Package com.nimbusds.openid.connect.sdk.op

Class OIDCProviderMetadata

java.lang.Object

com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata

com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata

com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata

public class OIDCProviderMetadata
extends AuthorizationServerMetadata

OpenID Provider (OP) metadata.

Related specifications:

• OpenID Connect Discovery 1.0, section 3.
• OpenID Connect Session Management 1.0, section 2.1 (draft 28).
• OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02).
• OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 04).
• OpenID Connect for Identity Assurance 1.0 (draft 08).
• OpenID Connect Federation 1.0 (draft 12).
• OAuth 2.0 Authorization Server Metadata (RFC 8414)
• OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705)
• Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
• OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response (draft-meyerzuselhausen-oauth-iss-auth-resp-01)

Constructor Summary

Constructors

Constructor	Description
OIDCProviderMetadata(Issuer issuer, List<SubjectType> subjectTypes, URI jwkSetURI)	Creates a new OpenID Connect provider metadata instance.

Method Summary

Modifier and Type	Method	Description
void	applyDefaults()	Applies the OpenID Provider metadata defaults where no values have been specified.
List<ACR>	getACRs()	Gets the supported Authentication Context Class References (ACRs).
URI	getCheckSessionIframeURI()	Gets the cross-origin check session iframe URI.
List<String>	getClaims()	Gets the supported claims names.
List<com.nimbusds.langtag.LangTag>	getClaimsLocales()	Gets the supported claims locales.
List<ClaimType>	getClaimTypes()	Gets the supported claim types.
Map<EndpointName,List<ClientAuthenticationMethod>>	getClientRegistrationAuthnMethods()	Gets the supported client authentication methods for automatic federation client registration.
List<ClientRegistrationType>	getClientRegistrationTypes()	Gets the supported federation client registration types.
List<Display>	getDisplays()	Gets the supported displays.
URI	getEndSessionEndpointURI()	Gets the logout endpoint URI.
URI	getFederationRegistrationEndpointURI()	Gets the federation registration endpoint URI.
List<IDDocumentType>	getIdentityDocumentTypes()	Gets the supported identity document types.
List<IdentityEvidenceType>	getIdentityEvidenceTypes()	Gets the supported identity evidence types.
List<IdentityTrustFramework>	getIdentityTrustFrameworks()	Gets the supported identity trust frameworks.
List<IdentityVerificationMethod>	getIdentityVerificationMethods()	Gets the supported identity verification methods.
List<com.nimbusds.jose.JWEAlgorithm>	getIDTokenJWEAlgs()	Gets the supported JWE algorithms for ID tokens.
List<com.nimbusds.jose.EncryptionMethod>	getIDTokenJWEEncs()	Gets the supported encryption methods for ID tokens.
List<com.nimbusds.jose.JWSAlgorithm>	getIDTokenJWSAlgs()	Gets the supported JWS algorithms for ID tokens.
OIDCProviderEndpointMetadata	getMtlsEndpointAliases()	Gets the aliases for communication with mutual TLS.
String	getOrganizationName()	Gets the organisation name (in federation).
static Set<String>	getRegisteredParameterNames()	Gets the registered OpenID Connect provider metadata parameter names.
List<SubjectType>	getSubjectTypes()	Gets the supported subject types.
URI	getUserInfoEndpointURI()	Gets the UserInfo endpoint URI.
List<com.nimbusds.jose.JWEAlgorithm>	getUserInfoJWEAlgs()	Gets the supported JWE algorithms for UserInfo JWTs.
List<com.nimbusds.jose.EncryptionMethod>	getUserInfoJWEEncs()	Gets the supported encryption methods for UserInfo JWTs.
List<com.nimbusds.jose.JWSAlgorithm>	getUserInfoJWSAlgs()	Gets the supported JWS algorithms for UserInfo JWTs.
List<String>	getVerifiedClaims()	Gets the supported verified claims names.
static OIDCProviderMetadata	parse(String s)	Parses an OpenID Provider metadata from the specified JSON object string.
static OIDCProviderMetadata	parse(net.minidev.json.JSONObject jsonObject)	Parses an OpenID Provider metadata from the specified JSON object.
static OIDCProviderMetadata	resolve(Issuer issuer)	Resolves OpenID Provider metadata from the specified issuer identifier.
static OIDCProviderMetadata	resolve(Issuer issuer, int connectTimeout, int readTimeout)	Resolves OpenID Provider metadata from the specified issuer identifier.
