OIDCProviderMetadata
public class AuthorizationServerMetadata extends Object
Related specifications:
Constructor | Description |
---|---|
AuthorizationServerMetadata(Issuer issuer) |
Creates a new OAuth 2.0 Authorisation Server (AS) metadata instance.
|
Modifier and Type | Method | Description |
---|---|---|
void |
applyDefaults() |
Applies the OAuth 2.0 Authorisation Server metadata defaults where
no values have been specified.
|
URI |
getAuthorizationEndpointURI() |
Gets the authorisation endpoint URI.
|
List<com.nimbusds.jose.JWEAlgorithm> |
getAuthorizationJWEAlgs() |
Gets the supported JWE algorithms for JWT-encoded authorisation
responses.
|
List<com.nimbusds.jose.EncryptionMethod> |
getAuthorizationJWEEncs() |
Gets the supported encryption methods for JWT-encoded authorisation
responses.
|
List<com.nimbusds.jose.JWSAlgorithm> |
getAuthorizationJWSAlgs() |
Gets the supported JWS algorithms for JWT-encoded authorisation
responses.
|
List<CodeChallengeMethod> |
getCodeChallengeMethods() |
Gets the supported authorisation code challenge methods for PKCE.
|
Object |
getCustomParameter(String name) |
Gets the specified custom (not registered) parameter.
|
net.minidev.json.JSONObject |
getCustomParameters() |
Gets the custom (not registered) parameters.
|
URI |
getCustomURIParameter(String name) |
Gets the specified custom (not registered) URI parameter.
|
URI |
getDeviceAuthorizationEndpointURI() |
Gets the device authorization endpoint URI.
|
List<GrantType> |
getGrantTypes() |
Gets the supported OAuth 2.0 grant types.
|
List<ClientAuthenticationMethod> |
getIntrospectionEndpointAuthMethods() |
Gets the supported introspection endpoint authentication methods.
|
List<com.nimbusds.jose.JWSAlgorithm> |
getIntrospectionEndpointJWSAlgs() |
Gets the supported JWS algorithms for the
private_key_jwt
and client_secret_jwt introspection endpoint authentication
methods. |
URI |
getIntrospectionEndpointURI() |
Gets the token introspection endpoint URI.
|
Issuer |
getIssuer() |
Gets the issuer identifier.
|
URI |
getJWKSetURI() |
Gets the JSON Web Key (JWK) set URI.
|
URI |
getPolicyURI() |
Gets the provider's policy regarding relying party use of data.
|
static Set<String> |
getRegisteredParameterNames() |
Gets the registered OpenID Connect provider metadata parameter
names.
|
URI |
getRegistrationEndpointURI() |
Gets the client registration endpoint URI.
|
List<com.nimbusds.jose.JWEAlgorithm> |
getRequestObjectJWEAlgs() |
Gets the supported JWE algorithms for request objects.
|
List<com.nimbusds.jose.EncryptionMethod> |
getRequestObjectJWEEncs() |
Gets the supported encryption methods for request objects.
|
List<com.nimbusds.jose.JWSAlgorithm> |
getRequestObjectJWSAlgs() |
Gets the supported JWS algorithms for request objects.
|
List<ResponseMode> |
getResponseModes() |
Gets the supported response mode values.
|
List<ResponseType> |
getResponseTypes() |
Gets the supported response type values.
|
List<ClientAuthenticationMethod> |
getRevocationEndpointAuthMethods() |
Gets the supported revocation endpoint authentication methods.
|
List<com.nimbusds.jose.JWSAlgorithm> |
getRevocationEndpointJWSAlgs() |
Gets the supported JWS algorithms for the
private_key_jwt
and client_secret_jwt revocation endpoint authentication
methods. |
URI |
getRevocationEndpointURI() |
Gets the token revocation endpoint URI.
|
Scope |
getScopes() |
Gets the supported scope values.
|
URI |
getServiceDocsURI() |
Gets the service documentation URI.
|
URI |
getTermsOfServiceURI() |
Gets the provider's terms of service.
