public class OIDCProviderMetadata extends AuthorizationServerMetadata
Related specifications:
Constructor | Description |
---|---|
OIDCProviderMetadata(Issuer issuer,
List<SubjectType> subjectTypes,
URI jwkSetURI) |
Creates a new OpenID Connect provider metadata instance.
|
Modifier and Type | Method | Description |
---|---|---|
void |
applyDefaults() |
Applies the OpenID Provider metadata defaults where no values have
been specified.
|
List<ACR> |
getACRs() |
Gets the supported Authentication Context Class References (ACRs).
|
URI |
getCheckSessionIframeURI() |
Gets the cross-origin check session iframe URI.
|
List<String> |
getClaims() |
Gets the supported claims names.
|
List<com.nimbusds.langtag.LangTag> |
getClaimsLocales() |
Gets the supported claims locales.
|
List<ClaimType> |
getClaimTypes() |
Gets the supported claim types.
|
List<Display> |
getDisplays() |
Gets the supported displays.
|
URI |
getEndSessionEndpointURI() |
Gets the logout endpoint URI.
|
List<com.nimbusds.jose.JWEAlgorithm> |
getIDTokenJWEAlgs() |
Gets the supported JWE algorithms for ID tokens.
|
List<com.nimbusds.jose.EncryptionMethod> |
getIDTokenJWEEncs() |
Gets the supported encryption methods for ID tokens.
|
List<com.nimbusds.jose.JWSAlgorithm> |
getIDTokenJWSAlgs() |
Gets the supported JWS algorithms for ID tokens.
|
static Set<String> |
getRegisteredParameterNames() |
Gets the registered OpenID Connect provider metadata parameter
names.
|
List<SubjectType> |
getSubjectTypes() |
Gets the supported subject types.
|
URI |
getUserInfoEndpointURI() |
Gets the UserInfo endpoint URI.
|
List<com.nimbusds.jose.JWEAlgorithm> |
getUserInfoJWEAlgs() |
Gets the supported JWE algorithms for UserInfo JWTs.
|
List<com.nimbusds.jose.EncryptionMethod> |
getUserInfoJWEEncs() |
Gets the supported encryption methods for UserInfo JWTs.
|
List<com.nimbusds.jose.JWSAlgorithm> |
getUserInfoJWSAlgs() |
Gets the supported JWS algorithms for UserInfo JWTs.
|
static OIDCProviderMetadata |
parse(String s) |
Parses an OpenID Provider metadata from the specified JSON object
string.
|
static OIDCProviderMetadata |
parse(net.minidev.json.JSONObject jsonObject) |
Parses an OpenID Provider metadata from the specified JSON object.
|
static OIDCProviderMetadata |
resolve(Issuer issuer) |
Resolves OpenID Provider metadata from the specified issuer
identifier.
|
static OIDCProviderMetadata |
resolve(Issuer issuer,
int connectTimeout,
int readTimeout) |
Resolves OpenID Provider metadata from the specified issuer
identifier.
|
void |
setACRs(List<ACR> acrValues) |
Sets the supported Authentication Context Class References (ACRs).
|
void |
setCheckSessionIframeURI(URI checkSessionIframe) |
Sets the cross-origin check session iframe URI.
|
void |
setClaimLocales(List<com.nimbusds.langtag.LangTag> claimsLocales) |
Sets the supported claims locales.
|
void |
setClaims(List<String> claims) |
Sets the supported claims names.
|
void |
setClaimTypes(List<ClaimType> claimTypes) |
Sets the supported claim types.
|
void |
setDisplays(List<Display> displays) |
Sets the supported displays.
|
void |
setEndSessionEndpointURI(URI endSessionEndpoint) |
Sets the logout endpoint URI.
|
void |
setIDTokenJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> idTokenJWEAlgs) |
Sets the supported JWE algorithms for ID tokens.
|
void |
setIDTokenJWEEncs(List<com.nimbusds.jose.EncryptionMethod> idTokenJWEEncs) |
Sets the supported encryption methods for ID tokens.
|
void |
setIDTokenJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> idTokenJWSAlgs) |
Sets the supported JWS algorithms for ID tokens.