static URL	resolveURL(Issuer issuer)	Resolves OpenID Provider metadata URL from the specified issuer identifier.
void	setACRs(List<ACR> acrValues)	Sets the supported Authentication Context Class References (ACRs).
void	setCheckSessionIframeURI(URI checkSessionIframe)	Sets the cross-origin check session iframe URI.
void	setClaimLocales(List<com.nimbusds.langtag.LangTag> claimsLocales)	Sets the supported claims locales.
void	setClaims(List<String> claims)	Sets the supported claims names.
void	setClaimTypes(List<ClaimType> claimTypes)	Sets the supported claim types.
void	setClientRegistrationAuthnMethods(Map<EndpointName,List<ClientAuthenticationMethod>> methods)	Sets the supported client authentication methods for automatic federation client registration.
void	setClientRegistrationTypes(List<ClientRegistrationType> clientRegistrationTypes)	Sets the supported federation client registration types.
void	setDisplays(List<Display> displays)	Sets the supported displays.
void	setEndSessionEndpointURI(URI endSessionEndpoint)	Sets the logout endpoint URI.
void	setFederationRegistrationEndpointURI(URI federationRegistrationEndpoint)	Sets the federation registration endpoint URI.
void	setIdentityDocumentTypes(List<IDDocumentType> idDocuments)	Sets the supported identity document types.
void	setIdentityEvidenceTypes(List<IdentityEvidenceType> evidenceTypes)	Sets the supported identity evidence types.
void	setIdentityTrustFrameworks(List<IdentityTrustFramework> trustFrameworks)	Sets the supported identity trust frameworks.
void	setIdentityVerificationMethods(List<IdentityVerificationMethod> idVerificationMethods)	Sets the supported identity verification methods.
void	setIDTokenJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> idTokenJWEAlgs)	Sets the supported JWE algorithms for ID tokens.
void	setIDTokenJWEEncs(List<com.nimbusds.jose.EncryptionMethod> idTokenJWEEncs)	Sets the supported encryption methods for ID tokens.
void	setIDTokenJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> idTokenJWSAlgs)	Sets the supported JWS algorithms for ID tokens.
void	setMtlsEndpointAliases(AuthorizationServerEndpointMetadata mtlsEndpointAliases)	Sets the aliases for communication with mutual TLS.
void	setOrganizationName(String organizationName)	Sets the organisation name (in federation).
void	setSupportsBackChannelLogout(boolean backChannelLogoutSupported)	Sets the support for back-channel logout.
void	setSupportsBackChannelLogoutSession(boolean backChannelLogoutSessionSupported)	Sets the support for back-channel logout with a session ID.
void	setSupportsClaimsParams(boolean claimsParamSupported)	Sets the support for the claims authorisation request parameter.
void	setSupportsFrontChannelLogout(boolean frontChannelLogoutSupported)	Sets the support for front-channel logout.
void	setSupportsFrontChannelLogoutSession(boolean frontChannelLogoutSessionSupported)	Sets the support for front-channel logout with a session ID.
void	setSupportsVerifiedClaims(boolean verifiedClaimsSupported)	Sets support for verified claims.
void	setUserInfoEndpointURI(URI userInfoEndpoint)	Sets the UserInfo endpoint URI.
void	setUserInfoJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> userInfoJWEAlgs)	Sets the supported JWE algorithms for UserInfo JWTs.
void	setUserInfoJWEEncs(List<com.nimbusds.jose.EncryptionMethod> userInfoJWEEncs)	Sets the supported encryption methods for UserInfo JWTs.
void	setUserInfoJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> userInfoJWSAlgs)	Sets the supported JWS algorithms for UserInfo JWTs.
void	setVerifiedClaims(List<String> verifiedClaims)	Sets the supported verified claims names.
boolean	supportsBackChannelLogout()	Gets the support for back-channel logout.
boolean	supportsBackChannelLogoutSession()	Gets the support for back-channel logout with a session ID.
boolean	supportsClaimsParam()	Gets the support for the claims authorisation request parameter.
boolean	supportsFrontChannelLogout()	Gets the support for front-channel logout.
boolean	supportsFrontChannelLogoutSession()	Gets the support for front-channel logout with a session ID.
boolean	supportsVerifiedClaims()	Gets support for verified claims.
net.minidev.json.JSONObject	toJSONObject()	Returns the JSON object representation of this OpenID Connect provider metadata.

