com.nimbusds.openid.connect.sdk.claims

Class IDTokenClaimsSet

java.lang.Object

com.nimbusds.openid.connect.sdk.claims.ClaimsSet

com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet

public class IDTokenClaimsSet
extends ClaimsSet

ID token claims set, serialisable to a JSON object.

Example ID token claims set:

 {
   "iss"       : "https://server.example.com",
   "sub"       : "24400320",
   "aud"       : "s6BhdRkqt3",
   "nonce"     : "n-0S6_WzA2Mj",
   "exp"       : 1311281970,
   "iat"       : 1311280970,
   "auth_time" : 1311280969,
   "acr"       : "urn:mace:incommon:iap:silver",
   "at_hash"   : "MTIzNDU2Nzg5MDEyMzQ1Ng"
 }
 

Related specifications:

• OpenID Connect Core 1.0, section 2.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ACR_CLAIM_NAME The ACR claim name.
static String	AMR_CLAIM_NAME The AMRs claim name.
static String	AT_HASH_CLAIM_NAME The access token hash claim name.
static String	AUD_CLAIM_NAME The audience claim name.
static String	AUTH_TIME_CLAIM_NAME The subject authentication time claim name.
static String	AZP_CLAIM_NAME The authorised party claim name.
static String	C_HASH_CLAIM_NAME The authorisation code hash claim name.
static String	EXP_CLAIM_NAME The expiration time claim name.
static String	IAT_CLAIM_NAME The issue time claim name.
static String	ISS_CLAIM_NAME The issuer claim name.
static String	NONCE_CLAIM_NAME The nonce claim name.
static String	SUB_CLAIM_NAME The subject claim name.
static String	SUB_JWK_CLAIM_NAME The subject JWK claim name.

Constructor Summary

Constructors

Constructor and Description
IDTokenClaimsSet(Issuer iss, Subject sub, List<Audience> aud, Date exp, Date iat) Creates a new minimal ID token claims set.
IDTokenClaimsSet(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet) Creates a new ID token claims set from the specified JSON Web Token (JWT) claims set.

Method Summary

Methods

Modifier and Type	Method and Description
AccessTokenHash	getAccessTokenHash() Gets the access token hash.
ACR	getACR() Gets the Authentication Context Class Reference (ACR).
List<AMR>	getAMR() Gets the Authentication Methods References (AMRs).
List<Audience>	getAudience() Gets the ID token audience.
Date	getAuthenticationTime() Gets the subject authentication time.
AuthorizedParty	getAuthorizedParty() Gets the authorised party for the ID token.
CodeHash	getCodeHash() Gets the authorisation code hash.
Date	getExpirationTime() Gets the ID token expiration time.
Issuer	getIssuer() Gets the ID token issuer.
Date	getIssueTime() Gets the ID token issue time.
Nonce	getNonce() Gets the ID token nonce.
static Set<String>	getStandardClaimNames() Gets the names of the standard top-level ID token claims.
Subject	getSubject() Gets the ID token subject.
com.nimbusds.jose.jwk.JWK	getSubjectJWK() Gets the subject's JSON Web Key (JWK) for a self-issued OpenID Connect provider.
boolean	hasRequiredClaims(ResponseType responseType) Deprecated.
boolean	hasRequiredClaims(ResponseType responseType, boolean iatAuthzEndpoint) Checks if this ID token claims set contains all required claims for the specified OpenID Connect response type.
static IDTokenClaimsSet	parse(String json) Parses an ID token claims set from the specified JSON object string.
void	setAccessTokenHash(AccessTokenHash atHash) Sets the access token hash.
void	setACR(ACR acr) Sets the Authentication Context Class Reference (ACR).
void	setAMR(List<AMR> amr) Sets the Authentication Methods References (AMRs).
void	setAuthenticationTime(Date authTime) Sets the subject authentication time.
void	setAuthorizedParty(AuthorizedParty azp) Sets the authorised party for the ID token.
void	setCodeHash(CodeHash cHash) Sets the authorisation code hash.
void	setNonce(Nonce nonce) Sets the ID token nonce.
void	setSubjectJWK(com.nimbusds.jose.jwk.JWK subJWK) Sets the subject's JSON Web Key (JWK) for a self-issued OpenID Connect provider.

