Package com.nimbusds.oauth2.sdk.as
Class AuthorizationServerMetadata
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata
-
- Direct Known Subclasses:
OIDCProviderMetadata
public class AuthorizationServerMetadata extends Object
OAuth 2.0 Authorisation Server (AS) metadata.Related specifications:
- OAuth 2.0 Authorization Server Metadata (RFC 8414)
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (draft-ietf-oauth-mtls-12)
- Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
- Financial-grade API - Part 2: Read and Write API Security Profile
- OAuth 2.0 Device Flow for Browserless and Input Constrained Devices (draft-ietf-oauth-device-flow-14)
-
-
Constructor Summary
Constructors Constructor Description AuthorizationServerMetadata(Issuer issuer)
Creates a new OAuth 2.0 Authorisation Server (AS) metadata instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
applyDefaults()
Applies the OAuth 2.0 Authorisation Server metadata defaults where no values have been specified.URI
getAuthorizationEndpointURI()
Gets the authorisation endpoint URI.List<com.nimbusds.jose.JWEAlgorithm>
getAuthorizationJWEAlgs()
Gets the supported JWE algorithms for JWT-encoded authorisation responses.List<com.nimbusds.jose.EncryptionMethod>
getAuthorizationJWEEncs()
Gets the supported encryption methods for JWT-encoded authorisation responses.List<com.nimbusds.jose.JWSAlgorithm>
getAuthorizationJWSAlgs()
Gets the supported JWS algorithms for JWT-encoded authorisation responses.List<CodeChallengeMethod>
getCodeChallengeMethods()
Gets the supported authorisation code challenge methods for PKCE.Object
getCustomParameter(String name)
Gets the specified custom (not registered) parameter.net.minidev.json.JSONObject
getCustomParameters()
Gets the custom (not registered) parameters.URI
getCustomURIParameter(String name)
Gets the specified custom (not registered) URI parameter.URI
getDeviceAuthorizationEndpointURI()
Gets the device authorization endpoint URI.List<GrantType>
getGrantTypes()
Gets the supported OAuth 2.0 grant types.List<ClientAuthenticationMethod>
getIntrospectionEndpointAuthMethods()
Gets the supported introspection endpoint authentication methods.List<com.nimbusds.jose.JWSAlgorithm>
getIntrospectionEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
introspection endpoint authentication methods.URI
getIntrospectionEndpointURI()
Gets the token introspection endpoint URI.Issuer
getIssuer()
Gets the issuer identifier.URI
getJWKSetURI()
Gets the JSON Web Key (JWK) set URI.URI
getPolicyURI()
Gets the provider's policy regarding relying party use of data.static Set<String>
getRegisteredParameterNames()
Gets the registered OpenID Connect provider metadata parameter names.URI
getRegistrationEndpointURI()
Gets the client registration endpoint URI.URI
getRequestObjectEndpoint()
Gets the request object endpoint.List<com.nimbusds.jose.JWEAlgorithm>
getRequestObjectJWEAlgs()
Gets the supported JWE algorithms for request objects.List<com.nimbusds.jose.EncryptionMethod>
getRequestObjectJWEEncs()
Gets the supported encryption methods for request objects.List<com.nimbusds.jose.JWSAlgorithm>
getRequestObjectJWSAlgs()
Gets the supported JWS algorithms for request objects.List<ResponseMode>
getResponseModes()
Gets the supported response mode values.List<ResponseType>
getResponseTypes()
Gets the supported response type values.List<ClientAuthenticationMethod>
getRevocationEndpointAuthMethods()
Gets the supported revocation endpoint authentication methods.List<com.nimbusds.jose.JWSAlgorithm>
getRevocationEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
revocation endpoint authentication methods.URI
getRevocationEndpointURI()
Gets the token revocation endpoint URI.Scope
getScopes()
Gets the supported scope values.URI
getServiceDocsURI()
Gets the service documentation URI.URI
getTermsOfServiceURI()
Gets the provider's terms of service.List<ClientAuthenticationMethod>
getTokenEndpointAuthMethods()
Gets the supported token endpoint authentication methods.List<com.nimbusds.jose.JWSAlgorithm>
getTokenEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
token endpoint authentication methods.URI
getTokenEndpointURI()
