 044 */ 045 private ApplicationType applicationType; 046 047 048 /** 049 * The subject identifier type for responses to this client. 050 */ 051 private SubjectType subjectType; 052 053 054 /** 055 * Sector identifier URI. 056 */ 057 private URL sectorIDURI; 058 059 060 /** 061 * Pre-registered OpenID Connect request URIs. 062 */ 063 private Set<URL> requestObjectURIs; 064 065 066 /** 067 * The JSON Web Signature (JWS) algorithm required for the OpenID 068 * Connect request objects sent by this client. 069 */ 070 private JWSAlgorithm requestObjectJWSAlg; 071 072 073 /** 074 * The JSON Web Signature (JWS) algorithm required for the ID Tokens 075 * issued to this client. 076 */ 077 private JWSAlgorithm idTokenJWSAlg; 078 079 080 /** 081 * The JSON Web Encryption (JWE) algorithm required for the ID Tokens 082 * issued to this client. 083 */ 084 private JWEAlgorithm idTokenJWEAlg; 085 086 087 /** 088 * The encryption method (JWE enc) required for the ID Tokens issued to 089 * this client. 090 */ 091 private EncryptionMethod idTokenJWEEnc; 092 093 094 /** 095 * The JSON Web Signature (JWS) algorithm required for the UserInfo 096 * responses to this client. 097 */ 098 private JWSAlgorithm userInfoJWSAlg; 099 100 101 /** 102 * The JSON Web Encryption (JWE) algorithm required for the UserInfo 103 * responses to this client. 104 */ 105 private JWEAlgorithm userInfoJWEAlg; 106 107 108 /** 109 * The encryption method (JWE enc) required for the UserInfo responses 110 * to this client. 111 */ 112 private EncryptionMethod userInfoJWEEnc; 113 114 115 /** 116 * The default max authentication age, in seconds. If not specified 0. 117 */ 118 private int defaultMaxAge; 119 120 121 /** 122 * If {@code true} the {@code auth_time} claim in the ID Token is 123 * required by default. 124 */ 125 private boolean requiresAuthTime; 126 127 128 /** 129 * The default Authentication Context Class Reference (ACR) values, by 130 * order of preference. 131 */ 132 private List<ACR> defaultACRs; 133 134 135 /** 136 * Authorisation server initiated login HTTPS URL. 137 */ 138 private URL initiateLoginURI; 139 140 141 /** 142 * Logout redirect URL. 143 */ 144 private URL postLogoutRedirectURI; 145 146 147 /** 148 * Creates a new OpenID Connect client metadata instance. 149 */ 150 public OIDCClientMetadata() { 151 152 super(); 153 } 154 155 156 /** 157 * Creates a new OpenID Connect client metadata instance from the 158 * specified base OAuth 2.0 client metadata. 159 * 160 * @param metadata The base OAuth 2.0 client metadata. Must not be 161 * {@code null}. 162 */ 163 public OIDCClientMetadata(final ClientMetadata metadata) { 164 165 super(metadata); 166 } 167 168 169 /** 170 * Gets the client application type. Corresponds to the 171 * {@code application_type} client metadata field. 172 * 173 * @return The client application type, {@code null} if not specified. 174 */ 175 public ApplicationType getApplicationType() { 176 177 return applicationType; 178 } 179 180 181 /** 182 * Sets the client application type. Corresponds to the 183 * {@code application_type} client metadata field. 184 * 185 * @param applicationType The client application type, {@code null} if 186 * not specified. 187 */ 188 public void setApplicationType(final ApplicationType applicationType) { 189 190 this.applicationType = applicationType; 191 } 192 193 194 /** 195 * Gets the subject identifier type for responses to this client. 196 * Corresponds to the {@code subject_type} client metadata field. 197 * 198 * @return The subject identifier type, {@code null} if not specified. 199 */ 200 public SubjectType getSubjectType() { 201 202 return subjectType; 203 } 204 205 206 /** 207 * Sets the subject identifier type for responses to this client. 