Methods inherited from class com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata

getAuthorizationJWEAlgs, getAuthorizationJWEEncs, getAuthorizationJWSAlgs, getBackChannelAuthenticationRequestJWSAlgs, getBackChannelTokenDeliveryModes, getCodeChallengeMethods, getCustomParameter, getCustomParameters, getCustomURIParameter, getDPoPJWSAlgs, getGrantTypes, getIncrementalAuthorizationTypes, getIntrospectionEndpointAuthMethods, getIntrospectionEndpointJWSAlgs, getIssuer, getJWKSetURI, getPolicyURI, getRequestObjectJWEAlgs, getRequestObjectJWEEncs, getRequestObjectJWSAlgs, getResponseModes, getResponseTypes, getRevocationEndpointAuthMethods, getRevocationEndpointJWSAlgs, getScopes, getServiceDocsURI, getTermsOfServiceURI, getTokenEndpointAuthMethods, getTokenEndpointJWSAlgs, getUILocales, requiresPushedAuthorizationRequests, requiresPushedAuthorizationRequests, requiresRequestURIRegistration, setAuthorizationJWEAlgs, setAuthorizationJWEEncs, setAuthorizationJWSAlgs, setBackChannelAuthenticationRequestJWSAlgs, setBackChannelTokenDeliveryModes, setCodeChallengeMethods, setCustomParameter, setDPoPJWSAlgs, setGrantTypes, setIncrementalAuthorizationTypes, setIntrospectionEndpointAuthMethods, setIntrospectionEndpointJWSAlgs, setJWKSetURI, setPolicyURI, setRequestObjectJWEAlgs, setRequestObjectJWEEncs, setRequestObjectJWSAlgs, setRequiresRequestURIRegistration, setResponseModes, setResponseTypes, setRevocationEndpointAuthMethods, setRevocationEndpointJWSAlgs, setScopes, setServiceDocsURI, setSupportsAuthorizationResponseIssuerParam, setSupportsBackChannelUserCodeParam, setSupportsMutualTLSSenderConstrainedAccessTokens, setSupportsRequestParam, setSupportsRequestURIParam, setSupportsTLSClientCertificateBoundAccessTokens, setTermsOfServiceURI, setTokenEndpointAuthMethods, setTokenEndpointJWSAlgs, setUILocales, supportsAuthorizationResponseIssuerParam, supportsBackChannelUserCodeParam, supportsMutualTLSSenderConstrainedAccessTokens, supportsRequestParam, supportsRequestURIParam, supportsTLSClientCertificateBoundAccessTokens

Methods inherited from class com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata

getAuthorizationEndpointURI, getBackChannelAuthenticationEndpoint, getDeviceAuthorizationEndpointURI, getIntrospectionEndpointURI, getPushedAuthorizationRequestEndpointURI, getRegistrationEndpointURI, getRequestObjectEndpoint, getRevocationEndpointURI, getTokenEndpointURI, setAuthorizationEndpointURI, setBackChannelAuthenticationEndpoint, setDeviceAuthorizationEndpointURI, setIntrospectionEndpointURI, setPushedAuthorizationRequestEndpointURI, setRegistrationEndpointURI, setRequestObjectEndpoint, setRevocationEndpointURI, setTokenEndpointURI, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

OIDCProviderMetadata

public OIDCProviderMetadata(Issuer issuer,
                            List<SubjectType> subjectTypes,
                            URI jwkSetURI)

Creates a new OpenID Connect provider metadata instance.

