@Immutable public class AuthenticationRequest extends AuthorizationRequest
Example HTTP request (code flow):
https://server.example.com/op/authorize? response_type=code%20id_token &client_id=s6BhdRkqt3 &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb &scope=openid &nonce=n-0S6_WzA2Mj &state=af0ifjsldkj
Related specifications:
Modifier and Type | Class and Description |
---|---|
static class |
AuthenticationRequest.Builder
Builder for constructing OpenID Connect authentication requests.
|
Constructor and Description |
---|
AuthenticationRequest(URI uri,
ResponseType rt,
ResponseMode rm,
Scope scope,
ClientID clientID,
URI redirectURI,
State state,
Nonce nonce,
Display display,
Prompt prompt,
int maxAge,
List<com.nimbusds.langtag.LangTag> uiLocales,
List<com.nimbusds.langtag.LangTag> claimsLocales,
com.nimbusds.jwt.JWT idTokenHint,
String loginHint,
List<ACR> acrValues,
ClaimsRequest claims,
com.nimbusds.jwt.JWT requestObject,
URI requestURI)
Creates a new OpenID Connect authentication request.
|
AuthenticationRequest(URI uri,
ResponseType rt,
Scope scope,
ClientID clientID,
URI redirectURI,
State state,
Nonce nonce)
Creates a new minimal OpenID Connect authentication request.
|
Modifier and Type | Method and Description |
---|---|
List<ACR> |
getACRValues()
Gets the requested Authentication Context Class Reference values.
|
ClaimsRequest |
getClaims()
Gets the individual claims to be returned.
|
List<com.nimbusds.langtag.LangTag> |
getClaimsLocales()
Gets the end-user's preferred languages and scripts for the claims
being returned, ordered by preference.
|
Display |
getDisplay()
Gets the requested display type.
|
com.nimbusds.jwt.JWT |
getIDTokenHint()
Gets the ID Token hint.
|
String |
getLoginHint()
Gets the login hint.
|
int |
getMaxAge()
Gets the required maximum authentication age.
|
Nonce |
getNonce()
Gets the nonce.
|
Prompt |
getPrompt()
Gets the requested prompt.
|
com.nimbusds.jwt.JWT |
getRequestObject()
Gets the request object.
|
URI |
getRequestURI()
Gets the request object URI.
|
List<com.nimbusds.langtag.LangTag> |
getUILocales()
Gets the end-user's preferred languages and scripts for the user
interface, ordered by preference.
|
static AuthenticationRequest |
parse(HTTPRequest httpRequest)
Parses an authentication request from the specified HTTP GET or HTTP
POST request.
|
static AuthenticationRequest |
parse(Map<String,String> params)
Parses an OpenID Connect authentication request from the specified
parameters.
|
static AuthenticationRequest |
parse(String query)
Parses an OpenID Connect authentication request from the specified
URI query string.
|
static AuthenticationRequest |
parse(URI uri)
Parses an OpenID Connect authentication request from the specified
URI.
|
static AuthenticationRequest |
parse(URI uri,
Map<String,String> params)
Parses an OpenID Connect authentication request from the specified
parameters.
|
static AuthenticationRequest |
parse(URI uri,
String query)
Parses an OpenID Connect authentication request from the specified
URI query string.
|
boolean |
specifiesRequestObject()
Returns
true if this authentication request specifies an
OpenID Connect request object (directly through the request
parameter or by reference through the request_uri parameter). |
Map<String,String> |
toParameters()
Returns the parameters for this authorisation request.
|
getClientID, getRedirectionURI, getResponseMode, getResponseType, getScope, getState, impliedResponseMode, toHTTPRequest, toHTTPRequest, toQueryString, toURI
getEndpointURI
public AuthenticationRequest(URI uri, ResponseType rt, Scope scope, ClientID clientID, URI redirectURI, State state, Nonce nonce)
uri
- The URI of the OAuth 2.0 authorisation endpoint.
May be null
if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method)
method will not be used.rt
- The response type. Corresponds to the
response_type
parameter. Must specify a
valid OpenID Connect response type. Must not be
null
.scope
- The request scope. Corresponds to the
scope
parameter. Must contain an
openid value
. Must
not be null
.clientID
- The client identifier. Corresponds to the
client_id
parameter. Must not be
null
.redirectURI
- The redirection URI. Corresponds to the
redirect_uri
parameter. Must not be
null
.state
- The state. Corresponds to the state
parameter. May be null
.nonce
- The nonce. Corresponds to the nonce
parameter. May be null
for code flow.public AuthenticationRequest(URI uri, ResponseType rt, ResponseMode rm, Scope scope, ClientID clientID, URI redirectURI, State state, Nonce nonce, Display display, Prompt prompt, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, ClaimsRequest claims, com.nimbusds.jwt.JWT requestObject, URI requestURI)
uri
- The URI of the OAuth 2.0 authorisation
endpoint. May be null
if the
AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method)
method will not be used.rt
- The response type set. Corresponds to the
response_type
parameter. Must specify a
valid OpenID Connect response type. Must not be
null
.rm
- The response mode. Corresponds to the optional
response_mode
parameter. Use of this
parameter is not recommended unless a
non-default response mode is requested (e.g.
form_post).scope
- The request scope. Corresponds to the
scope
parameter. Must contain an
openid value
.