208 * Corresponds to the {@code subject_type} client metadata field. 209 * 210 * @param subjectType The subject identifier type, {@code null} if not 211 * specified. 212 */ 213 public void setSubjectType(final SubjectType subjectType) { 214 215 this.subjectType = subjectType; 216 } 217 218 219 /** 220 * Gets the sector identifier URI. Corresponds to the 221 * {@code sector_identifier_uri} client metadata field. 222 * 223 * @return The sector identifier URI, {@code null} if not specified. 224 */ 225 public URL getSectorIDURI() { 226 227 return sectorIDURI; 228 } 229 230 231 /** 232 * Sets the sector identifier URI. Corresponds to the 233 * {@code sector_identifier_uri} client metadata field. 234 * 235 * @param sectorIDURI The sector identifier URI, {@code null} if not 236 * specified. 237 */ 238 public void setSectorIDURI(final URL sectorIDURI) { 239 240 this.sectorIDURI = sectorIDURI; 241 } 242 243 244 /** 245 * Gets the pre-registered OpenID Connect request object URIs. 246 * Corresponds to the {@code request_uris} client metadata field. 247 * 248 * @return The request object URIs, {@code null} if not specified. 249 */ 250 public Set<URL> getRequestObjectURIs() { 251 252 return requestObjectURIs; 253 } 254 255 256 /** 257 * Sets the pre-registered OpenID Connect request object URIs. 258 * Corresponds to the {@code request_uris} client metadata field. 259 * 260 * @param requestObjectURIs The request object URIs, {@code null} if not 261 * specified. 262 */ 263 public void setRequestObjectURIs(final Set<URL> requestObjectURIs) { 264 265 this.requestObjectURIs = requestObjectURIs; 266 } 267 268 269 /** 270 * Gets the JSON Web Signature (JWS) algorithm required for the OpenID 271 * Connect request objects sent by this client. Corresponds to the 272 * {@code request_object_signing_alg} client metadata field. 273 * 274 * @return The JWS algorithm, {@code null} if not specified. 275 */ 276 public JWSAlgorithm getRequestObjectJWSAlg() { 277 278 return requestObjectJWSAlg; 279 } 280 281 282 /** 283 * Sets the JSON Web Signature (JWS) algorithm required for the OpenID 284 * Connect request objects sent by this client. Corresponds to the 285 * {@code request_object_signing_alg} client metadata field. 286 * 287 * @param requestObjectJWSAlg The JWS algorithm, {@code null} if not 288 * specified. 289 */ 290 public void setRequestObjectJWSAlg(final JWSAlgorithm requestObjectJWSAlg) { 291 292 this.requestObjectJWSAlg = requestObjectJWSAlg; 293 } 294 295 296 /** 297 * Gets the JSON Web Signature (JWS) algorithm required for the ID 298 * Tokens issued to this client. Corresponds to the 299 * {@code id_token_signed_response_alg} client metadata field. 300 * 301 * @return The JWS algorithm, {@code null} if not specified. 302 */ 303 public JWSAlgorithm getIDTokenJWSAlg() { 304 305 return idTokenJWSAlg; 306 } 307 308 309 /** 310 * Sets the JSON Web Signature (JWS) algorithm required for the ID 311 * Tokens issued to this client. Corresponds to the 312 * {@code id_token_signed_response_alg} client metadata field. 313 * 314 * @param idTokenJWSAlg The JWS algorithm, {@code null} if not 315 * specified. 316 */ 317 public void setIDTokenJWSAlg(final JWSAlgorithm idTokenJWSAlg) { 318 319 this.idTokenJWSAlg = idTokenJWSAlg; 320 } 321 322 323 /** 324 * Gets the JSON Web Encryption (JWE) algorithm required for the ID 325 * Tokens issued to this client. Corresponds to the 326 * {@code id_token_encrypted_response_alg} client metadata field. 327 * 328 * @return The JWE algorithm, {@code null} if not specified. 329 */ 330 public JWEAlgorithm getIDTokenJWEAlg() { 331 332 return idTokenJWEAlg; 333 } 334 335 336 /** 337 * Sets the JSON Web Encryption (JWE) algorithm required for the ID 338 * Tokens issued to this client. Corresponds to the 339 * {@code id_token_encrypted_response_alg} client metadata field. 