Gets the token endpoint URI.List<com.nimbusds.langtag.LangTag>
getUILocales()
Gets the supported UI locales.static AuthorizationServerMetadata
parse(String s)
Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object string.static AuthorizationServerMetadata
parse(net.minidev.json.JSONObject jsonObject)
Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object.boolean
requiresRequestURIRegistration()
Gets the requirement for therequest_uri
parameter pre-registration.static AuthorizationServerMetadata
resolve(Issuer issuer)
Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier.static AuthorizationServerMetadata
resolve(Issuer issuer, int connectTimeout, int readTimeout)
Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier.void
setAuthorizationEndpointURI(URI authzEndpoint)
Sets the authorisation endpoint URI.void
setAuthorizationJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> authzJWEAlgs)
Sets the supported JWE algorithms for JWT-encoded authorisation responses.void
setAuthorizationJWEEncs(List<com.nimbusds.jose.EncryptionMethod> authzJWEEncs)
Sets the supported encryption methods for JWT-encoded authorisation responses.void
setAuthorizationJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> authzJWSAlgs)
Sets the supported JWS algorithms for JWT-encoded authorisation responses.void
setCodeChallengeMethods(List<CodeChallengeMethod> codeChallengeMethods)
Gets the supported authorisation code challenge methods for PKCE.void
setCustomParameter(String name, Object value)
Sets the specified custom (not registered) parameter.void
setDeviceAuthorizationEndpointURI(URI deviceAuthzEndpoint)
Sets the device authorization endpoint URI.void
setGrantTypes(List<GrantType> gts)
Sets the supported OAuth 2.0 grant types.void
setIntrospectionEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)
Sets the supported introspection endpoint authentication methods.void
setIntrospectionEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)
Sets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
introspection endpoint authentication methods.void
setIntrospectionEndpointURI(URI introspectionEndpoint)
Sets the token introspection endpoint URI.void
setJWKSetURI(URI jwkSetURI)
Sets the JSON Web Key (JWT) set URI.void
setPolicyURI(URI policyURI)
Sets the provider's policy regarding relying party use of data.void
setRegistrationEndpointURI(URI regEndpoint)
Sets the client registration endpoint URI.void
setRequestObjectEndpoint(URI requestObjectEndpoint)
Sets the request object endpoint.void
setRequestObjectJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> requestObjectJWEAlgs)
Sets the supported JWE algorithms for request objects.void
setRequestObjectJWEEncs(List<com.nimbusds.jose.EncryptionMethod> requestObjectJWEEncs)
Sets the supported encryption methods for request objects.void
setRequestObjectJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> requestObjectJWSAlgs)
Sets the supported JWS algorithms for request objects.void
setRequiresRequestURIRegistration(boolean requireRequestURIReg)
Sets the requirement for therequest_uri
parameter pre-registration.void
setResponseModes(List<ResponseMode> rms)
Sets the supported response mode values.void
setResponseTypes(List<ResponseType> rts)
Sets the supported response type values.void
setRevocationEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)
Sets the supported revocation endpoint authentication methods.void
setRevocationEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)
Sets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
revocation endpoint authentication methods.void
setRevocationEndpointURI(URI revocationEndpoint)
Sets the token revocation endpoint URI.void
setScopes(Scope scope)
Sets the supported scope values.void
setServiceDocsURI(URI serviceDocsURI)
Sets the service documentation URI.void
setSupportsMutualTLSSenderConstrainedAccessTokens(boolean mutualTLSSenderConstrainedAccessTokens)
Deprecated.void
setSupportsRequestParam(boolean requestParamSupported)
Sets the support for therequest
authorisation request parameter.void
setSupportsRequestURIParam(boolean requestURIParamSupported)
Sets the support for therequest_uri