|
List<ClientAuthenticationMethod> |
getTokenEndpointAuthMethods() |
Gets the supported token endpoint authentication methods.
|
List<com.nimbusds.jose.JWSAlgorithm> |
getTokenEndpointJWSAlgs() |
Gets the supported JWS algorithms for the
private_key_jwt
and client_secret_jwt token endpoint authentication methods. |
URI |
getTokenEndpointURI() |
Gets the token endpoint URI.
|
List<com.nimbusds.langtag.LangTag> |
getUILocales() |
Gets the supported UI locales.
|
static AuthorizationServerMetadata |
parse(String s) |
Parses an OAuth 2.0 Authorisation Server metadata from the specified
JSON object string.
|
static AuthorizationServerMetadata |
parse(net.minidev.json.JSONObject jsonObject) |
Parses an OAuth 2.0 Authorisation Server metadata from the specified
JSON object.
|
boolean |
requiresRequestURIRegistration() |
Gets the requirement for the
request_uri parameter
pre-registration. |
static AuthorizationServerMetadata |
resolve(Issuer issuer) |
Resolves OAuth 2.0 authorisation server metadata from the specified
issuer identifier.
|
static AuthorizationServerMetadata |
resolve(Issuer issuer,
int connectTimeout,
int readTimeout) |
Resolves OAuth 2.0 authorisation server metadata from the specified
issuer identifier.
|
void |
setAuthorizationEndpointURI(URI authzEndpoint) |
Sets the authorisation endpoint URI.
|
void |
setAuthorizationJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> authzJWEAlgs) |
Sets the supported JWE algorithms for JWT-encoded authorisation
responses.
|
void |
setAuthorizationJWEEncs(List<com.nimbusds.jose.EncryptionMethod> authzJWEEncs) |
Sets the supported encryption methods for JWT-encoded authorisation
responses.
|
void |
setAuthorizationJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> authzJWSAlgs) |
Sets the supported JWS algorithms for JWT-encoded authorisation
responses.
|
void |
setCodeChallengeMethods(List<CodeChallengeMethod> codeChallengeMethods) |
Gets the supported authorisation code challenge methods for PKCE.
|
void |
setCustomParameter(String name,
Object value) |
Sets the specified custom (not registered) parameter.
|
void |
setDeviceAuthorizationEndpointURI(URI deviceAuthzEndpoint) |
Sets the device authorization endpoint URI.
|
void |
setGrantTypes(List<GrantType> gts) |
Sets the supported OAuth 2.0 grant types.
|
void |
setIntrospectionEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods) |
Sets the supported introspection endpoint authentication methods.
|
void |
setIntrospectionEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs) |
Sets the supported JWS algorithms for the
private_key_jwt
and client_secret_jwt introspection endpoint authentication
methods. |
void |
setIntrospectionEndpointURI(URI introspectionEndpoint) |
Sets the token introspection endpoint URI.
|
void |
setJWKSetURI(URI jwkSetURI) |
Sets the JSON Web Key (JWT) set URI.
|
void |
setPolicyURI(URI policyURI) |
Sets the provider's policy regarding relying party use of data.
|
void |
setRegistrationEndpointURI(URI regEndpoint) |
Sets the client registration endpoint URI.
|
void |
setRequestObjectJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> requestObjectJWEAlgs) |
Sets the supported JWE algorithms for request objects.
|
void |
setRequestObjectJWEEncs(List<com.nimbusds.jose.EncryptionMethod> requestObjectJWEEncs) |
Sets the supported encryption methods for request objects.
|
void |
setRequestObjectJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> requestObjectJWSAlgs) |
Sets the supported JWS algorithms for request objects.
|
void |
setRequiresRequestURIRegistration(boolean requireRequestURIReg) |
Sets the requirement for the
request_uri parameter
pre-registration. |
void |
setResponseModes(List<ResponseMode> rms) |
Sets the supported response mode values.
|
void |
setResponseTypes(List<ResponseType> rts) |
Sets the supported response type values.