340 * 341 * @param idTokenJWEAlg The JWE algorithm, {@code null} if not 342 * specified. 343 */ 344 public void setIDTokenJWEAlg(final JWEAlgorithm idTokenJWEAlg) { 345 346 this.idTokenJWEAlg = idTokenJWEAlg; 347 } 348 349 350 /** 351 * Gets the encryption method (JWE enc) required for the ID Tokens 352 * issued to this client. Corresponds to the 353 * {@code id_token_encrypted_response_enc} client metadata field. 354 * 355 * @return The JWE encryption method, {@code null} if not specified. 356 */ 357 public EncryptionMethod getIDTokenJWEEnc() { 358 359 return idTokenJWEEnc; 360 } 361 362 363 /** 364 * Sets the encryption method (JWE enc) required for the ID Tokens 365 * issued to this client. Corresponds to the 366 * {@code id_token_encrypted_response_enc} client metadata field. 367 * 368 * @param idTokenJWEEnc The JWE encryption method, {@code null} if not 369 * specified. 370 */ 371 public void setIDTokenJWEEnc(final EncryptionMethod idTokenJWEEnc) { 372 373 this.idTokenJWEEnc = idTokenJWEEnc; 374 } 375 376 377 /** 378 * Gets the JSON Web Signature (JWS) algorithm required for the 379 * UserInfo responses to this client. Corresponds to the 380 * {@code userinfo_signed_response_alg} client metadata field. 381 * 382 * @return The JWS algorithm, {@code null} if not specified. 383 */ 384 public JWSAlgorithm getUserInfoJWSAlg() { 385 386 return userInfoJWSAlg; 387 } 388 389 390 /** 391 * Sets the JSON Web Signature (JWS) algorithm required for the 392 * UserInfo responses to this client. Corresponds to the 393 * {@code userinfo_signed_response_alg} client metadata field. 394 * 395 * @param userInfoJWSAlg The JWS algorithm, {@code null} if not 396 * specified. 397 */ 398 public void setUserInfoJWSAlg(final JWSAlgorithm userInfoJWSAlg) { 399 400 this.userInfoJWSAlg = userInfoJWSAlg; 401 } 402 403 404 /** 405 * Gets the JSON Web Encryption (JWE) algorithm required for the 406 * UserInfo responses to this client. Corresponds to the 407 * {@code userinfo_encrypted_response_alg} client metadata field. 408 * 409 * @return The JWE algorithm, {@code null} if not specified. 410 */ 411 public JWEAlgorithm getUserInfoJWEAlg() { 412 413 return userInfoJWEAlg; 414 } 415 416 417 /** 418 * Sets the JSON Web Encryption (JWE) algorithm required for the 419 * UserInfo responses to this client. Corresponds to the 420 * {@code userinfo_encrypted_response_alg} client metadata field. 421 * 422 * @param userInfoJWEAlg The JWE algorithm, {@code null} if not 423 * specified. 424 */ 425 public void setUserInfoJWEAlg(final JWEAlgorithm userInfoJWEAlg) { 426 427 this.userInfoJWEAlg = userInfoJWEAlg; 428 } 429 430 431 /** 432 * Gets the encryption method (JWE enc) required for the UserInfo 433 * responses to this client. Corresponds to the 434 * {@code userinfo_encrypted_response_enc} client metadata field. 435 * 436 * @return The JWE encryption method, {@code null} if not specified. 437 */ 438 public EncryptionMethod getUserInfoJWEEnc() { 439 440 return userInfoJWEEnc; 441 } 442 443 444 /** 445 * Sets the encryption method (JWE enc) required for the UserInfo 446 * responses to this client. Corresponds to the 447 * {@code userinfo_encrypted_response_enc} client metadata field. 448 * 449 * @param userInfoJWEEnc The JWE encryption method, {@code null} if not 450 * specified. 451 */ 452 public void setUserInfoJWEEnc(final EncryptionMethod userInfoJWEEnc) { 453 454 this.userInfoJWEEnc = userInfoJWEEnc; 455 } 456 457 458 /** 459 * Gets the default maximum authentication age. Corresponds to the 460 * {@code default_max_age} client metadata field. 