authorisation request parameter.void
setSupportsTLSClientCertificateBoundAccessTokens(boolean tlsClientCertBoundTokens)
Sets the support for TLS client certificate bound access tokens.void
setTermsOfServiceURI(URI tosURI)
Sets the provider's terms of service.void
setTokenEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)
Sets the supported token endpoint authentication methods.void
setTokenEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)
Sets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
token endpoint authentication methods.void
setTokenEndpointURI(URI tokenEndpoint)
Sts the token endpoint URI.void
setUILocales(List<com.nimbusds.langtag.LangTag> uiLocales)
Sets the supported UI locales.boolean
supportsMutualTLSSenderConstrainedAccessTokens()
Deprecated.boolean
supportsRequestParam()
Gets the support for therequest
authorisation request parameter.boolean
supportsRequestURIParam()
Gets the support for therequest_uri
authorisation request parameter.boolean
supportsTLSClientCertificateBoundAccessTokens()
Gets the support for TLS client certificate bound access tokens.net.minidev.json.JSONObject
toJSONObject()
Returns the JSON object representation of this OpenID Connect provider metadata.String
toString()
-
-
-
Constructor Detail
-
AuthorizationServerMetadata
public AuthorizationServerMetadata(Issuer issuer)
Creates a new OAuth 2.0 Authorisation Server (AS) metadata instance.- Parameters:
issuer
- The issuer identifier. Must be an URI using the https scheme with no query or fragment component. Must not benull
.
-
-
Method Detail
-
getRegisteredParameterNames
public static Set<String> getRegisteredParameterNames()
Gets the registered OpenID Connect provider metadata parameter names.- Returns:
- The registered OpenID Connect provider metadata parameter names, as an unmodifiable set.
-
getIssuer
public Issuer getIssuer()
Gets the issuer identifier. Corresponds to theissuer
metadata field.- Returns:
- The issuer identifier.
-
getAuthorizationEndpointURI
public URI getAuthorizationEndpointURI()
Gets the authorisation endpoint URI. Corresponds theauthorization_endpoint
metadata field.- Returns:
- The authorisation endpoint URI,
null
if not specified.
-
setAuthorizationEndpointURI
public void setAuthorizationEndpointURI(URI authzEndpoint)
Sets the authorisation endpoint URI. Corresponds theauthorization_endpoint
metadata field.- Parameters:
authzEndpoint
- The authorisation endpoint URI,null
if not specified.
-
getTokenEndpointURI
public URI getTokenEndpointURI()
Gets the token endpoint URI. Corresponds thetoken_endpoint
metadata field.- Returns:
- The token endpoint URI,
null
if not specified.
-
setTokenEndpointURI
public void setTokenEndpointURI(URI tokenEndpoint)
Sts the token endpoint URI. Corresponds thetoken_endpoint
metadata field.- Parameters:
tokenEndpoint
- The token endpoint URI,null
if not specified.
-
getRegistrationEndpointURI
public URI getRegistrationEndpointURI()
Gets the client registration endpoint URI. Corresponds to theregistration_endpoint
metadata field.- Returns:
- The client registration endpoint URI,
null
if not specified.
-
setRegistrationEndpointURI
public void setRegistrationEndpointURI(URI regEndpoint)
Sets the client registration endpoint URI. Corresponds to theregistration_endpoint
metadata field.- Parameters:
regEndpoint
- The client registration endpoint URI,null
if not specified.
-
getIntrospectionEndpointURI
public URI getIntrospectionEndpointURI()
Gets the token introspection endpoint URI. Corresponds to theintrospection_endpoint
metadata field.- Returns:
- The token introspection endpoint URI,
null
if not specified.
-
setIntrospectionEndpointURI
public void setIntrospectionEndpointURI(URI introspectionEndpoint)
Sets the token introspection endpoint URI. Corresponds to theintrospection_endpoint
metadata field.- Parameters:
introspectionEndpoint
- The token introspection endpoint URI,null
if not specified.
-
getRevocationEndpointURI
public URI getRevocationEndpointURI()
Gets the token revocation endpoint URI. Corresponds to therevocation_endpoint
metadata field.- Returns:
- The token revocation endpoint URI,
null
if not specified.