|
void |
setRevocationEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods) |
Sets the supported revocation endpoint authentication methods.
|
void |
setRevocationEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs) |
Sets the supported JWS algorithms for the
private_key_jwt
and client_secret_jwt revocation endpoint authentication
methods. |
void |
setRevocationEndpointURI(URI revocationEndpoint) |
Sets the token revocation endpoint URI.
|
void |
setScopes(Scope scope) |
Sets the supported scope values.
|
void |
setServiceDocsURI(URI serviceDocsURI) |
Sets the service documentation URI.
|
void |
setSupportsMutualTLSSenderConstrainedAccessTokens(boolean mutualTLSSenderConstrainedAccessTokens) |
Deprecated.
|
void |
setSupportsRequestParam(boolean requestParamSupported) |
Sets the support for the
request authorisation request
parameter. |
void |
setSupportsRequestURIParam(boolean requestURIParamSupported) |
Sets the support for the
request_uri authorisation request
parameter. |
void |
setSupportsTLSClientCertificateBoundAccessTokens(boolean tlsClientCertBoundTokens) |
Sets the support for TLS client certificate bound access tokens.
|
void |
setTermsOfServiceURI(URI tosURI) |
Sets the provider's terms of service.
|
void |
setTokenEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods) |
Sets the supported token endpoint authentication methods.
|
void |
setTokenEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs) |
Sets the supported JWS algorithms for the
private_key_jwt
and client_secret_jwt token endpoint authentication methods. |
void |
setTokenEndpointURI(URI tokenEndpoint) |
Sts the token endpoint URI.
|
void |
setUILocales(List<com.nimbusds.langtag.LangTag> uiLocales) |
Sets the supported UI locales.
|
boolean |
supportsMutualTLSSenderConstrainedAccessTokens() |
Deprecated.
|
boolean |
supportsRequestParam() |
Gets the support for the
request authorisation request
parameter. |
boolean |
supportsRequestURIParam() |
Gets the support for the
request_uri authorisation request
parameter. |
boolean |
supportsTLSClientCertificateBoundAccessTokens() |
Gets the support for TLS client certificate bound access tokens.
|
net.minidev.json.JSONObject |
toJSONObject() |
Returns the JSON object representation of this OpenID Connect
provider metadata.
|
String |
toString() |
public AuthorizationServerMetadata(Issuer issuer)
issuer
- The issuer identifier. Must be an URI using the https
scheme with no query or fragment component. Must not
be null
.public static Set<String> getRegisteredParameterNames()
public Issuer getIssuer()
issuer
metadata field.public URI getAuthorizationEndpointURI()
authorization_endpoint
metadata field.null
if not
specified.public void setAuthorizationEndpointURI(URI authzEndpoint)
authorization_endpoint
metadata field.authzEndpoint
- The authorisation endpoint URI, null
if
not specified.public URI getTokenEndpointURI()
token_endpoint
metadata field.null
if not specified.public void setTokenEndpointURI(URI tokenEndpoint)
token_endpoint
metadata field.tokenEndpoint
- The token endpoint URI, null
if not
specified.public URI getRegistrationEndpointURI()
registration_endpoint
metadata field.null
if not
specified.public void setRegistrationEndpointURI(URI regEndpoint)
registration_endpoint
metadata field.regEndpoint
- The client registration endpoint URI,
null
if not specified.public URI getIntrospectionEndpointURI()
introspection_endpoint
metadata field.null
if not
specified.public void setIntrospectionEndpointURI(URI introspectionEndpoint)
introspection_endpoint
metadata field.introspectionEndpoint
- The token introspection endpoint URI,
null
if not specified.public URI getRevocationEndpointURI()
revocation_endpoint
metadata field.null
if not
specified.public void setRevocationEndpointURI(URI revocationEndpoint)
revocation_endpoint
metadata field.revocationEndpoint
- The token revocation endpoint URI,
null
if not specified.public URI getJWKSetURI()
jwks_uri
metadata field.null
if not specified.public void setJWKSetURI(URI jwkSetURI)
jwks_uri
metadata field.jwkSetURI
- The JWK set URI, null
if not specified.public Scope getScopes()
