001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.auth; 019 020 021import net.jcip.annotations.Immutable; 022 023import com.nimbusds.oauth2.sdk.id.Identifier; 024 025 026/** 027 * Client authentication method at the Token endpoint. 028 * 029 * <p>Constants are provided for four client authentication methods: 030 * 031 * <ul> 032 * <li>{@link #CLIENT_SECRET_BASIC} (default) 033 * <li>{@link #CLIENT_SECRET_POST} 034 * <li>{@link #CLIENT_SECRET_JWT} 035 * <li>{@link #PRIVATE_KEY_JWT} 036 * <li>{@link #NONE} 037 * </ul> 038 * 039 * <p>Use the constructor to define a custom client authentication method. 040 * 041 * <p>Related specifications: 042 * 043 * <ul> 044 * <li>OAuth 2.0 (RFC 6749), section 2.3. 045 * <li>OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591), section 046 * 2. 047 * </ul> 048 */ 049@Immutable 050public final class ClientAuthenticationMethod extends Identifier { 051 052 053 /** 054 * Clients that have received a client secret from the authorisation 055 * server authenticate with the authorisation server in accordance with 056 * section 3.2.1 of OAuth 2.0 using HTTP Basic authentication. This is 057 * the default if no method has been registered for the client. 058 */ 059 public static final ClientAuthenticationMethod CLIENT_SECRET_BASIC = 060 new ClientAuthenticationMethod("client_secret_basic"); 061 062 063 /** 064 * Clients that have received a client secret from the authorisation 065 * server authenticate with the authorisation server in accordance with 066 * section 3.2.1 of OAuth 2.0 by including the client credentials in 067 * the request body. 068 */ 069 public static final ClientAuthenticationMethod CLIENT_SECRET_POST = 070 new ClientAuthenticationMethod("client_secret_post"); 071 072 073 /** 074 * Clients that have received a client secret from the authorisation 075 * server, create a JWT using an HMAC SHA algorithm, such as HMAC 076 * SHA-256. The HMAC (Hash-based Message Authentication Code) is 077 * calculated using the value of client secret as the shared key. The 078 * client authenticates in accordance with section 2.2 of (JWT) Bearer 079 * Token Profiles and OAuth 2.0 Assertion Profile. 080 */ 081 public static final ClientAuthenticationMethod CLIENT_SECRET_JWT = 082 new ClientAuthenticationMethod("client_secret_jwt"); 083 084 085 /** 086 * Clients that have registered a public key sign a JWT using the RSA 087 * algorithm if a RSA key was registered or the ECDSA algorithm if an 088 * Elliptic Curve key was registered (see JWA for the algorithm 089 * identifiers). The client authenticates in accordance with section 090 * 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile. 091 */ 092 public static final ClientAuthenticationMethod PRIVATE_KEY_JWT = 093 new ClientAuthenticationMethod("private_key_jwt"); 094 095 096 /** 097 * The client is a public client as defined in OAuth 2.0 and does not 098 * have a client secret. 099 */ 100 public static final ClientAuthenticationMethod NONE = 101 new ClientAuthenticationMethod("none"); 102 103 104 /** 105 * Gets the default client authentication method. 106 * 107 * @return {@link #CLIENT_SECRET_BASIC} 108 */ 109 public static ClientAuthenticationMethod getDefault() { 110 111 return CLIENT_SECRET_BASIC; 112 } 113 114 115 /** 116 * Creates a new client authentication method with the specified value. 117 * 118 * @param value The authentication method value. Must not be 119 * {@code null} or empty string. 120 */ 121 public ClientAuthenticationMethod(final String value) { 122 123 super(value); 124 } 125 126 127 /** 128 * Parses a client authentication method from the specified value. 129 * 130 * @param value The authentication method value. Must not be 131 * {@code null} or empty string. 132 * 133 * @return The client authentication method. 134 */ 135 public static ClientAuthenticationMethod parse(final String value) { 136 137 if (value.equals(CLIENT_SECRET_BASIC.getValue())) { 138 return CLIENT_SECRET_BASIC; 139 } else if (value.equals(CLIENT_SECRET_POST.getValue())) { 140 return CLIENT_SECRET_POST; 141 } else if (value.equals(CLIENT_SECRET_JWT.getValue())) { 142 return CLIENT_SECRET_JWT; 143 } else if (value.equals(PRIVATE_KEY_JWT.getValue())) { 144 return PRIVATE_KEY_JWT; 145 } else if (value.equals(NONE.getValue())) { 146 return NONE; 147 } else { 148 return new ClientAuthenticationMethod(value); 149 } 150 } 151 152 153 @Override 154 public boolean equals(final Object object) { 155 156 return object instanceof ClientAuthenticationMethod && 157 this.toString().equals(object.toString()); 158 } 159}