461 * 462 * @return The default max authentication age, in seconds. If not 463 * specified 0. 464 */ 465 public int getDefaultMaxAge() { 466 467 return defaultMaxAge; 468 } 469 470 471 /** 472 * Sets the default maximum authentication age. Corresponds to the 473 * {@code default_max_age} client metadata field. 474 * 475 * @param defaultMaxAge The default max authentication age, in seconds. 476 * If not specified 0. 477 */ 478 public void setDefaultMaxAge(final int defaultMaxAge) { 479 480 this.defaultMaxAge = defaultMaxAge; 481 } 482 483 484 /** 485 * Gets the default requirement for the {@code auth_time} claim in the 486 * ID Token. Corresponds to the {@code require_auth_time} client 487 * metadata field. 488 * 489 * @return If {@code true} the {@code auth_Time} claim in the ID Token 490 * is required by default. 491 */ 492 public boolean requiresAuthTime() { 493 494 return requiresAuthTime; 495 } 496 497 498 /** 499 * Sets the default requirement for the {@code auth_time} claim in the 500 * ID Token. Corresponds to the {@code require_auth_time} client 501 * metadata field. 502 * 503 * @param requiresAuthTime If {@code true} the {@code auth_Time} claim 504 * in the ID Token is required by default. 505 */ 506 public void requiresAuthTime(final boolean requiresAuthTime) { 507 508 this.requiresAuthTime = requiresAuthTime; 509 } 510 511 512 /** 513 * Gets the default Authentication Context Class Reference (ACR) 514 * values. Corresponds to the {@code default_acr_values} client 515 * metadata field. 516 * 517 * @return The default ACR values, by order of preference, 518 * {@code null} if not specified. 519 */ 520 public List<ACR> getDefaultACRs() { 521 522 return defaultACRs; 523 } 524 525 526 /** 527 * Sets the default Authentication Context Class Reference (ACR) 528 * values. Corresponds to the {@code default_acr_values} client 529 * metadata field. 530 * 531 * @param defaultACRs The default ACRs, by order of preference, 532 * {@code null} if not specified. 533 */ 534 public void setDefaultACRs(final List<ACR> defaultACRs) { 535 536 this.defaultACRs = defaultACRs; 537 } 538 539 540 /** 541 * Gets the HTTPS URI that the authorisation server can call to 542 * initiate a login at the client. Corresponds to the 543 * {@code initiate_login_uri} client metadata field. 544 * 545 * @return The login URI, {@code null} if not specified. 546 */ 547 public URL getInitiateLoginURI() { 548 549 return initiateLoginURI; 550 } 551 552 553 /** 554 * Sets the HTTPS URI that the authorisation server can call to 555 * initiate a login at the client. Corresponds to the 556 * {@code initiate_login_uri} client metadata field. 557 * 558 * @param loginURI The login URI, {@code null} if not specified. 559 */ 560 public void setInitiateLoginURI(final URL loginURI) { 561 562 this.initiateLoginURI = loginURI; 563 } 564 565 566 /** 567 * Gets the post logout redirect URI. Corresponds to the 568 * {@code post_logout_redirect_uri} client metadata field. 569 * 570 * @return The logout URI, {@code null} if not specified. 571 */ 572 public URL getPostLogoutRedirectURI() { 573 574 return postLogoutRedirectURI; 575 } 576 577 578 /** 579 * Sets the post logout redirect URI. Corresponds to the 580 * {@code post_logout_redirect_uri} client metadata field. 581 * 582 * @param logoutURI The logout URI, {@code null} if not specified. 583 */ 584 public void setPostLogoutRedirectURI(final URL logoutURI) { 585 586 this.postLogoutRedirectURI = logoutURI; 587 } 588 589 590 /** 591 * Applies the client metadata defaults where no values have been 592 * specified. 593 * 594 * <ul> 595 * <li>The response types default to {@code ["code"]}. 596 * <li>The grant types default to {@code "authorization_code".