scopes_supported
metadata field.null
if not specified.public void setScopes(Scope scope)
scopes_supported
metadata field.scope
- The supported scope values, null
if not
specified.public List<ResponseType> getResponseTypes()
response_types_supported
metadata field.null
if not
specified.public void setResponseTypes(List<ResponseType> rts)
response_types_supported
metadata field.rts
- The supported response type values, null
if not
specified.public List<ResponseMode> getResponseModes()
response_modes_supported
.null
if not
specified.public void setResponseModes(List<ResponseMode> rms)
response_modes_supported
.rms
- The supported response mode values, null
if not
specified.public List<GrantType> getGrantTypes()
grant_types_supported
metadata field.null
if not specified.public void setGrantTypes(List<GrantType> gts)
grant_types_supported
metadata field.gts
- The supported grant types, null
if not specified.public List<CodeChallengeMethod> getCodeChallengeMethods()
code_challenge_methods_supported
metadata
field.null
if not
specified.public void setCodeChallengeMethods(List<CodeChallengeMethod> codeChallengeMethods)
code_challenge_methods_supported
metadata
field.codeChallengeMethods
- The supported code challenge methods,
null
if not specified.public List<ClientAuthenticationMethod> getTokenEndpointAuthMethods()
token_endpoint_auth_methods_supported
metadata field.null
if not specified.public void setTokenEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)
token_endpoint_auth_methods_supported
metadata field.authMethods
- The supported token endpoint authentication
methods, null
if not specified.public List<com.nimbusds.jose.JWSAlgorithm> getTokenEndpointJWSAlgs()
private_key_jwt
and client_secret_jwt
token endpoint authentication methods.
Corresponds to the
token_endpoint_auth_signing_alg_values_supported
metadata
field.null
if not specified.public void setTokenEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)
private_key_jwt
and client_secret_jwt
token endpoint authentication methods.
Corresponds to the
token_endpoint_auth_signing_alg_values_supported
metadata
field.jwsAlgs
- The supported JWS algorithms, null
if not
specified. Must not contain the none
algorithm.public List<ClientAuthenticationMethod> getIntrospectionEndpointAuthMethods()
introspection_endpoint_auth_methods_supported
metadata
field.null
if not specified.public void setIntrospectionEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)
introspection_endpoint_auth_methods_supported
metadata
field.authMethods
- The supported introspection endpoint
authentication methods, null
if not
specified.public List<com.nimbusds.jose.JWSAlgorithm> getIntrospectionEndpointJWSAlgs()
private_key_jwt
and client_secret_jwt
introspection endpoint authentication
methods. Corresponds to the
introspection_endpoint_auth_signing_alg_values_supported
metadata field.null
if not specified.public void setIntrospectionEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)
private_key_jwt
and client_secret_jwt
introspection endpoint authentication
methods. Corresponds to the
introspection_endpoint_auth_signing_alg_values_supported
metadata field.jwsAlgs
- The supported JWS algorithms, null
if not
specified. Must not contain the none
algorithm.public List<ClientAuthenticationMethod> getRevocationEndpointAuthMethods()
revocation_endpoint_auth_methods_supported
metadata field.null
if not specified.public void setRevocationEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)
revocation_endpoint_auth_methods_supported
metadata field.authMethods
- The supported revocation endpoint authentication
methods, null
if not specified.public List<com.nimbusds.jose.JWSAlgorithm> getRevocationEndpointJWSAlgs()
private_key_jwt
and client_secret_jwt
revocation endpoint authentication
methods. Corresponds to the
revocation_endpoint_auth_signing_alg_values_supported
metadata field.null
if not specified.public void setRevocationEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)
private_key_jwt
and client_secret_jwt
revocation endpoint authentication
methods. Corresponds to the
revocation_endpoint_auth_signing_alg_values_supported