Methods inherited from class com.nimbusds.openid.connect.sdk.claims.ClaimsSet

getBooleanClaim, getClaim, getClaim, getDateClaim, getEmailClaim, getLangTaggedClaim, getNumberClaim, getStringClaim, getStringClaim, getStringListClaim, getURIClaim, getURLClaim, putAll, putAll, setClaim, setClaim, setDateClaim, setEmailClaim, setURIClaim, setURLClaim, toJSONObject, toJWTClaimsSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ISS_CLAIM_NAME

public static final String ISS_CLAIM_NAME

The issuer claim name.

See Also:

Constant Field Values

SUB_CLAIM_NAME

public static final String SUB_CLAIM_NAME

The subject claim name.

See Also:

Constant Field Values

AUD_CLAIM_NAME

public static final String AUD_CLAIM_NAME

The audience claim name.

See Also:

Constant Field Values

EXP_CLAIM_NAME

public static final String EXP_CLAIM_NAME

The expiration time claim name.

See Also:

Constant Field Values

IAT_CLAIM_NAME

public static final String IAT_CLAIM_NAME

The issue time claim name.

See Also:

Constant Field Values

AUTH_TIME_CLAIM_NAME

public static final String AUTH_TIME_CLAIM_NAME

The subject authentication time claim name.

See Also:

Constant Field Values

NONCE_CLAIM_NAME

public static final String NONCE_CLAIM_NAME

The nonce claim name.

See Also:

Constant Field Values

AT_HASH_CLAIM_NAME

public static final String AT_HASH_CLAIM_NAME

The access token hash claim name.

See Also:

Constant Field Values

C_HASH_CLAIM_NAME

public static final String C_HASH_CLAIM_NAME

The authorisation code hash claim name.

See Also:

Constant Field Values

ACR_CLAIM_NAME

public static final String ACR_CLAIM_NAME

The ACR claim name.

See Also:

Constant Field Values

AMR_CLAIM_NAME

public static final String AMR_CLAIM_NAME

The AMRs claim name.

See Also:

Constant Field Values

AZP_CLAIM_NAME

public static final String AZP_CLAIM_NAME

The authorised party claim name.

See Also:

Constant Field Values

SUB_JWK_CLAIM_NAME

public static final String SUB_JWK_CLAIM_NAME

The subject JWK claim name.

See Also:

Constant Field Values

Constructor Detail

IDTokenClaimsSet

public IDTokenClaimsSet(Issuer iss,
                Subject sub,
                List<Audience> aud,
                Date exp,
                Date iat)

Creates a new minimal ID token claims set. Note that the ID token may require additional claims to be present depending on the original OpenID Connect authorisation request.

Parameters:

iss - The issuer. Must not be null.

sub - The subject. Must not be null.

aud - The audience. Must not be null.

exp - The expiration time. Must not be null.

iat - The issue time. Must not be null.

IDTokenClaimsSet

public IDTokenClaimsSet(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet)
                 throws ParseException

Creates a new ID token claims set from the specified JSON Web Token (JWT) claims set.

Parameters:

jwtClaimsSet - The JWT claims set. Must not be null.

Throws:

ParseException - If the JSON object doesn't contain the minimally required issuer iss, subject sub, audience list aud, expiration date exp and issue date iat claims.

Method Detail

getStandardClaimNames

public static Set<String> getStandardClaimNames()

Gets the names of the standard top-level ID token claims.

Returns:

The names of the standard top-level ID token claims (read-only set).

hasRequiredClaims

public boolean hasRequiredClaims(ResponseType responseType,
                        boolean iatAuthzEndpoint)

Checks if this ID token claims set contains all required claims for the specified OpenID Connect response type.

Parameters:

responseType - The OpenID Connect response type. Must not be null.

iatAuthzEndpoint - Specifies the endpoint where the ID token was issued (required for hybrid flow). true if the ID token was issued at the authorisation endpoint, false if the ID token was issued at the token endpoint.

Returns:

true if the required claims are contained, else false.

hasRequiredClaims

@Deprecated
public boolean hasRequiredClaims(ResponseType responseType)

Deprecated.

Use hasRequiredClaims(ResponseType, boolean) instead.

Parameters:

responseType - The OpenID Connect response type. Must not be null.