-
setRevocationEndpointURI
public void setRevocationEndpointURI(URI revocationEndpoint)
Sets the token revocation endpoint URI. Corresponds to therevocation_endpoint
metadata field.- Parameters:
revocationEndpoint
- The token revocation endpoint URI,null
if not specified.
-
getJWKSetURI
public URI getJWKSetURI()
Gets the JSON Web Key (JWK) set URI. Corresponds to thejwks_uri
metadata field.- Returns:
- The JWK set URI,
null
if not specified.
-
setJWKSetURI
public void setJWKSetURI(URI jwkSetURI)
Sets the JSON Web Key (JWT) set URI. Corresponds to thejwks_uri
metadata field.- Parameters:
jwkSetURI
- The JWK set URI,null
if not specified.
-
getScopes
public Scope getScopes()
Gets the supported scope values. Corresponds to thescopes_supported
metadata field.- Returns:
- The supported scope values,
null
if not specified.
-
setScopes
public void setScopes(Scope scope)
Sets the supported scope values. Corresponds to thescopes_supported
metadata field.- Parameters:
scope
- The supported scope values,null
if not specified.
-
getResponseTypes
public List<ResponseType> getResponseTypes()
Gets the supported response type values. Corresponds to theresponse_types_supported
metadata field.- Returns:
- The supported response type values,
null
if not specified.
-
setResponseTypes
public void setResponseTypes(List<ResponseType> rts)
Sets the supported response type values. Corresponds to theresponse_types_supported
metadata field.- Parameters:
rts
- The supported response type values,null
if not specified.
-
getResponseModes
public List<ResponseMode> getResponseModes()
Gets the supported response mode values. Corresponds to theresponse_modes_supported
.- Returns:
- The supported response mode values,
null
if not specified.
-
setResponseModes
public void setResponseModes(List<ResponseMode> rms)
Sets the supported response mode values. Corresponds to theresponse_modes_supported
.- Parameters:
rms
- The supported response mode values,null
if not specified.
-
getGrantTypes
public List<GrantType> getGrantTypes()
Gets the supported OAuth 2.0 grant types. Corresponds to thegrant_types_supported
metadata field.- Returns:
- The supported grant types,
null
if not specified.
-
setGrantTypes
public void setGrantTypes(List<GrantType> gts)
Sets the supported OAuth 2.0 grant types. Corresponds to thegrant_types_supported
metadata field.- Parameters:
gts
- The supported grant types,null
if not specified.
-
getCodeChallengeMethods
public List<CodeChallengeMethod> getCodeChallengeMethods()
Gets the supported authorisation code challenge methods for PKCE. Corresponds to thecode_challenge_methods_supported
metadata field.- Returns:
- The supported code challenge methods,
null
if not specified.
-
setCodeChallengeMethods
public void setCodeChallengeMethods(List<CodeChallengeMethod> codeChallengeMethods)
Gets the supported authorisation code challenge methods for PKCE. Corresponds to thecode_challenge_methods_supported
metadata field.- Parameters:
codeChallengeMethods
- The supported code challenge methods,null
if not specified.
-
getTokenEndpointAuthMethods
public List<ClientAuthenticationMethod> getTokenEndpointAuthMethods()
Gets the supported token endpoint authentication methods. Corresponds to thetoken_endpoint_auth_methods_supported
metadata field.- Returns:
- The supported token endpoint authentication methods,
null
if not specified.
-
setTokenEndpointAuthMethods
public void setTokenEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)
Sets the supported token endpoint authentication methods. Corresponds to thetoken_endpoint_auth_methods_supported
metadata field.- Parameters:
authMethods
- The supported token endpoint authentication methods,null
if not specified.
-
getTokenEndpointJWSAlgs
public List<com.nimbusds.jose.JWSAlgorithm> getTokenEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
token endpoint authentication methods. Corresponds to thetoken_endpoint_auth_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
setTokenEndpointJWSAlgs
public void setTokenEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)
Sets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
token endpoint authentication methods. Corresponds to thetoken_endpoint_auth_signing_alg_values_supported
metadata field.- Parameters:
jwsAlgs
- The supported JWS algorithms,null
if not specified. Must not contain thenone
algorithm.