metadata field.jwsAlgs
- The supported JWS algorithms, null
if not
specified. Must not contain the none
algorithm.public List<com.nimbusds.jose.JWSAlgorithm> getRequestObjectJWSAlgs()
request_object_signing_alg_values_supported
metadata
field.null
if not specified.public void setRequestObjectJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> requestObjectJWSAlgs)
request_object_signing_alg_values_supported
metadata
field.requestObjectJWSAlgs
- The supported JWS algorithms,
null
if not specified.public List<com.nimbusds.jose.JWEAlgorithm> getRequestObjectJWEAlgs()
request_object_encryption_alg_values_supported
metadata field.null
if not specified.public void setRequestObjectJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> requestObjectJWEAlgs)
request_object_encryption_alg_values_supported
metadata field.requestObjectJWEAlgs
- The supported JWE algorithms,
null
if not specified.public List<com.nimbusds.jose.EncryptionMethod> getRequestObjectJWEEncs()
request_object_encryption_enc_values_supported
metadata
field.null
if not
specified.public void setRequestObjectJWEEncs(List<com.nimbusds.jose.EncryptionMethod> requestObjectJWEEncs)
request_object_encryption_enc_values_supported
metadata
field.requestObjectJWEEncs
- The supported encryption methods,
null
if not specified.public boolean supportsRequestParam()
request
authorisation request
parameter. Corresponds to the request_parameter_supported
metadata field.true
if the reqeust
parameter is supported,
else false
.public void setSupportsRequestParam(boolean requestParamSupported)
request
authorisation request
parameter. Corresponds to the request_parameter_supported
metadata field.requestParamSupported
- true
if the reqeust
parameter is supported, else
false
.public boolean supportsRequestURIParam()
request_uri
authorisation request
parameter. Corresponds the request_uri_parameter_supported
metadata field.true
if the request_uri
parameter is
supported, else false
.public void setSupportsRequestURIParam(boolean requestURIParamSupported)
request_uri
authorisation request
parameter. Corresponds the request_uri_parameter_supported
metadata field.requestURIParamSupported
- true
if the
request_uri
parameter is
supported, else false
.public boolean requiresRequestURIRegistration()
request_uri
parameter
pre-registration. Corresponds to the
require_request_uri_registration
metadata field.true
if the request_uri
parameter values
must be pre-registered, else false
.public void setRequiresRequestURIRegistration(boolean requireRequestURIReg)
request_uri
parameter
pre-registration. Corresponds to the
require_request_uri_registration
metadata field.requireRequestURIReg
- true
if the request_uri
parameter values must be pre-registered,
else false
.public List<com.nimbusds.langtag.LangTag> getUILocales()
ui_locales_supported
metadata field.null
if not specified.public void setUILocales(List<com.nimbusds.langtag.LangTag> uiLocales)
ui_locales_supported
metadata field.uiLocales
- The supported UI locales, null
if not
specified.public URI getServiceDocsURI()
service_documentation
metadata field.null
if not
specified.public void setServiceDocsURI(URI serviceDocsURI)
service_documentation
metadata field.serviceDocsURI
- The service documentation URI, null
if
not specified.public URI getPolicyURI()
op_policy_uri
metadata field.null
if not specified.public void setPolicyURI(URI policyURI)
op_policy_uri
metadata field.policyURI
- The policy URI, null
if not specified.public URI getTermsOfServiceURI()
op_tos_uri
metadata field.null
if not specified.public void setTermsOfServiceURI(URI tosURI)
op_tos_uri
metadata field.tosURI
- The terms of service URI, null
if not
specified.public boolean supportsTLSClientCertificateBoundAccessTokens()
tls_client_certificate_bound_access_tokens
metadata field.true
if TLS client certificate bound access tokens
are supported, else false
.public void setSupportsTLSClientCertificateBoundAccessTokens(boolean tlsClientCertBoundTokens)
tls_client_certificate_bound_access_tokens
metadata field.tlsClientCertBoundTokens
- true
if TLS client
certificate bound access tokens are