Parameters:

issuer - The issuer identifier. Must be an URI using the https scheme with no query or fragment component. Must not be null.

subjectTypes - The supported subject types. At least one must be specified. Must not be null.

jwkSetURI - The JWK set URI. Must not be null.

Method Detail

setMtlsEndpointAliases

public void setMtlsEndpointAliases(AuthorizationServerEndpointMetadata mtlsEndpointAliases)

Description copied from class: AuthorizationServerMetadata

Sets the aliases for communication with mutual TLS. Corresponds to the mtls_endpoint_aliases metadata field.

Overrides:

setMtlsEndpointAliases in class AuthorizationServerMetadata

Parameters:

mtlsEndpointAliases - The aliases for communication with mutual TLS, or null when no aliases are defined.

getMtlsEndpointAliases

public OIDCProviderEndpointMetadata getMtlsEndpointAliases()

Description copied from class: AuthorizationServerMetadata

Gets the aliases for communication with mutual TLS. Corresponds to the mtls_endpoint_aliases metadata field.

Overrides:

getMtlsEndpointAliases in class AuthorizationServerMetadata

Returns:

The aliases for communication with mutual TLS, or null when no aliases are defined.

getRegisteredParameterNames

public static Set<String> getRegisteredParameterNames()

Gets the registered OpenID Connect provider metadata parameter names.

Returns:

The registered OpenID Connect provider metadata parameter names, as an unmodifiable set.

getUserInfoEndpointURI

public URI getUserInfoEndpointURI()

Gets the UserInfo endpoint URI. Corresponds the userinfo_endpoint metadata field.

Returns:

The UserInfo endpoint URI, null if not specified.

setUserInfoEndpointURI

public void setUserInfoEndpointURI(URI userInfoEndpoint)

Sets the UserInfo endpoint URI. Corresponds the userinfo_endpoint metadata field.

Parameters:

userInfoEndpoint - The UserInfo endpoint URI, null if not specified.

getCheckSessionIframeURI

public URI getCheckSessionIframeURI()

Gets the cross-origin check session iframe URI. Corresponds to the check_session_iframe metadata field.

Returns:

The check session iframe URI, null if not specified.

setCheckSessionIframeURI

public void setCheckSessionIframeURI(URI checkSessionIframe)

Sets the cross-origin check session iframe URI. Corresponds to the check_session_iframe metadata field.

Parameters:

checkSessionIframe - The check session iframe URI, null if not specified.

getEndSessionEndpointURI

public URI getEndSessionEndpointURI()

Gets the logout endpoint URI. Corresponds to the end_session_endpoint metadata field.

Returns:

The logoout endpoint URI, null if not specified.

setEndSessionEndpointURI

public void setEndSessionEndpointURI(URI endSessionEndpoint)

Sets the logout endpoint URI. Corresponds to the end_session_endpoint metadata field.

Parameters:

endSessionEndpoint - The logoout endpoint URI, null if not specified.

getACRs

public List<ACR> getACRs()

Gets the supported Authentication Context Class References (ACRs). Corresponds to the acr_values_supported metadata field.

Returns:

The supported ACRs, null if not specified.

setACRs

public void setACRs(List<ACR> acrValues)

Sets the supported Authentication Context Class References (ACRs). Corresponds to the acr_values_supported metadata field.

Parameters:

acrValues - The supported ACRs, null if not specified.

getSubjectTypes

public List<SubjectType> getSubjectTypes()

Gets the supported subject types. Corresponds to the subject_types_supported metadata field.

Returns:

The supported subject types.

getIDTokenJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getIDTokenJWSAlgs()

Gets the supported JWS algorithms for ID tokens. Corresponds to the id_token_signing_alg_values_supported metadata field.