Must not be null
.clientID
- The client identifier. Corresponds to the
client_id
parameter. Must not be
null
.redirectURI
- The redirection URI. Corresponds to the
redirect_uri
parameter. Must not be
null
unless set by means of the
optional request_object
/
request_uri
parameter.state
- The state. Corresponds to the recommended
state
parameter. null
if not
specified.nonce
- The nonce. Corresponds to the nonce
parameter. May be null
for code flow.display
- The requested display type. Corresponds to the
optional display
parameter.
null
if not specified.prompt
- The requested prompt. Corresponds to the
optional prompt
parameter. null
if not specified.maxAge
- The required maximum authentication age, in
seconds. Corresponds to the optional
max_age
parameter. Zero if not
specified.uiLocales
- The preferred languages and scripts for the
user interface. Corresponds to the optional
ui_locales
parameter. null
if
not specified.claimsLocales
- The preferred languages and scripts for claims
being returned. Corresponds to the optional
claims_locales
parameter. null
if not specified.idTokenHint
- The ID Token hint. Corresponds to the optional
id_token_hint
parameter. null
if not specified.loginHint
- The login hint. Corresponds to the optional
login_hint
parameter. null
if
not specified.acrValues
- The requested Authentication Context Class
Reference values. Corresponds to the optional
acr_values
parameter. null
if
not specified.claims
- The individual claims to be returned.
Corresponds to the optional claims
parameter. null
if not specified.requestObject
- The request object. Corresponds to the optional
request
parameter. Must not be
specified together with a request object URI.
null
if not specified.requestURI
- The request object URI. Corresponds to the
optional request_uri
parameter. Must
not be specified together with a request
object. null
if not specified.public Nonce getNonce()
nonce
parameter.null
if not specified.public Display getDisplay()
display
parameter.null
if not specified.public Prompt getPrompt()
prompt
parameter.null
if not specified.public int getMaxAge()
max_age
parameter.public List<com.nimbusds.langtag.LangTag> getUILocales()
ui_locales
parameter.null
if not specified.public List<com.nimbusds.langtag.LangTag> getClaimsLocales()
claims_locales
parameter.null
if not specified.public com.nimbusds.jwt.JWT getIDTokenHint()
id_token_hint
parameter.null
if not specified.public String getLoginHint()
login_hint
parameter.null
if not specified.public List<ACR> getACRValues()
acr_values
parameter.null
if not specified.public ClaimsRequest getClaims()
claims
parameter.null
if not
specified.public com.nimbusds.jwt.JWT getRequestObject()
request
parameter.null
if not specified.public URI getRequestURI()
request_uri
parameter.null
if not specified.public boolean specifiesRequestObject()
true
if this authentication request specifies an
OpenID Connect request object (directly through the request
parameter or by reference through the request_uri
parameter).true
if a request object is specified, else
false
.public Map<String,String> toParameters()
AuthorizationRequest
Example parameters:
response_type = code client_id = s6BhdRkqt3 state = xyz redirect_uri = https://client.example.com/cb
toParameters
in class AuthorizationRequest
public static AuthenticationRequest parse(Map<String,String> params) throws ParseException
Example parameters:
response_type = token id_token client_id = s6BhdRkqt3 redirect_uri = https://client.example.com/cb scope = openid profile state = af0ifjsldkj nonce = -0S6_WzA2Mj
params
- The parameters. Must not be null
.ParseException
- If the parameters couldn't be parsed to an
OpenID Connect authentication request.public static AuthenticationRequest parse(URI uri, Map<String,String> params) throws ParseException
Example parameters:
response_type = token id_token client_id = s6BhdRkqt3 redirect_uri = https://client.example.com/cb scope = openid profile state = af0ifjsldkj nonce = -0S6_WzA2Mj
uri
- The URI of the OAuth 2.0 authorisation endpoint. May
be null
if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method)
method
will not be used.params
- The parameters. Must not be null
.ParseException
- If the parameters couldn't be parsed to an
OpenID Connect authentication request.public static AuthenticationRequest parse(String query) throws ParseException
Example URI query string:
response_type=token%20id_token &client_id=s6BhdRkqt3 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb &scope=openid%20profile &state=af0ifjsldkj &nonce=n-0S6_WzA2Mj
query
- The URI query string. Must not be null
.ParseException
- If the query string couldn't be parsed to an
OpenID Connect authentication request.public static AuthenticationRequest parse(URI uri, String query) throws ParseException
Example URI query string:
response_type=token%20id_token &client_id=s6BhdRkqt3 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb &scope=openid%20profile &state=af0ifjsldkj &nonce=n-0S6_WzA2Mj
uri
- The URI of the OAuth 2.0 authorisation endpoint. May be
null
if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method)
method will
not be used.query
- The URI query string. Must not be null
.ParseException
- If the query string couldn't be parsed to an
OpenID Connect authentication request.public static AuthenticationRequest parse(URI uri) throws ParseException
Example URI:
https://server.example.com/authorize? response_type=token%20id_token &client_id=s6BhdRkqt3 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb &scope=openid%20profile &state=af0ifjsldkj &nonce=n-0S6_WzA2Mj
uri
- The URI. Must not be null
.ParseException
- If the query string couldn't be parsed to an
OpenID Connect authentication request.public static AuthenticationRequest parse(HTTPRequest httpRequest) throws ParseException
Example HTTP request (GET):
https://server.example.com/op/authorize? response_type=code%20id_token &client_id=s6BhdRkqt3 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb &scope=openid &nonce=n-0S6_WzA2Mj &state=af0ifjsldkj
httpRequest
- The HTTP request. Must not be null
.ParseException
- If the HTTP request couldn't be parsed to an
OpenID Connect authentication request.Copyright © 2015 Connect2id Ltd.. All Rights Reserved.