001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.claims; 019 020 021import net.jcip.annotations.Immutable; 022 023import com.nimbusds.oauth2.sdk.id.Identifier; 024 025 026/** 027 * Authentication Method Reference ({@code amr}). It identifies the method 028 * used in authentication. 029 * 030 * <p>The AMR is represented by a string or an URI string. 031 * 032 * <p>Related specifications: 033 * 034 * <ul> 035 * <li>RFC 8176. 036 * <li>OpenID Connect Core 1.0, section 2. 037 * </ul> 038 */ 039@Immutable 040public final class AMR extends Identifier { 041 042 043 /** 044 * Biometric authentication (RFC 4949) using facial recognition. 045 */ 046 public static final AMR FACE = new AMR("face"); 047 048 049 /** 050 * Biometric authentication (RFC 4949) using a fingerprint. 051 */ 052 public static final AMR FPT = new AMR("fpt"); 053 054 055 /** 056 * Use of geolocation information for authentication, such as that 057 * provided by W3C REC-geolocation-API-20161108. 058 */ 059 public static final AMR GEO = new AMR("geo"); 060 061 062 /** 063 * Proof-of-Possession (PoP) of a hardware-secured key. See Appendix C 064 * of RFC 4211 for a discussion on PoP. 065 */ 066 public static final AMR HWK = new AMR("hwk"); 067 068 069 /** 070 * Biometric authentication (RFC 4949) using an iris scan. 071 */ 072 public static final AMR IRIS = new AMR("iris"); 073 074 075 /** 076 * Retina scan biometric. 077 */ 078 @Deprecated 079 public static final AMR EYE = new AMR("eye"); 080 081 082 /** 083 * Knowledge-based authentication (NIST.800-63-2, ISO29115). 084 */ 085 public static final AMR KBA = new AMR("kba"); 086 087 088 /** 089 * Multiple-channel authentication (MCA). The authentication involves 090 * communication over more than one distinct communication channel. For 091 * instance, a multiple-channel authentication might involve both 092 * entering information into a workstation's browser and providing 093 * information on a telephone call to a pre-registered number. 094 */ 095 public static final AMR MCA = new AMR("mca"); 096 097 098 /** 099 * Multiple-factor authentication (NIST.800-63-2, ISO29115). When this 100 * is present, specific authentication methods used may also be 101 * included. 102 */ 103 public static final AMR MFA = new AMR("mfa"); 104 105 106 /** 107 * One-time password (RFC 4949). One-time password specifications that 108 * this authentication method applies to include RFC 4226 and RFC 6238. 109 */ 110 public static final AMR OTP = new AMR("otp"); 111 112 113 /** 114 * Personal Identification Number (PIN) (RFC 4949) or pattern (not 115 * restricted to containing only numbers) that a user enters to unlock 116 * a key on the device. This mechanism should have a way to deter an 117 * attacker from obtaining the PIN by trying repeated guesses. 118 */ 119 public static final AMR PIN = new AMR("pin"); 120 121 122 /** 123 * Proof-of-possession (PoP) of a key. See Appendix C of RFC 4211 for a 124 * discussion on PoP. 125 */ 126 @Deprecated 127 public static final AMR POP = new AMR("pop"); 128 129 130 /** 131 * Password-based authentication (RFC 4949). 132 */ 133 public static final AMR PWD = new AMR("pwd"); 134 135 136 /** 137 * Risk-based authentication (Williamson, G., "Enhanced Authentication 138 * In Online Banking", Journal of Economic Crime Management 4.2: 18-19, 139 * 2006). 140 */ 141 public static final AMR RBA = new AMR("rba"); 142 143 144 /** 145 * Smart card (RFC 4949). 146 */ 147 public static final AMR SC = new AMR("sc"); 148 149 150 /** 151 * Confirmation using SMS text message to the user at a registered 152 * number. 153 */ 154 public static final AMR SMS = new AMR("sms"); 155 156 157 /** 158 * Proof-of-Possession (PoP) of a software-secured key. See Appendix C 159 * of RFC 4211 for a discussion on PoP. 160 */ 161 public static final AMR SWK = new AMR("swk"); 162 163 164 /** 165 * Confirmation by telephone call to the user at a registered number. 166 * This authentication technique is sometimes also referred to as 167 * "call back" (RFC 4949). 168 */ 169 public static final AMR TEL = new AMR("tel"); 170 171 172 /** 173 * User presence test. Evidence that the end user is present and 174 * interacting with the device. This is sometimes also referred to as 175 * "test of user presence" (W3C WD-webauthn-20170216). 176 */ 177 public static final AMR USER = new AMR("user"); 178 179 180 /** 181 * Biometric authentication (RFC 4949) using a voiceprint. 182 */ 183 public static final AMR VBM = new AMR("vbm"); 184 185 186 /** 187 * Windows integrated authentication (Microsoft, "Integrated Windows 188 * Authentication with Negotiate", September 2011). 189 */ 190 public static final AMR WIA = new AMR("wia"); 191 192 193 194 /** 195 * Creates a new Authentication Method Reference (AMR) with the 196 * specified value. 197 * 198 * @param value The AMR value. Must not be {@code null}. 199 */ 200 public AMR(final String value) { 201 202 super(value); 203 } 204 205 206 @Override 207 public boolean equals(final Object object) { 208 209 return object instanceof AMR && 210 this.toString().equals(object.toString()); 211 } 212}