Returns:

The supported JWS algorithms, null if not specified.

setIDTokenJWSAlgs

public void setIDTokenJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> idTokenJWSAlgs)

Sets the supported JWS algorithms for ID tokens. Corresponds to the id_token_signing_alg_values_supported metadata field.

Parameters:

idTokenJWSAlgs - The supported JWS algorithms, null if not specified.

getIDTokenJWEAlgs

public List<com.nimbusds.jose.JWEAlgorithm> getIDTokenJWEAlgs()

Gets the supported JWE algorithms for ID tokens. Corresponds to the id_token_encryption_alg_values_supported metadata field.

Returns:

The supported JWE algorithms, null if not specified.

setIDTokenJWEAlgs

public void setIDTokenJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> idTokenJWEAlgs)

Sets the supported JWE algorithms for ID tokens. Corresponds to the id_token_encryption_alg_values_supported metadata field.

Parameters:

idTokenJWEAlgs - The supported JWE algorithms, null if not specified.

getIDTokenJWEEncs

public List<com.nimbusds.jose.EncryptionMethod> getIDTokenJWEEncs()

Gets the supported encryption methods for ID tokens. Corresponds to the id_token_encryption_enc_values_supported metadata field.

Returns:

The supported encryption methods, null if not specified.

setIDTokenJWEEncs

public void setIDTokenJWEEncs(List<com.nimbusds.jose.EncryptionMethod> idTokenJWEEncs)

Sets the supported encryption methods for ID tokens. Corresponds to the id_token_encryption_enc_values_supported metadata field.

Parameters:

idTokenJWEEncs - The supported encryption methods, null if not specified.

getUserInfoJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getUserInfoJWSAlgs()

Gets the supported JWS algorithms for UserInfo JWTs. Corresponds to the userinfo_signing_alg_values_supported metadata field.

Returns:

The supported JWS algorithms, null if not specified.

setUserInfoJWSAlgs

public void setUserInfoJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> userInfoJWSAlgs)

Sets the supported JWS algorithms for UserInfo JWTs. Corresponds to the userinfo_signing_alg_values_supported metadata field.

Parameters:

userInfoJWSAlgs - The supported JWS algorithms, null if not specified.

getUserInfoJWEAlgs

public List<com.nimbusds.jose.JWEAlgorithm> getUserInfoJWEAlgs()

Gets the supported JWE algorithms for UserInfo JWTs. Corresponds to the userinfo_encryption_alg_values_supported metadata field.

Returns:

The supported JWE algorithms, null if not specified.

setUserInfoJWEAlgs

public void setUserInfoJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> userInfoJWEAlgs)

Sets the supported JWE algorithms for UserInfo JWTs. Corresponds to the userinfo_encryption_alg_values_supported metadata field.

Parameters:

userInfoJWEAlgs - The supported JWE algorithms, null if not specified.

getUserInfoJWEEncs

public List<com.nimbusds.jose.EncryptionMethod> getUserInfoJWEEncs()

Gets the supported encryption methods for UserInfo JWTs. Corresponds to the userinfo_encryption_enc_values_supported metadata field.

Returns:

The supported encryption methods, null if not specified.

setUserInfoJWEEncs

public void setUserInfoJWEEncs(List<com.nimbusds.jose.EncryptionMethod> userInfoJWEEncs)

Sets the supported encryption methods for UserInfo JWTs. Corresponds to the userinfo_encryption_enc_values_supported metadata field.

Parameters:

userInfoJWEEncs - The supported encryption methods, null if not specified.

getDisplays

public List<Display> getDisplays()

Gets the supported displays. Corresponds to the display_values_supported metadata field.

Returns:

The supported displays, null if not specified.

setDisplays

public void setDisplays(List<Display> displays)

Sets the supported displays. Corresponds to the display_values_supported metadata field.

Parameters:

displays - The supported displays, null if not specified.

getClaimTypes

public List<ClaimType> getClaimTypes()

Gets the supported claim types. Corresponds to the claim_types_supported metadata field.

