Source code

001package com.nimbusds.oauth2.sdk;
002
003
004import java.util.Arrays;
005import java.util.Collections;
006import java.util.HashSet;
007import java.util.Set;
008
009import net.jcip.annotations.Immutable;
010
011import com.nimbusds.oauth2.sdk.id.Identifier;
012
013
014/**
015 * Authorisation grant type.
016 */
017@Immutable
018public final class GrantType extends Identifier {
019
020        
021        /**
022         * Authorisation code. Client authentication required only for
023         * confidential clients.
024         */
025        public static final GrantType AUTHORIZATION_CODE = new GrantType("authorization_code", false, true, new HashSet<>(Arrays.asList("code", "redirect_uri", "code_verifier")));
026
027
028        /**
029         * Implicit. Client authentication is not performed (except for signed
030         * OpenID Connect authentication requests).
031         */
032        public static final GrantType IMPLICIT = new GrantType("implicit", false, true, Collections.<String>emptySet());
033        
034        
035        /**
036         * Refresh token. Client authentication required only for confidential
037         * clients.
038         */
039        public static final GrantType REFRESH_TOKEN = new GrantType("refresh_token", false, false, Collections.singleton("refresh_token"));
040
041
042        /**
043         * Password. Client authentication required only for confidential
044         * clients.
045         */
046        public static final GrantType PASSWORD = new GrantType("password", false, false, new HashSet<>(Arrays.asList("username", "password")));
047
048
049        /**
050         * Client credentials. Client authentication is required.
051         */
052        public static final GrantType CLIENT_CREDENTIALS = new GrantType("client_credentials", true, true, Collections.<String>emptySet());
053
054
055        /**
056         * JWT bearer, as defined in RFC 7523. Explicit client authentication
057         * is optional.
058         */
059        public static final GrantType JWT_BEARER = new GrantType("urn:ietf:params:oauth:grant-type:jwt-bearer", false, false, Collections.singleton("assertion"));
060
061
062        /**
063         * SAML 2.0 bearer, as defined in RFC 7522. Explicit client
064         * authentication is optional.
065         */
066        public static final GrantType SAML2_BEARER = new GrantType("urn:ietf:params:oauth:grant-type:saml2-bearer", false, false, Collections.singleton("assertion"));
067
068
069        /**
070         * The client authentication requirement for this grant type.
071         */
072        private final boolean requiresClientAuth;
073
074
075        /**
076         * The client identifier requirement for this grant type.
077         */
078        private final boolean requiresClientID;
079
080
081        /**
082         * The names of the token request parameters specific to this grant
083         * type.
084         */
085        private final Set<String> requestParamNames;
086
087
088        /**
089         * Creates a new OAuth 2.0 authorisation grant type with the specified
090         * value. The client authentication requirement is set to
091         * {@code false}. So is the client identifier requirement.
092         *
093         * @param value The authorisation grant type value. Must not be
094         *              {@code null} or empty string.
095         */
096        public GrantType(final String value) {
097
098                this(value, false, false, Collections.<String>emptySet());
099        }
100
101
102        /**
103         * Creates a new OAuth 2.0 authorisation grant type with the specified
104         * value.
105         *
106         * @param value              The authorisation grant type value. Must
107         *                           not be {@code null} or empty string.
108         * @param requiresClientAuth The client authentication requirement.
109         * @param requiresClientID   The client identifier requirement.
110         * @param requestParamNames  The names of the token request parameters
111         *                           specific to this grant type, empty set or
112         *                           {@code null} if none.
113         */
114        private GrantType(final String value,
115                          final boolean requiresClientAuth,
116                          final boolean requiresClientID,
117                          final Set<String> requestParamNames) {
118
119                super(value);
120                this.requiresClientAuth = requiresClientAuth;
121                this.requiresClientID = requiresClientID;
122                this.requestParamNames = requestParamNames == null ? Collections.<String>emptySet() : Collections.unmodifiableSet(requestParamNames);
123        }
124
125
126        /**
127         * Gets the client authentication requirement.
128         *
129         * @return {@code true} if explicit client authentication is always
130         *         required for this grant type, else {@code false}.
131         */
132        public boolean requiresClientAuthentication() {
133
134                return requiresClientAuth;
135        }
136
137
138        /**
139         * Gets the client identifier requirement.
140         *
141         * @return {@code true} if a client identifier must always be
142         *         communicated for this grant type (either as part of the
143         *         client authentication, or as a parameter in the token
144         *         request body), else {@code false}.
145         */
146        public boolean requiresClientID() {
147
148                return requiresClientID;
149        }
150
151
152        /**
153         * Gets the names of the token request parameters specific to this
154         * grant type.
155         *
156         * @return The parameter names, empty set if none.
157         */
158        public Set<String> getRequestParameterNames() {
159
160                return requestParamNames;
161        }
162
163
164        @Override
165        public boolean equals(final Object object) {
166        
167                return object instanceof GrantType && this.toString().equals(object.toString());
168        }
169
170
171        /**
172         * Parses a grant type from the specified string.
173         *
174         * @param value The string to parse.
175         *
176         * @return The grant type.
177         *
178         * @throws ParseException If string is {@code null}, blank or empty.
179         */
180        public static GrantType parse(final String value)
181                throws ParseException {
182
183                GrantType grantType;
184
185                try {
186                        grantType = new GrantType(value);
187
188                } catch (IllegalArgumentException e) {
189
190                        throw new ParseException(e.getMessage());
191                }
192
193                if (grantType.equals(GrantType.AUTHORIZATION_CODE)) {
194
195                        return GrantType.AUTHORIZATION_CODE;
196
197                } else if (grantType.equals(GrantType.IMPLICIT)) {
198
199                        return GrantType.IMPLICIT;
200
201                } else if (grantType.equals(GrantType.REFRESH_TOKEN)) {
202
203                        return GrantType.REFRESH_TOKEN;
204
205                } else if (grantType.equals(GrantType.PASSWORD)) {
206
207                        return GrantType.PASSWORD;
208
209                } else if (grantType.equals(GrantType.CLIENT_CREDENTIALS)) {
210
211                        return GrantType.CLIENT_CREDENTIALS;
212
213                } else if (grantType.equals(GrantType.JWT_BEARER)) {
214
215                        return GrantType.JWT_BEARER;
216
217                } else if (grantType.equals(GrantType.SAML2_BEARER)) {
218
219                        return GrantType.SAML2_BEARER;
220
221                } else {
222
223                        return grantType;
224                }
225        }
226}