|
void |
setSupportsBackChannelLogout(boolean backChannelLogoutSupported) |
Sets the support for back-channel logout.
|
void |
setSupportsBackChannelLogoutSession(boolean backChannelLogoutSessionSupported) |
Sets the support for back-channel logout with a session ID.
|
void |
setSupportsClaimsParams(boolean claimsParamSupported) |
Sets the support for the
claims authorisation request
parameter. |
void |
setSupportsFrontChannelLogout(boolean frontChannelLogoutSupported) |
Sets the support for front-channel logout.
|
void |
setSupportsFrontChannelLogoutSession(boolean frontChannelLogoutSessionSupported) |
Sets the support for front-channel logout with a session ID.
|
void |
setUserInfoEndpointURI(URI userInfoEndpoint) |
Sets the UserInfo endpoint URI.
|
void |
setUserInfoJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> userInfoJWEAlgs) |
Sets the supported JWE algorithms for UserInfo JWTs.
|
void |
setUserInfoJWEEncs(List<com.nimbusds.jose.EncryptionMethod> userInfoJWEEncs) |
Sets the supported encryption methods for UserInfo JWTs.
|
void |
setUserInfoJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> userInfoJWSAlgs) |
Sets the supported JWS algorithms for UserInfo JWTs.
|
boolean |
supportsBackChannelLogout() |
Gets the support for back-channel logout.
|
boolean |
supportsBackChannelLogoutSession() |
Gets the support for back-channel logout with a session ID.
|
boolean |
supportsClaimsParam() |
Gets the support for the
claims authorisation request
parameter. |
boolean |
supportsFrontChannelLogout() |
Gets the support for front-channel logout.
|
boolean |
supportsFrontChannelLogoutSession() |
Gets the support for front-channel logout with a session ID.
|
net.minidev.json.JSONObject |
toJSONObject() |
Returns the JSON object representation of this OpenID Connect
provider metadata.
|
getAuthorizationEndpointURI, getCodeChallengeMethods, getCustomParameter, getCustomParameters, getCustomURIParameter, getGrantTypes, getIntrospectionEndpointAuthMethods, getIntrospectionEndpointJWSAlgs, getIntrospectionEndpointURI, getIssuer, getJWKSetURI, getPolicyURI, getRegistrationEndpointURI, getRequestObjectJWEAlgs, getRequestObjectJWEEncs, getRequestObjectJWSAlgs, getResponseModes, getResponseTypes, getRevocationEndpointAuthMethods, getRevocationEndpointJWSAlgs, getRevocationEndpointURI, getScopes, getServiceDocsURI, getTermsOfServiceURI, getTokenEndpointAuthMethods, getTokenEndpointJWSAlgs, getTokenEndpointURI, getUILocales, requiresRequestURIRegistration, setAuthorizationEndpointURI, setCodeChallengeMethods, setCustomParameter, setGrantTypes, setIntrospectionEndpointAuthMethods, setIntrospectionEndpointJWSAlgs, setIntrospectionEndpointURI, setJWKSetURI, setPolicyURI, setRegistrationEndpointURI, setRequestObjectJWEAlgs, setRequestObjectJWEEncs, setRequestObjectJWSAlgs, setRequiresRequestURIRegistration, setResponseModes, setResponseTypes, setRevocationEndpointAuthMethods, setRevocationEndpointJWSAlgs, setRevocationEndpointURI, setScopes, setServiceDocsURI, setSupportsMutualTLSSenderConstrainedAccessTokens, setSupportsRequestParam, setSupportsRequestURIParam, setSupportsTLSClientCertificateBoundAccessTokens, setTermsOfServiceURI, setTokenEndpointAuthMethods, setTokenEndpointJWSAlgs, setTokenEndpointURI, setUILocales, supportsMutualTLSSenderConstrainedAccessTokens, supportsRequestParam, supportsRequestURIParam, supportsTLSClientCertificateBoundAccessTokens, toString
public OIDCProviderMetadata(Issuer issuer, List<SubjectType> subjectTypes, URI jwkSetURI)
issuer
- The issuer identifier. Must be an URI using the
https scheme with no query or fragment
component. Must not be null
.subjectTypes
- The supported subject types. At least one must
be specified. Must not be null
.jwkSetURI
- The JWK set URI. Must not be null
.public static Set<String> getRegisteredParameterNames()
public URI getUserInfoEndpointURI()
userinfo_endpoint
metadata field.null
if not specified.public void setUserInfoEndpointURI(URI userInfoEndpoint)
