001package com.nimbusds.openid.connect.sdk.claims; 002 003 004import net.jcip.annotations.Immutable; 005 006import com.nimbusds.jose.JWSAlgorithm; 007 008import com.nimbusds.oauth2.sdk.ResponseType; 009import com.nimbusds.oauth2.sdk.token.AccessToken; 010 011 012/** 013 * Access token hash ({@code at_hash}). 014 * 015 * <p>Related specifications: 016 * 017 * <ul> 018 * <li>OpenID Connect Core 1.0, section 3.1.3.6. 019 * </ul> 020 */ 021@Immutable 022public final class AccessTokenHash extends HashClaim { 023 024 025 /** 026 * Checks if an access token hash claim must be included in ID tokens 027 * for the specified response type. 028 * 029 * @param responseType The OpenID Connect response type. Must not be 030 * {@code null}. 031 * 032 * @return {@code true} if the access token hash is required, else 033 * {@code false}. 034 */ 035 public static boolean isRequiredInIDTokenClaims(final ResponseType responseType) { 036 037 // Only required in implicit flow for 'token id_token' and 038 // hybrid flow for 'code id_token token' 039 // Disregard authz / token endpoint! 040 return new ResponseType("token", "id_token").equals(responseType) || 041 new ResponseType("code", "id_token", "token").equals(responseType); 042 043 } 044 045 046 /** 047 * Creates a new access token hash with the specified value. 048 * 049 * @param value The access token hash value. Must not be {@code null}. 050 */ 051 public AccessTokenHash(final String value) { 052 053 super(value); 054 } 055 056 057 /** 058 * Computes the hash for the specified access token and reference JSON 059 * Web Signature (JWS) algorithm. 060 * 061 * @param accessToken The access token. Must not be {@code null}. 062 * @param alg The reference JWS algorithm. Must not be 063 * {@code null}. 064 * 065 * @return The access token hash, or {@code null} if the JWS algorithm 066 * is not supported. 067 */ 068 public static AccessTokenHash compute(final AccessToken accessToken, final JWSAlgorithm alg) { 069 070 String value = computeValue(accessToken, alg); 071 072 if (value == null) 073 return null; 074 075 return new AccessTokenHash(value); 076 } 077 078 079 @Override 080 public boolean equals(final Object object) { 081 082 return object instanceof AccessTokenHash && 083 this.toString().equals(object.toString()); 084 } 085}