Returns:

The supported claim types, null if not specified.

setClaimTypes

public void setClaimTypes(List<ClaimType> claimTypes)

Sets the supported claim types. Corresponds to the claim_types_supported metadata field.

Parameters:

claimTypes - The supported claim types, null if not specified.

getClaims

public List<String> getClaims()

Gets the supported claims names. Corresponds to the claims_supported metadata field.

Returns:

The supported claims names, null if not specified.

setClaims

public void setClaims(List<String> claims)

Sets the supported claims names. Corresponds to the claims_supported metadata field.

Parameters:

claims - The supported claims names, null if not specified.

getClaimsLocales

public List<com.nimbusds.langtag.LangTag> getClaimsLocales()

Gets the supported claims locales. Corresponds to the claims_locales_supported metadata field.

Returns:

The supported claims locales, null if not specified.

setClaimLocales

public void setClaimLocales(List<com.nimbusds.langtag.LangTag> claimsLocales)

Sets the supported claims locales. Corresponds to the claims_locales_supported metadata field.

Parameters:

claimsLocales - The supported claims locales, null if not specified.

supportsClaimsParam

public boolean supportsClaimsParam()

Gets the support for the claims authorisation request parameter. Corresponds to the claims_parameter_supported metadata field.

Returns:

true if the claim parameter is supported, else false.

setSupportsClaimsParams

public void setSupportsClaimsParams(boolean claimsParamSupported)

Sets the support for the claims authorisation request parameter. Corresponds to the claims_parameter_supported metadata field.

Parameters:

claimsParamSupported - true if the claim parameter is supported, else false.

supportsFrontChannelLogout

public boolean supportsFrontChannelLogout()

Gets the support for front-channel logout. Corresponds to the frontchannel_logout_supported metadata field.

Returns:

true if front-channel logout is supported, else false.

setSupportsFrontChannelLogout

public void setSupportsFrontChannelLogout(boolean frontChannelLogoutSupported)

Sets the support for front-channel logout. Corresponds to the frontchannel_logout_supported metadata field.

Parameters:

frontChannelLogoutSupported - true if front-channel logout is supported, else false.

supportsFrontChannelLogoutSession

public boolean supportsFrontChannelLogoutSession()

Gets the support for front-channel logout with a session ID. Corresponds to the frontchannel_logout_session_supported metadata field.

Returns:

true if front-channel logout with a session ID is supported, else false.

setSupportsFrontChannelLogoutSession

public void setSupportsFrontChannelLogoutSession(boolean frontChannelLogoutSessionSupported)

Sets the support for front-channel logout with a session ID. Corresponds to the frontchannel_logout_session_supported metadata field.

Parameters:

frontChannelLogoutSessionSupported - true if front-channel logout with a session ID is supported, else false.

supportsBackChannelLogout

public boolean supportsBackChannelLogout()

Gets the support for back-channel logout. Corresponds to the backchannel_logout_supported metadata field.

Returns:

true if back-channel logout is supported, else false.

setSupportsBackChannelLogout

public void setSupportsBackChannelLogout(boolean backChannelLogoutSupported)

Sets the support for back-channel logout. Corresponds to the backchannel_logout_supported metadata field.

Parameters:

backChannelLogoutSupported - true if back-channel logout is supported, else false.

supportsBackChannelLogoutSession

public boolean supportsBackChannelLogoutSession()

Gets the support for back-channel logout with a session ID. Corresponds to the backchannel_logout_session_supported metadata field.

Returns:

true if back-channel logout with a session ID is supported, else false.

setSupportsBackChannelLogoutSession

public void setSupportsBackChannelLogoutSession(boolean backChannelLogoutSessionSupported)

Sets the support for back-channel logout with a session ID. Corresponds to the backchannel_logout_session_supported metadata field.

Parameters:

backChannelLogoutSessionSupported - true if back-channel logout with a session ID is supported, else false.

supportsVerifiedClaims

public boolean supportsVerifiedClaims()

Gets support for verified claims. Corresponds to the verified_claims_supported metadata field.