Returns:

true if the required claims are contained, else false.

getIssuer

public Issuer getIssuer()

Gets the ID token issuer. Corresponds to the iss claim.

Returns:

The issuer.

getSubject

public Subject getSubject()

Gets the ID token subject. Corresponds to the sub claim.

Returns:

The subject.

getAudience

public List<Audience> getAudience()

Gets the ID token audience. Corresponds to the aud claim.

Returns:

The audience.

getExpirationTime

public Date getExpirationTime()

Gets the ID token expiration time. Corresponds to the exp claim.

Returns:

The expiration time.

getIssueTime

public Date getIssueTime()

Gets the ID token issue time. Corresponds to the iss claim.

Returns:

The issue time.

getAuthenticationTime

public Date getAuthenticationTime()

Gets the subject authentication time. Corresponds to the auth_time claim.

Returns:

The authentication time, null if not specified or parsing failed.

setAuthenticationTime

public void setAuthenticationTime(Date authTime)

Sets the subject authentication time. Corresponds to the auth_time claim.

Parameters:

authTime - The authentication time, null if not specified.

getNonce

public Nonce getNonce()

Gets the ID token nonce. Corresponds to the nonce claim.

Returns:

The nonce, null if not specified or parsing failed.

setNonce

public void setNonce(Nonce nonce)

Sets the ID token nonce. Corresponds to the nonce claim.

Parameters:

nonce - The nonce, null if not specified.

getAccessTokenHash

public AccessTokenHash getAccessTokenHash()

Gets the access token hash. Corresponds to the at_hash claim.

Returns:

The access token hash, null if not specified or parsing failed.

setAccessTokenHash

public void setAccessTokenHash(AccessTokenHash atHash)

Sets the access token hash. Corresponds to the at_hash claim.

Parameters:

atHash - The access token hash, null if not specified.

getCodeHash

public CodeHash getCodeHash()

Gets the authorisation code hash. Corresponds to the c_hash claim.

Returns:

The authorisation code hash, null if not specified or parsing failed.

setCodeHash

public void setCodeHash(CodeHash cHash)

Sets the authorisation code hash. Corresponds to the c_hash claim.

Parameters:

cHash - The authorisation code hash, null if not specified.

getACR

public ACR getACR()

Gets the Authentication Context Class Reference (ACR). Corresponds to the acr claim.

Returns:

The Authentication Context Class Reference (ACR), null if not specified or parsing failed.

setACR

public void setACR(ACR acr)

Sets the Authentication Context Class Reference (ACR). Corresponds to the acr claim.

Parameters:

acr - The Authentication Context Class Reference (ACR), null if not specified.

getAMR

public List<AMR> getAMR()

Gets the Authentication Methods References (AMRs). Corresponds to the amr claim.

Returns:

The Authentication Methods Reference (AMR) list, null if not specified or parsing failed.

setAMR

public void setAMR(List<AMR> amr)

Sets the Authentication Methods References (AMRs). Corresponds to the amr claim.

Parameters:

amr - The Authentication Methods Reference (AMR) list, null if not specified.

getAuthorizedParty

public AuthorizedParty getAuthorizedParty()

Gets the authorised party for the ID token. Corresponds to the azp claim.

Returns:

The authorised party, null if not specified or parsing failed.

setAuthorizedParty

public void setAuthorizedParty(AuthorizedParty azp)

Sets the authorised party for the ID token. Corresponds to the azp claim.

Parameters:

azp - The authorised party, null if not specified.

getSubjectJWK

public com.nimbusds.jose.jwk.JWK getSubjectJWK()

Gets the subject's JSON Web Key (JWK) for a self-issued OpenID Connect provider. Corresponds to the sub_jwk claim.

Returns:

The subject's JWK, null if not specified or parsing failed.

setSubjectJWK

public void setSubjectJWK(com.nimbusds.jose.jwk.JWK subJWK)

Sets the subject's JSON Web Key (JWK) for a self-issued OpenID Connect provider. Corresponds to the sub_jwk claim.

Parameters:

subJWK - The subject's JWK (must be public), null if not specified.

parse

public static IDTokenClaimsSet parse(String json)
                              throws ParseException

Parses an ID token claims set from the specified JSON object string.

Parameters:

json - The JSON object string to parse. Must not be null.

Returns:

The ID token claims set.

Throws:

ParseException - If parsing failed.