userinfo_endpoint
metadata field.userInfoEndpoint
- The UserInfo endpoint URI, null
if
not specified.public URI getCheckSessionIframeURI()
check_session_iframe
metadata field.null
if not specified.public void setCheckSessionIframeURI(URI checkSessionIframe)
check_session_iframe
metadata field.checkSessionIframe
- The check session iframe URI, null
if not specified.public URI getEndSessionEndpointURI()
end_session_endpoint
metadata field.null
if not specified.public void setEndSessionEndpointURI(URI endSessionEndpoint)
end_session_endpoint
metadata field.endSessionEndpoint
- The logoout endpoint URI, null
if
not specified.public List<ACR> getACRs()
acr_values_supported
metadata field.null
if not specified.public void setACRs(List<ACR> acrValues)
acr_values_supported
metadata field.acrValues
- The supported ACRs, null
if not specified.public List<SubjectType> getSubjectTypes()
subject_types_supported
metadata field.public List<com.nimbusds.jose.JWSAlgorithm> getIDTokenJWSAlgs()
id_token_signing_alg_values_supported
metadata field.null
if not specified.public void setIDTokenJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> idTokenJWSAlgs)
id_token_signing_alg_values_supported
metadata field.idTokenJWSAlgs
- The supported JWS algorithms, null
if
not specified.public List<com.nimbusds.jose.JWEAlgorithm> getIDTokenJWEAlgs()
id_token_encryption_alg_values_supported
metadata field.null
if not specified.public void setIDTokenJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> idTokenJWEAlgs)
id_token_encryption_alg_values_supported
metadata field.idTokenJWEAlgs
- The supported JWE algorithms, null
if
not specified.public List<com.nimbusds.jose.EncryptionMethod> getIDTokenJWEEncs()
id_token_encryption_enc_values_supported
metadata field.null
if not
specified.public void setIDTokenJWEEncs(List<com.nimbusds.jose.EncryptionMethod> idTokenJWEEncs)
id_token_encryption_enc_values_supported
metadata field.idTokenJWEEncs
- The supported encryption methods, null
if not specified.public List<com.nimbusds.jose.JWSAlgorithm> getUserInfoJWSAlgs()
userinfo_signing_alg_values_supported
metadata field.null
if not specified.public void setUserInfoJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> userInfoJWSAlgs)
userinfo_signing_alg_values_supported
metadata field.userInfoJWSAlgs
- The supported JWS algorithms, null
if
not specified.public List<com.nimbusds.jose.JWEAlgorithm> getUserInfoJWEAlgs()
userinfo_encryption_alg_values_supported
metadata field.null
if not specified.public void setUserInfoJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> userInfoJWEAlgs)
userinfo_encryption_alg_values_supported
metadata field.userInfoJWEAlgs
- The supported JWE algorithms, null
if
not specified.public List<com.nimbusds.jose.EncryptionMethod> getUserInfoJWEEncs()
userinfo_encryption_enc_values_supported
metadata
field.null
if not
specified.public void setUserInfoJWEEncs(List<com.nimbusds.jose.EncryptionMethod> userInfoJWEEncs)
userinfo_encryption_enc_values_supported
metadata
field.userInfoJWEEncs
- The supported encryption methods,
null
if not specified.public List<Display> getDisplays()
display_values_supported
metadata field.null
if not specified.public void setDisplays(List<Display> displays)
display_values_supported
metadata field.displays
- The supported displays, null
if not
specified.public List<ClaimType> getClaimTypes()
claim_types_supported
metadata field.null
if not specified.public void setClaimTypes(List<ClaimType> claimTypes)
claim_types_supported
metadata field.claimTypes
- The supported claim types, null
if not
specified.public List<String> getClaims()
claims_supported
metadata field.null
if not specified.public void setClaims(List<String> claims)
claims_supported
metadata field.claims
- The supported claims names, null
if not
specified.public List<com.nimbusds.langtag.LangTag> getClaimsLocales()
claims_locales_supported
metadata field.null