Returns:

true if verified claims are supported, else false.

setSupportsVerifiedClaims

public void setSupportsVerifiedClaims(boolean verifiedClaimsSupported)

Sets support for verified claims. Corresponds to the verified_claims_supported metadata field.

Parameters:

verifiedClaimsSupported - true if verified claims are supported, else false.

getIdentityTrustFrameworks

public List<IdentityTrustFramework> getIdentityTrustFrameworks()

Gets the supported identity trust frameworks. Corresponds to the trust_frameworks_supported metadata field.

Returns:

The supported identity trust frameworks, null if not specified.

setIdentityTrustFrameworks

public void setIdentityTrustFrameworks(List<IdentityTrustFramework> trustFrameworks)

Sets the supported identity trust frameworks. Corresponds to the trust_frameworks_supported metadata field.

Parameters:

trustFrameworks - The supported identity trust frameworks, null if not specified.

getIdentityEvidenceTypes

public List<IdentityEvidenceType> getIdentityEvidenceTypes()

Gets the supported identity evidence types. Corresponds to the evidence_supported metadata field.

Returns:

The supported identity evidence types, null if not specified.

setIdentityEvidenceTypes

public void setIdentityEvidenceTypes(List<IdentityEvidenceType> evidenceTypes)

Sets the supported identity evidence types. Corresponds to the evidence_supported metadata field.

Parameters:

evidenceTypes - The supported identity evidence types, null if not specified.

getIdentityDocumentTypes

public List<IDDocumentType> getIdentityDocumentTypes()

Gets the supported identity document types. Corresponds to the id_documents_supported metadata field.

Returns:

The supported identity documents types, null if not specified.

setIdentityDocumentTypes

public void setIdentityDocumentTypes(List<IDDocumentType> idDocuments)

Sets the supported identity document types. Corresponds to the id_documents_supported metadata field.

Parameters:

idDocuments - The supported identity document types, null if not specified.

getIdentityVerificationMethods

public List<IdentityVerificationMethod> getIdentityVerificationMethods()

Gets the supported identity verification methods. Corresponds to the id_documents_verification_methods_supported metadata field.

Returns:

The supported identity verification methods, null if not specified.

setIdentityVerificationMethods

public void setIdentityVerificationMethods(List<IdentityVerificationMethod> idVerificationMethods)

Sets the supported identity verification methods. Corresponds to the id_documents_verification_methods_supported metadata field.

Parameters:

idVerificationMethods - The supported identity verification methods, null if not specified.

getVerifiedClaims

public List<String> getVerifiedClaims()

Gets the supported verified claims names. Corresponds to the claims_in_verified_claims_supported metadata field.

Returns:

The supported verified claims names, null if not specified.

setVerifiedClaims

public void setVerifiedClaims(List<String> verifiedClaims)

Sets the supported verified claims names. Corresponds to the claims_in_verified_claims_supported metadata field.

Parameters:

verifiedClaims - The supported verified claims names, null if not specified.

getClientRegistrationTypes

public List<ClientRegistrationType> getClientRegistrationTypes()

Gets the supported federation client registration types. Corresponds to the client_registration_types_supported metadata field.

Returns:

The supported client registration types, null if not specified.

setClientRegistrationTypes

public void setClientRegistrationTypes(List<ClientRegistrationType> clientRegistrationTypes)

Sets the supported federation client registration types. Corresponds to the client_registration_types_supported metadata field.

Parameters:

clientRegistrationTypes - The supported client registration types, null if not specified.

getClientRegistrationAuthnMethods

public Map<EndpointName,List<ClientAuthenticationMethod>> getClientRegistrationAuthnMethods()

Gets the supported client authentication methods for automatic federation client registration. Corresponds to the client_registration_authn_methods_supported field.

Returns:

The supported authentication methods for automatic federation client registration, null if not specified.

setClientRegistrationAuthnMethods

public void setClientRegistrationAuthnMethods(Map<EndpointName,List<ClientAuthenticationMethod>> methods)

Sets the supported client authentication methods for automatic federation client registration. Corresponds to the client_registration_authn_methods_supported field.