-
getIntrospectionEndpointAuthMethods
public List<ClientAuthenticationMethod> getIntrospectionEndpointAuthMethods()
Gets the supported introspection endpoint authentication methods. Corresponds to theintrospection_endpoint_auth_methods_supported
metadata field.- Returns:
- The supported introspection endpoint authentication methods,
null
if not specified.
-
setIntrospectionEndpointAuthMethods
public void setIntrospectionEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)
Sets the supported introspection endpoint authentication methods. Corresponds to theintrospection_endpoint_auth_methods_supported
metadata field.- Parameters:
authMethods
- The supported introspection endpoint authentication methods,null
if not specified.
-
getIntrospectionEndpointJWSAlgs
public List<com.nimbusds.jose.JWSAlgorithm> getIntrospectionEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
introspection endpoint authentication methods. Corresponds to theintrospection_endpoint_auth_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
setIntrospectionEndpointJWSAlgs
public void setIntrospectionEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)
Sets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
introspection endpoint authentication methods. Corresponds to theintrospection_endpoint_auth_signing_alg_values_supported
metadata field.- Parameters:
jwsAlgs
- The supported JWS algorithms,null
if not specified. Must not contain thenone
algorithm.
-
getRevocationEndpointAuthMethods
public List<ClientAuthenticationMethod> getRevocationEndpointAuthMethods()
Gets the supported revocation endpoint authentication methods. Corresponds to therevocation_endpoint_auth_methods_supported
metadata field.- Returns:
- The supported revocation endpoint authentication methods,
null
if not specified.
-
setRevocationEndpointAuthMethods
public void setRevocationEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)
Sets the supported revocation endpoint authentication methods. Corresponds to therevocation_endpoint_auth_methods_supported
metadata field.- Parameters:
authMethods
- The supported revocation endpoint authentication methods,null
if not specified.
-
getRevocationEndpointJWSAlgs
public List<com.nimbusds.jose.JWSAlgorithm> getRevocationEndpointJWSAlgs()
Gets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
revocation endpoint authentication methods. Corresponds to therevocation_endpoint_auth_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
setRevocationEndpointJWSAlgs
public void setRevocationEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)
Sets the supported JWS algorithms for theprivate_key_jwt
andclient_secret_jwt
revocation endpoint authentication methods. Corresponds to therevocation_endpoint_auth_signing_alg_values_supported
metadata field.- Parameters:
jwsAlgs
- The supported JWS algorithms,null
if not specified. Must not contain thenone
algorithm.
-
getRequestObjectEndpoint
public URI getRequestObjectEndpoint()
Gets the request object endpoint. Corresponds to therequest_object_endpoint
metadata field.- Returns:
- The request object endpoint,
null
if not specified.
-
setRequestObjectEndpoint
public void setRequestObjectEndpoint(URI requestObjectEndpoint)
Sets the request object endpoint. Corresponds to therequest_object_endpoint
metadata field.- Parameters:
requestObjectEndpoint
- The request object endpoint,null
if not specified.
-
getRequestObjectJWSAlgs
public List<com.nimbusds.jose.JWSAlgorithm> getRequestObjectJWSAlgs()
Gets the supported JWS algorithms for request objects. Corresponds to therequest_object_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
setRequestObjectJWSAlgs
public void setRequestObjectJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> requestObjectJWSAlgs)
Sets the supported JWS algorithms for request objects. Corresponds to therequest_object_signing_alg_values_supported
metadata field.- Parameters:
requestObjectJWSAlgs
- The supported JWS algorithms,null
if not specified.
-
getRequestObjectJWEAlgs
public List<com.nimbusds.jose.JWEAlgorithm> getRequestObjectJWEAlgs()
Gets the supported JWE algorithms for request objects. Corresponds to therequest_object_encryption_alg_values_supported
metadata field.- Returns:
- The supported JWE algorithms,
null
if not specified.
