001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.as; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 030import com.nimbusds.oauth2.sdk.util.OrderedJSONObject; 031 032 033/** 034 * OAuth 2.0 Authorisation Server (AS) metadata for the endpoints. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (RFC 8705) 042 * <li>OAuth 2.0 Pushed Authorization Requests (draft-ietf-oauth-par-05) 043 * <li>OAuth 2.0 Device Authorization Grant (RFC 8628) 044 * <li>OpenID Connect Client Initiated Backchannel Authentication Flow - 045 * Core 1.0 (draft 03) 046 * </ul> 047 */ 048public class AuthorizationServerEndpointMetadata { 049 050 /** 051 * The registered parameter names. 052 */ 053 private static final Set<String> REGISTERED_PARAMETER_NAMES; 054 055 056 static { 057 Set<String> p = new HashSet<>(); 058 p.add("authorization_endpoint"); 059 p.add("token_endpoint"); 060 p.add("registration_endpoint"); 061 p.add("introspection_endpoint"); 062 p.add("revocation_endpoint"); 063 p.add("request_object_endpoint"); 064 p.add("pushed_authorization_request_endpoint"); 065 p.add("device_authorization_endpoint"); 066 p.add("backchannel_authentication_endpoint"); 067 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 068 } 069 070 071 /** 072 * Gets the registered provider metadata parameter names for endpoints. 073 * 074 * @return The registered provider metadata parameter names for 075 * endpoints, as an unmodifiable set. 076 */ 077 public static Set<String> getRegisteredParameterNames() { 078 079 return REGISTERED_PARAMETER_NAMES; 080 } 081 082 083 /** 084 * The authorisation endpoint. 085 */ 086 private URI authzEndpoint; 087 088 089 /** 090 * The token endpoint. 091 */ 092 private URI tokenEndpoint; 093 094 095 /** 096 * The registration endpoint. 097 */ 098 private URI regEndpoint; 099 100 101 /** 102 * The token introspection endpoint. 103 */ 104 private URI introspectionEndpoint; 105 106 107 /** 108 * The token revocation endpoint. 109 */ 110 private URI revocationEndpoint; 111 112 113 /** 114 * The request object endpoint. 115 */ 116 private URI requestObjectEndpoint; 117 118 119 /** 120 * The pushed request object endpoint. 121 */ 122 private URI parEndpoint; 123 124 125 /** 126 * The device authorization endpoint. 127 */ 128 private URI deviceAuthzEndpoint; 129 130 131 /** 132 * The back-channel authentication endpoint. 133 */ 134 private URI backChannelAuthEndpoint; 135 136 137 /** 138 * Creates a new OAuth 2.0 Authorisation Server (AS) endpoint metadata 139 * instance. 140 */ 141 public AuthorizationServerEndpointMetadata() { 142 } 143 144 145 /** 146 * Gets the authorisation endpoint URI. Corresponds the 147 * {@code authorization_endpoint} metadata field. 148 * 149 * @return The authorisation endpoint URI, {@code null} if not 150 * specified. 151 */ 152 public URI getAuthorizationEndpointURI() { 153 154 return authzEndpoint; 155 } 156 157 158 /** 159 * Sets the authorisation endpoint URI. Corresponds the 160 * {@code authorization_endpoint} metadata field. 161 * 162 * @param authzEndpoint The authorisation endpoint URI, {@code null} if 163 * not specified. 164 */ 165 public void setAuthorizationEndpointURI(final URI authzEndpoint) { 166 167 this.authzEndpoint = authzEndpoint; 168 } 169 170 171 /** 172 * Gets the token endpoint URI. Corresponds the {@code token_endpoint} 173 * metadata field. 174 * 175 * @return The token endpoint URI, {@code null} if not specified. 176 */ 177 public URI getTokenEndpointURI() { 178 179 return tokenEndpoint; 180 } 181 182 183 /** 184 * Sts the token endpoint URI. Corresponds the {@code token_endpoint} 185 * metadata field. 186 * 187 * @param tokenEndpoint The token endpoint URI, {@code null} if not 188 * specified. 189 */ 190 public void setTokenEndpointURI(final URI tokenEndpoint) { 191 192 this.tokenEndpoint = tokenEndpoint; 193 } 194 195 196 /** 197 * Gets the client registration endpoint URI. Corresponds to the 198 * {@code registration_endpoint} metadata field. 199 * 200 * @return The client registration endpoint URI, {@code null} if not 201 * specified. 202 */ 203 public URI getRegistrationEndpointURI() { 204 205 return regEndpoint; 206 } 207 208 209 /** 210 * Sets the client registration endpoint URI. Corresponds to the 211 * {@code registration_endpoint} metadata field. 212 * 213 * @param regEndpoint The client registration endpoint URI, 214 * {@code null} if not specified. 215 */ 216 public void setRegistrationEndpointURI(final URI regEndpoint) { 217 218 this.regEndpoint = regEndpoint; 219 } 220 221 222 /** 223 * Gets the token introspection endpoint URI. Corresponds to the 224 * {@code introspection_endpoint} metadata field. 