Parameters:

methods - The supported authentication methods for automatic federation client registration, null if not specified.

getOrganizationName

public String getOrganizationName()

Gets the organisation name (in federation). Corresponds to the organization_name metadata field.

Returns:

The organisation name, null if not specified.

setOrganizationName

public void setOrganizationName(String organizationName)

Sets the organisation name (in federation). Corresponds to the organization_name metadata field.

Parameters:

organizationName - The organisation name, null if not specified.

getFederationRegistrationEndpointURI

public URI getFederationRegistrationEndpointURI()

Gets the federation registration endpoint URI. Corresponds to the federation_registration_endpoint metadata field.

Returns:

The federation registration endpoint URI, null if not specified.

setFederationRegistrationEndpointURI

public void setFederationRegistrationEndpointURI(URI federationRegistrationEndpoint)

Sets the federation registration endpoint URI. Corresponds to the federation_registration_endpoint metadata field.

Parameters:

federationRegistrationEndpoint - The federation registration endpoint URI, null if not specified.

applyDefaults

public void applyDefaults()

Applies the OpenID Provider metadata defaults where no values have been specified.

• The response modes default to ["query", "fragment"].
• The grant types default to ["authorization_code", "implicit"].
• The token endpoint authentication methods default to ["client_secret_basic"].
• The claim types default to ["normal].

Overrides:

applyDefaults in class AuthorizationServerMetadata

toJSONObject

public net.minidev.json.JSONObject toJSONObject()

Returns the JSON object representation of this OpenID Connect provider metadata.

Overrides:

toJSONObject in class AuthorizationServerMetadata

Returns:

The JSON object representation.

parse

public static OIDCProviderMetadata parse(net.minidev.json.JSONObject jsonObject)
                                  throws ParseException

Parses an OpenID Provider metadata from the specified JSON object.

Parameters:

jsonObject - The JSON object to parse. Must not be null.

Returns:

The OpenID Provider metadata.

Throws:

ParseException - If the JSON object couldn't be parsed to an OpenID Provider metadata.

parse

public static OIDCProviderMetadata parse(String s)
                                  throws ParseException

Parses an OpenID Provider metadata from the specified JSON object string.

Parameters:

s - The JSON object sting to parse. Must not be null.

Returns:

The OpenID Provider metadata.

Throws:

ParseException - If the JSON object string couldn't be parsed to an OpenID Provider metadata.

resolveURL

public static URL resolveURL(Issuer issuer)
                      throws GeneralException

Resolves OpenID Provider metadata URL from the specified issuer identifier.

Parameters:

issuer - The OpenID Provider issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

Returns:

The OpenID Provider metadata URL.

Throws:

GeneralException - If the issuer identifier is invalid.

resolve

public static OIDCProviderMetadata resolve(Issuer issuer)
                                    throws GeneralException,
                                           IOException

Resolves OpenID Provider metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from [issuer-url]/.well-known/openid-configuration.

Parameters:

issuer - The OpenID Provider issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

Returns:

The OpenID Provider metadata.

Throws:

GeneralException - If the issuer identifier or the downloaded metadata are invalid.

IOException - On a HTTP exception.

resolve

public static OIDCProviderMetadata resolve(Issuer issuer,
                                           int connectTimeout,
                                           int readTimeout)
                                    throws GeneralException,
                                           IOException

Resolves OpenID Provider metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from [issuer-url]/.well-known/openid-configuration, using the specified HTTP timeouts.

Parameters:

issuer - The issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

connectTimeout - The HTTP connect timeout, in milliseconds. Zero implies no timeout. Must not be negative.

readTimeout - The HTTP response read timeout, in milliseconds. Zero implies no timeout. Must not be negative.

Returns:

The OpenID Provider metadata.

Throws:

GeneralException - If the issuer identifier or the downloaded metadata are invalid.

IOException - On a HTTP exception.