} 597 * <li>The client authentication method defaults to 598 * "client_secret_basic". 599 * <li>The ID token JWS algorithm defaults to "RS256". 600 * </ul> 601 */ 602 @Override 603 public void applyDefaults() { 604 605 super.applyDefaults(); 606 607 if (idTokenJWSAlg == null) { 608 idTokenJWSAlg = JWSAlgorithm.RS256; 609 } 610 } 611 612 613 @Override 614 public JSONObject toJSONObject() { 615 616 JSONObject o = super.toJSONObject(false); 617 618 o.putAll(getCustomFields()); 619 620 if (applicationType != null) 621 o.put("application_type", applicationType.toString()); 622 623 624 if (subjectType != null) 625 o.put("subject_type", subjectType.toString()); 626 627 628 if (sectorIDURI != null) 629 o.put("sector_identifier_uri", sectorIDURI.toString()); 630 631 632 if (requestObjectURIs != null) { 633 634 JSONArray uriList = new JSONArray(); 635 636 for (URL uri: requestObjectURIs) 637 uriList.add(uri.toString()); 638 639 o.put("request_uris", uriList); 640 } 641 642 643 if (requestObjectJWSAlg != null) 644 o.put("request_object_signing_alg", requestObjectJWSAlg.getName()); 645 646 647 if (idTokenJWSAlg != null) 648 o.put("id_token_signed_response_alg", idTokenJWSAlg.getName()); 649 650 651 if (idTokenJWEAlg != null) 652 o.put("id_token_encrypted_response_alg", idTokenJWEAlg.getName()); 653 654 655 if (idTokenJWEEnc != null) 656 o.put("id_token_encrypted_response_enc", idTokenJWEEnc.getName()); 657 658 659 if (userInfoJWSAlg != null) 660 o.put("userinfo_signed_response_alg", userInfoJWSAlg.getName()); 661 662 663 if (userInfoJWEAlg != null) 664 o.put("userinfo_encrypted_response_alg", userInfoJWEAlg.getName()); 665 666 667 if (userInfoJWEEnc != null) 668 o.put("userinfo_encrypted_response_enc", userInfoJWEEnc.getName()); 669 670 671 if (defaultMaxAge > 0) 672 o.put("default_max_age", defaultMaxAge); 673 674 675 o.put("require_auth_time", requiresAuthTime); 676 677 678 if (defaultACRs != null) { 679 680 JSONArray acrList = new JSONArray(); 681 682 for (ACR acr: defaultACRs) 683 acrList.add(acr); 684 685 o.put("default_acr_values", acrList); 686 } 687 688 689 if (initiateLoginURI != null) 690 o.put("initiate_login_uri", initiateLoginURI.toString()); 691 692 693 if (postLogoutRedirectURI != null) 694 o.put("post_logout_redirect_uri", postLogoutRedirectURI.toString()); 695 696 return o; 697 } 698 699 700 /** 701 * Parses an OpenID Connect client metadata instance from the specified 702 * JSON object. 703 * 704 * @param jsonObject The JSON object to parse. Must not be 705 * {@code null}. 706 * 707 * @return The OpenID Connect client metadata. 708 * 709 * @throws ParseException If the JSON object couldn't be parsed to an 710 * OpenID Connect client metadata instance. 711 */ 712 public static OIDCClientMetadata parse(final JSONObject jsonObject) 713 throws ParseException { 714 715 ClientMetadata baseMetadata = ClientMetadata.parse(jsonObject); 716 717 OIDCClientMetadata metadata = new OIDCClientMetadata(baseMetadata); 718 719 // Parse the OIDC-specific fields from the custom OAuth 2.0 dyn 720 // reg fields 721 722 JSONObject oidcFields = baseMetadata.getCustomFields(); 723 724 if (oidcFields.containsKey("application_type")) { 725 metadata.setApplicationType(JSONObjectUtils.getEnum(jsonObject, 726 "application_type", 727 ApplicationType.class)); 728 729 oidcFields.remove("application_type"); 730 } 731 732 if (jsonObject.containsKey("subject_type")) { 733 metadata.setSubjectType(JSONObjectUtils.getEnum(jsonObject, "subject_type", SubjectType.class)); 734 oidcFields.remove("subject_type"); 735 } 736 737 if (jsonObject.containsKey("sector_identifier_uri")) { 738 metadata.setSectorIDURI(JSONObjectUtils.getURL(jsonObject, "sector_identifier_uri")); 739 