supported, else false
.@Deprecated public boolean supportsMutualTLSSenderConstrainedAccessTokens()
tls_client_certificate_bound_access_tokens
metadata field.true
if TLS client certificate bound access tokens
are supported, else false
.@Deprecated public void setSupportsMutualTLSSenderConstrainedAccessTokens(boolean mutualTLSSenderConstrainedAccessTokens)
tls_client_certificate_bound_access_tokens
metadata field.mutualTLSSenderConstrainedAccessTokens
- true
if TLS
client certificate
bound access tokens
are supported, else
false
.public List<com.nimbusds.jose.JWSAlgorithm> getAuthorizationJWSAlgs()
authorization_signing_alg_values_supported
metadata field.null
if not specified.public void setAuthorizationJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> authzJWSAlgs)
authorization_signing_alg_values_supported
metadata field.authzJWSAlgs
- The supported JWS algorithms, null
if
not specified.public List<com.nimbusds.jose.JWEAlgorithm> getAuthorizationJWEAlgs()
authorization_encryption_alg_values_supported
metadata
field.null
if not specified.public void setAuthorizationJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> authzJWEAlgs)
authorization_encryption_alg_values_supported
metadata
field.authzJWEAlgs
- The supported JWE algorithms, null
if
not specified.public List<com.nimbusds.jose.EncryptionMethod> getAuthorizationJWEEncs()
authorization_encryption_enc_values_supported
metadata
field.null
if not
specified.public void setAuthorizationJWEEncs(List<com.nimbusds.jose.EncryptionMethod> authzJWEEncs)
authorization_encryption_enc_values_supported
metadata
field.authzJWEEncs
- The supported encryption methods, null
if not specified.public URI getDeviceAuthorizationEndpointURI()
device_authorization_endpoint
metadata field.null
if not
specified.public void setDeviceAuthorizationEndpointURI(URI deviceAuthzEndpoint)
device_authorization_endpoint
metadata field.authzEndpoint
- The device authorization endpoint URI,
null
if not specified.public Object getCustomParameter(String name)
name
- The parameter name. Must not be null
.null
if not specified.public URI getCustomURIParameter(String name)
name
- The parameter name. Must not be null
.null
if not specified.public void setCustomParameter(String name, Object value)
name
- The parameter name. Must not be null
.value
- The parameter value, null
if not specified.public net.minidev.json.JSONObject getCustomParameters()
public void applyDefaults()
["query", "fragment"]
.
["authorization_code",
"implicit"]
.
["client_secret_basic"]
.
public net.minidev.json.JSONObject toJSONObject()
public static AuthorizationServerMetadata parse(net.minidev.json.JSONObject jsonObject) throws ParseException
jsonObject
- The JSON object to parse. Must not be
null
.ParseException
- If the JSON object couldn't be parsed to an
OAuth 2.0 Authorisation Server metadata.public static AuthorizationServerMetadata parse(String s) throws ParseException
s
- The JSON object sting to parse. Must not be null
.ParseException
- If the JSON object string couldn't be parsed
to an OAuth 2.0 Authorisation Server
metadata.public static AuthorizationServerMetadata resolve(Issuer issuer) throws GeneralException, IOException
[issuer-url]/.well-known/oauth-authorization-server
.issuer
- The issuer identifier. Must represent a valid HTTPS or
HTTP URL. Must not be null
.GeneralException
- If the issuer identifier or the downloaded
metadata are invalid.IOException
- On a HTTP exception.public static AuthorizationServerMetadata resolve(Issuer issuer, int connectTimeout, int readTimeout) throws GeneralException, IOException
[issuer-url]/.well-known/oauth-authorization-server
.issuer
- The issuer identifier. Must represent a valid
HTTPS or HTTP URL. Must not be null
.connectTimeout
- The HTTP connect timeout, in milliseconds.
Zero implies no timeout. Must not be negative.readTimeout
- The HTTP response read timeout, in
milliseconds. Zero implies no timeout. Must
not be negative.GeneralException
- If the issuer identifier or the downloaded
metadata are invalid.IOException
- On a HTTP exception.Copyright © 2019 Connect2id Ltd.. All rights reserved.