-
setRequestObjectJWEAlgs
public void setRequestObjectJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> requestObjectJWEAlgs)
Sets the supported JWE algorithms for request objects. Corresponds to therequest_object_encryption_alg_values_supported
metadata field.- Parameters:
requestObjectJWEAlgs
- The supported JWE algorithms,null
if not specified.
-
getRequestObjectJWEEncs
public List<com.nimbusds.jose.EncryptionMethod> getRequestObjectJWEEncs()
Gets the supported encryption methods for request objects. Corresponds to therequest_object_encryption_enc_values_supported
metadata field.- Returns:
- The supported encryption methods,
null
if not specified.
-
setRequestObjectJWEEncs
public void setRequestObjectJWEEncs(List<com.nimbusds.jose.EncryptionMethod> requestObjectJWEEncs)
Sets the supported encryption methods for request objects. Corresponds to therequest_object_encryption_enc_values_supported
metadata field.- Parameters:
requestObjectJWEEncs
- The supported encryption methods,null
if not specified.
-
supportsRequestParam
public boolean supportsRequestParam()
Gets the support for therequest
authorisation request parameter. Corresponds to therequest_parameter_supported
metadata field.- Returns:
true
if thereqeust
parameter is supported, elsefalse
.
-
setSupportsRequestParam
public void setSupportsRequestParam(boolean requestParamSupported)
Sets the support for therequest
authorisation request parameter. Corresponds to therequest_parameter_supported
metadata field.- Parameters:
requestParamSupported
-true
if thereqeust
parameter is supported, elsefalse
.
-
supportsRequestURIParam
public boolean supportsRequestURIParam()
Gets the support for therequest_uri
authorisation request parameter. Corresponds therequest_uri_parameter_supported
metadata field.- Returns:
true
if therequest_uri
parameter is supported, elsefalse
.
-
setSupportsRequestURIParam
public void setSupportsRequestURIParam(boolean requestURIParamSupported)
Sets the support for therequest_uri
authorisation request parameter. Corresponds therequest_uri_parameter_supported
metadata field.- Parameters:
requestURIParamSupported
-true
if therequest_uri
parameter is supported, elsefalse
.
-
requiresRequestURIRegistration
public boolean requiresRequestURIRegistration()
Gets the requirement for therequest_uri
parameter pre-registration. Corresponds to therequire_request_uri_registration
metadata field.- Returns:
true
if therequest_uri
parameter values must be pre-registered, elsefalse
.
-
setRequiresRequestURIRegistration
public void setRequiresRequestURIRegistration(boolean requireRequestURIReg)
Sets the requirement for therequest_uri
parameter pre-registration. Corresponds to therequire_request_uri_registration
metadata field.- Parameters:
requireRequestURIReg
-true
if therequest_uri
parameter values must be pre-registered, elsefalse
.
-
getUILocales
public List<com.nimbusds.langtag.LangTag> getUILocales()
Gets the supported UI locales. Corresponds to theui_locales_supported
metadata field.- Returns:
- The supported UI locales,
null
if not specified.
-
setUILocales
public void setUILocales(List<com.nimbusds.langtag.LangTag> uiLocales)
Sets the supported UI locales. Corresponds to theui_locales_supported
metadata field.- Parameters:
uiLocales
- The supported UI locales,null
if not specified.
-
getServiceDocsURI
public URI getServiceDocsURI()
Gets the service documentation URI. Corresponds to theservice_documentation
metadata field.- Returns:
- The service documentation URI,
null
if not specified.
-
setServiceDocsURI
public void setServiceDocsURI(URI serviceDocsURI)
Sets the service documentation URI. Corresponds to theservice_documentation
metadata field.- Parameters:
serviceDocsURI
- The service documentation URI,null
if not specified.
-
getPolicyURI
public URI getPolicyURI()
Gets the provider's policy regarding relying party use of data. Corresponds to theop_policy_uri
metadata field.- Returns:
- The policy URI,
null
if not specified.
-
setPolicyURI
public void setPolicyURI(URI policyURI)
Sets the provider's policy regarding relying party use of data. Corresponds to theop_policy_uri
metadata field.- Parameters:
policyURI
- The policy URI,null
if not specified.