if not specified.public void setClaimLocales(List<com.nimbusds.langtag.LangTag> claimsLocales)
claims_locales_supported
metadata field.claimsLocales
- The supported claims locales, null
if
not specified.public boolean supportsClaimsParam()
claims
authorisation request
parameter. Corresponds to the claims_parameter_supported
metadata field.true
if the claim
parameter is supported,
else false
.public void setSupportsClaimsParams(boolean claimsParamSupported)
claims
authorisation request
parameter. Corresponds to the claims_parameter_supported
metadata field.claimsParamSupported
- true
if the claim
parameter is supported, else
false
.public boolean supportsFrontChannelLogout()
frontchannel_logout_supported
metadata field.true
if front-channel logout is supported, else
false
.public void setSupportsFrontChannelLogout(boolean frontChannelLogoutSupported)
frontchannel_logout_supported
metadata field.frontChannelLogoutSupported
- true
if front-channel
logout is supported, else
false
.public boolean supportsFrontChannelLogoutSession()
frontchannel_logout_session_supported
metadata field.true
if front-channel logout with a session ID is
supported, else false
.public void setSupportsFrontChannelLogoutSession(boolean frontChannelLogoutSessionSupported)
frontchannel_logout_session_supported
metadata field.frontChannelLogoutSessionSupported
- true
if
front-channel logout with
a session ID is supported,
else false
.public boolean supportsBackChannelLogout()
backchannel_logout_supported
metadata field.true
if back-channel logout is supported, else
false
.public void setSupportsBackChannelLogout(boolean backChannelLogoutSupported)
backchannel_logout_supported
metadata field.backChannelLogoutSupported
- true
if back-channel
logout is supported, else
false
.public boolean supportsBackChannelLogoutSession()
backchannel_logout_session_supported
metadata field.true
if back-channel logout with a session ID is
supported, else false
.public void setSupportsBackChannelLogoutSession(boolean backChannelLogoutSessionSupported)
backchannel_logout_session_supported
metadata field.backChannelLogoutSessionSupported
- true
if
back-channel logout with a
session ID is supported,
else false
.public void applyDefaults()
["query", "fragment"]
.
["authorization_code",
"implicit"]
.
["client_secret_basic"]
.
["normal]
.
applyDefaults
in class AuthorizationServerMetadata
public net.minidev.json.JSONObject toJSONObject()
toJSONObject
in class AuthorizationServerMetadata
public static OIDCProviderMetadata parse(net.minidev.json.JSONObject jsonObject) throws ParseException
jsonObject
- The JSON object to parse. Must not be
null
.ParseException
- If the JSON object couldn't be parsed to an
OpenID Provider metadata.public static OIDCProviderMetadata parse(String s) throws ParseException
s
- The JSON object sting to parse. Must not be null
.ParseException
- If the JSON object string couldn't be parsed
to an OpenID Provider metadata.public static OIDCProviderMetadata resolve(Issuer issuer) throws GeneralException, IOException
[issuer-url]/.well-known/openid-configuration
.issuer
- The OpenID Provider issuer identifier. Must represent
a valid HTTPS or HTTP URL. Must not be null
.GeneralException
- If the issuer identifier or the downloaded
metadata are invalid.IOException
- On a HTTP exception.public static OIDCProviderMetadata resolve(Issuer issuer, int connectTimeout, int readTimeout) throws GeneralException, IOException
[issuer-url]/.well-known/openid-configuration
, using the
specified HTTP timeouts.issuer
- The issuer identifier. Must represent a valid
HTTPS or HTTP URL. Must not be null
.connectTimeout
- The HTTP connect timeout, in milliseconds.
Zero implies no timeout. Must not be negative.readTimeout
- The HTTP response read timeout, in
milliseconds. Zero implies no timeout. Must
not be negative.GeneralException
- If the issuer identifier or the downloaded
metadata are invalid.IOException
- On a HTTP exception.Copyright © 2018 Connect2id Ltd.. All rights reserved.