oidcFields.remove("sector_identifier_uri"); 740 } 741 742 if (jsonObject.containsKey("request_uris")) { 743 744 Set<URL> requestURIs = new LinkedHashSet<URL>(); 745 746 for (String uriString: JSONObjectUtils.getStringArray(jsonObject, "request_uris")) { 747 748 try { 749 requestURIs.add(new URL(uriString)); 750 751 } catch (MalformedURLException e) { 752 753 throw new ParseException("Invalid \"request_uris\" parameter"); 754 } 755 } 756 757 metadata.setRequestObjectURIs(requestURIs); 758 oidcFields.remove("request_uris"); 759 } 760 761 762 if (jsonObject.containsKey("request_object_signing_alg")) { 763 metadata.setRequestObjectJWSAlg(new JWSAlgorithm( 764 JSONObjectUtils.getString(jsonObject, "request_object_signing_alg"))); 765 766 oidcFields.remove("request_object_signing_alg"); 767 } 768 769 if (jsonObject.containsKey("id_token_signed_response_alg")) { 770 metadata.setIDTokenJWSAlg(new JWSAlgorithm( 771 JSONObjectUtils.getString(jsonObject, "id_token_signed_response_alg"))); 772 773 oidcFields.remove("id_token_signed_response_alg"); 774 } 775 776 777 if (jsonObject.containsKey("id_token_encrypted_response_alg")) { 778 metadata.setIDTokenJWEAlg(new JWEAlgorithm( 779 JSONObjectUtils.getString(jsonObject, "id_token_encrypted_response_alg"))); 780 781 oidcFields.remove("id_token_encrypted_response_alg"); 782 } 783 784 785 if (jsonObject.containsKey("id_token_encrypted_response_enc")) { 786 metadata.setIDTokenJWEEnc(new EncryptionMethod( 787 JSONObjectUtils.getString(jsonObject, "id_token_encrypted_response_enc"))); 788 789 oidcFields.remove("id_token_encrypted_response_enc"); 790 } 791 792 793 if (jsonObject.containsKey("userinfo_signed_response_alg")) { 794 metadata.setUserInfoJWSAlg(new JWSAlgorithm( 795 JSONObjectUtils.getString(jsonObject, "userinfo_signed_response_alg"))); 796 797 oidcFields.remove("userinfo_signed_response_alg"); 798 } 799 800 801 if (jsonObject.containsKey("userinfo_encrypted_response_alg")) { 802 metadata.setUserInfoJWEAlg(new JWEAlgorithm( 803 JSONObjectUtils.getString(jsonObject, "userinfo_encrypted_response_alg"))); 804 805 oidcFields.remove("userinfo_encrypted_response_alg"); 806 } 807 808 809 if (jsonObject.containsKey("userinfo_encrypted_response_enc")) { 810 metadata.setUserInfoJWEEnc(new EncryptionMethod( 811 JSONObjectUtils.getString(jsonObject, "userinfo_encrypted_response_enc"))); 812 813 oidcFields.remove("userinfo_encrypted_response_enc"); 814 } 815 816 817 if (jsonObject.containsKey("default_max_age")) { 818 metadata.setDefaultMaxAge(JSONObjectUtils.getInt(jsonObject, "default_max_age")); 819 oidcFields.remove("default_max_age"); 820 } 821 822 823 if (jsonObject.containsKey("require_auth_time")) { 824 metadata.requiresAuthTime(JSONObjectUtils.getBoolean(jsonObject, "require_auth_time")); 825 oidcFields.remove("require_auth_time"); 826 } 827 828 829 if (jsonObject.containsKey("default_acr_values")) { 830 831 List<ACR> acrValues = new LinkedList<ACR>(); 832 833 for (String acrString: JSONObjectUtils.getStringArray(jsonObject, "default_acr_values")) 834 acrValues.add(new ACR(acrString)); 835 836 metadata.setDefaultACRs(acrValues); 837 838 oidcFields.remove("default_acr_values"); 839 } 840 841 842 if (jsonObject.containsKey("initiate_login_uri")) { 843 metadata.setInitiateLoginURI(JSONObjectUtils.getURL(jsonObject, "initiate_login_uri")); 844 oidcFields.remove("initiate_login_uri"); 845 } 846 847 848 if (jsonObject.containsKey("post_logout_redirect_uri")) { 849 metadata.setPostLogoutRedirectURI(JSONObjectUtils.getURL(jsonObject, "post_logout_redirect_uri")); 850 oidcFields.remove("post_logout_redirect_uri"); 851 } 852 853 // The remaining fields are custom 854 metadata.setCustomFields(oidcFields); 855 856 return metadata; 857 } 858}