-
getTermsOfServiceURI
public URI getTermsOfServiceURI()
Gets the provider's terms of service. Corresponds to theop_tos_uri
metadata field.- Returns:
- The terms of service URI,
null
if not specified.
-
setTermsOfServiceURI
public void setTermsOfServiceURI(URI tosURI)
Sets the provider's terms of service. Corresponds to theop_tos_uri
metadata field.- Parameters:
tosURI
- The terms of service URI,null
if not specified.
-
supportsTLSClientCertificateBoundAccessTokens
public boolean supportsTLSClientCertificateBoundAccessTokens()
Gets the support for TLS client certificate bound access tokens. Corresponds to thetls_client_certificate_bound_access_tokens
metadata field.- Returns:
true
if TLS client certificate bound access tokens are supported, elsefalse
.
-
setSupportsTLSClientCertificateBoundAccessTokens
public void setSupportsTLSClientCertificateBoundAccessTokens(boolean tlsClientCertBoundTokens)
Sets the support for TLS client certificate bound access tokens. Corresponds to thetls_client_certificate_bound_access_tokens
metadata field.- Parameters:
tlsClientCertBoundTokens
-true
if TLS client certificate bound access tokens are supported, elsefalse
.
-
supportsMutualTLSSenderConstrainedAccessTokens
@Deprecated public boolean supportsMutualTLSSenderConstrainedAccessTokens()
Deprecated.Gets the support for TLS client certificate bound access tokens. Corresponds to thetls_client_certificate_bound_access_tokens
metadata field.- Returns:
true
if TLS client certificate bound access tokens are supported, elsefalse
.
-
setSupportsMutualTLSSenderConstrainedAccessTokens
@Deprecated public void setSupportsMutualTLSSenderConstrainedAccessTokens(boolean mutualTLSSenderConstrainedAccessTokens)
Deprecated.Sets the support for TLS client certificate bound access tokens. Corresponds to thetls_client_certificate_bound_access_tokens
metadata field.- Parameters:
mutualTLSSenderConstrainedAccessTokens
-true
if TLS client certificate bound access tokens are supported, elsefalse
.
-
getAuthorizationJWSAlgs
public List<com.nimbusds.jose.JWSAlgorithm> getAuthorizationJWSAlgs()
Gets the supported JWS algorithms for JWT-encoded authorisation responses. Corresponds to theauthorization_signing_alg_values_supported
metadata field.- Returns:
- The supported JWS algorithms,
null
if not specified.
-
setAuthorizationJWSAlgs
public void setAuthorizationJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> authzJWSAlgs)
Sets the supported JWS algorithms for JWT-encoded authorisation responses. Corresponds to theauthorization_signing_alg_values_supported
metadata field.- Parameters:
authzJWSAlgs
- The supported JWS algorithms,null
if not specified.
-
getAuthorizationJWEAlgs
public List<com.nimbusds.jose.JWEAlgorithm> getAuthorizationJWEAlgs()
Gets the supported JWE algorithms for JWT-encoded authorisation responses. Corresponds to theauthorization_encryption_alg_values_supported
metadata field.- Returns:
- The supported JWE algorithms,
null
if not specified.
-
setAuthorizationJWEAlgs
public void setAuthorizationJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> authzJWEAlgs)
Sets the supported JWE algorithms for JWT-encoded authorisation responses. Corresponds to theauthorization_encryption_alg_values_supported
metadata field.- Parameters:
authzJWEAlgs
- The supported JWE algorithms,null
if not specified.
-
getAuthorizationJWEEncs
public List<com.nimbusds.jose.EncryptionMethod> getAuthorizationJWEEncs()
Gets the supported encryption methods for JWT-encoded authorisation responses. Corresponds to theauthorization_encryption_enc_values_supported
metadata field.- Returns:
- The supported encryption methods,
null
if not specified.
-
setAuthorizationJWEEncs
public void setAuthorizationJWEEncs(List<com.nimbusds.jose.EncryptionMethod> authzJWEEncs)
Sets the supported encryption methods for JWT-encoded authorisation responses. Corresponds to theauthorization_encryption_enc_values_supported
metadata field.- Parameters:
authzJWEEncs
- The supported encryption methods,null
if not specified.
-
getDeviceAuthorizationEndpointURI
public URI getDeviceAuthorizationEndpointURI()
Gets the device authorization endpoint URI. Corresponds thedevice_authorization_endpoint
metadata field.- Returns:
- The device authorization endpoint URI,
null
if not specified.
-
setDeviceAuthorizationEndpointURI
public void setDeviceAuthorizationEndpointURI(URI deviceAuthzEndpoint)
Sets the device authorization endpoint URI. Corresponds thedevice_authorization_endpoint
metadata field.- Parameters:
deviceAuthzEndpoint
- The device authorization endpoint URI,null
if not specified.
-
getCustomParameter
public Object getCustomParameter(String name)
Gets the specified custom (not registered) parameter.- Parameters:
name
- The parameter name. Must not benull
.- Returns:
- The parameter value,
null
if not specified.
-
getCustomURIParameter
public URI getCustomURIParameter(String name)
Gets the specified custom (not registered) URI parameter.- Parameters:
name
- The parameter name. Must not benull
.- Returns:
- The parameter URI value,
null
if not specified.
-
setCustomParameter
public void setCustomParameter(String name, Object value)
Sets the specified custom (not registered) parameter.- Parameters:
name
- The parameter name. Must not benull
.value
- The parameter value,null
if not specified.
-
getCustomParameters
public net.minidev.json.JSONObject getCustomParameters()
Gets the custom (not registered) parameters.- Returns:
- The custom parameters, empty JSON object if none.
-
applyDefaults
public void applyDefaults()
Applies the OAuth 2.0 Authorisation Server metadata defaults where no values have been specified.- The response modes default to
["query", "fragment"]
. - The grant types default to
["authorization_code", "implicit"]
. - The token endpoint authentication methods default to
["client_secret_basic"]
.
- The response modes default to
-
toJSONObject
public net.minidev.json.JSONObject toJSONObject()
Returns the JSON object representation of this OpenID Connect provider metadata.- Returns:
- The JSON object representation.
-
parse
public static AuthorizationServerMetadata parse(net.minidev.json.JSONObject jsonObject) throws ParseException
Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object.- Parameters:
jsonObject
- The JSON object to parse. Must not benull
.- Returns:
- The OAuth 2.0 Authorisation Server metadata.
- Throws:
ParseException
- If the JSON object couldn't be parsed to an OAuth 2.0 Authorisation Server metadata.
-
parse
public static AuthorizationServerMetadata parse(String s) throws ParseException
Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object string.- Parameters:
s
- The JSON object sting to parse. Must not benull
.- Returns:
- The OAuth 2.0 Authorisation Server metadata.
- Throws:
ParseException
- If the JSON object string couldn't be parsed to an OAuth 2.0 Authorisation Server metadata.
-
resolve
public static AuthorizationServerMetadata resolve(Issuer issuer) throws GeneralException, IOException
Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from[issuer-url]/.well-known/oauth-authorization-server
.- Parameters:
issuer
- The issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not benull
.- Returns:
- The OAuth 2.0 authorisation server metadata.
- Throws:
GeneralException
- If the issuer identifier or the downloaded metadata are invalid.IOException
- On a HTTP exception.
-
resolve
public static AuthorizationServerMetadata resolve(Issuer issuer, int connectTimeout, int readTimeout) throws GeneralException, IOException
Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from[issuer-url]/.well-known/oauth-authorization-server
.- Parameters:
issuer
- The issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not benull
.connectTimeout
- The HTTP connect timeout, in milliseconds. Zero implies no timeout. Must not be negative.readTimeout
- The HTTP response read timeout, in milliseconds. Zero implies no timeout. Must not be negative.- Returns:
- The OAuth 2.0 authorisation server metadata.
- Throws:
GeneralException
- If the issuer identifier or the downloaded metadata are invalid.IOException
- On a HTTP exception.
-
-