225 * 226 * @return The token introspection endpoint URI, {@code null} if not 227 * specified. 228 */ 229 public URI getIntrospectionEndpointURI() { 230 231 return introspectionEndpoint; 232 } 233 234 235 /** 236 * Sets the token introspection endpoint URI. Corresponds to the 237 * {@code introspection_endpoint} metadata field. 238 * 239 * @param introspectionEndpoint The token introspection endpoint URI, 240 * {@code null} if not specified. 241 */ 242 public void setIntrospectionEndpointURI(final URI introspectionEndpoint) { 243 244 this.introspectionEndpoint = introspectionEndpoint; 245 } 246 247 248 /** 249 * Gets the token revocation endpoint URI. Corresponds to the 250 * {@code revocation_endpoint} metadata field. 251 * 252 * @return The token revocation endpoint URI, {@code null} if not 253 * specified. 254 */ 255 public URI getRevocationEndpointURI() { 256 257 return revocationEndpoint; 258 } 259 260 261 /** 262 * Sets the token revocation endpoint URI. Corresponds to the 263 * {@code revocation_endpoint} metadata field. 264 * 265 * @param revocationEndpoint The token revocation endpoint URI, 266 * {@code null} if not specified. 267 */ 268 public void setRevocationEndpointURI(final URI revocationEndpoint) { 269 270 this.revocationEndpoint = revocationEndpoint; 271 } 272 273 274 /** 275 * Gets the request object endpoint. Corresponds to the 276 * {@code request_object_endpoint} metadata field. 277 * 278 * @return The request object endpoint, {@code null} if not specified. 279 */ 280 @Deprecated 281 public URI getRequestObjectEndpoint() { 282 283 return requestObjectEndpoint; 284 } 285 286 287 /** 288 * Sets the request object endpoint. Corresponds to the 289 * {@code request_object_endpoint} metadata field. 290 * 291 * @param requestObjectEndpoint The request object endpoint, 292 * {@code null} if not specified. 293 */ 294 @Deprecated 295 public void setRequestObjectEndpoint(final URI requestObjectEndpoint) { 296 297 this.requestObjectEndpoint = requestObjectEndpoint; 298 } 299 300 301 /** 302 * Gets the pushed authorisation request endpoint. Corresponds to the 303 * {@code pushed_authorization_request_endpoint} metadata field. 304 * 305 * @return The pushed authorisation request endpoint, {@code null} if 306 * not specified. 307 */ 308 public URI getPushedAuthorizationRequestEndpointURI() { 309 310 return parEndpoint; 311 } 312 313 314 /** 315 * Gets the pushed authorisation request endpoint. Corresponds to the 316 * {@code pushed_authorization_request_endpoint} metadata field. 317 * 318 * @param parEndpoint The pushed authorisation request endpoint, 319 * {@code null} if not specified. 320 */ 321 public void setPushedAuthorizationRequestEndpointURI(final URI parEndpoint) { 322 323 this.parEndpoint = parEndpoint; 324 } 325 326 327 /** 328 * Gets the device authorization endpoint URI. Corresponds the 329 * {@code device_authorization_endpoint} metadata field. 330 * 331 * @return The device authorization endpoint URI, {@code null} if not 332 * specified. 333 */ 334 public URI getDeviceAuthorizationEndpointURI() { 335 336 return deviceAuthzEndpoint; 337 } 338 339 340 /** 341 * Sets the device authorization endpoint URI. Corresponds the 342 * {@code device_authorization_endpoint} metadata field. 343 * 344 * @param deviceAuthzEndpoint The device authorization endpoint URI, 345 * {@code null} if not specified. 346 */ 347 public void setDeviceAuthorizationEndpointURI(final URI deviceAuthzEndpoint) { 348 349 this.deviceAuthzEndpoint = deviceAuthzEndpoint; 350 } 351 352 353 /** 354 * Gets the back-channel authentication endpoint URI. Corresponds the 355 * {@code backchannel_authentication_endpoint} metadata field. 356 * 357 * @return The back-channel authentication endpoint URI, {@code null} 358 * if not specified. 359 */ 360 public URI getBackChannelAuthenticationEndpoint() { 361 362 return backChannelAuthEndpoint; 363 } 364 365 366 /** 367 * Sets the back-channel authentication endpoint URI. Corresponds the 368 * {@code backchannel_authentication_endpoint} metadata field. 369 * 370 * @param backChannelAuthEndpoint The back-channel authentication e 371 * endpoint URI, {@code null} if not 372 * specified. 373 */ 374 public void setBackChannelAuthenticationEndpoint(final URI backChannelAuthEndpoint) { 375 376 this.backChannelAuthEndpoint = backChannelAuthEndpoint; 377 } 378 379 380 /** 381 * Returns the JSON object representation of this OpenID Connect 382 * provider metadata. 383 * 384 * @return The JSON object representation. 385 */ 386 public JSONObject toJSONObject() { 387 388 JSONObject o = new OrderedJSONObject(); 389 390 if (authzEndpoint != null) 391 o.put("authorization_endpoint", authzEndpoint.toString()); 392 393 if (tokenEndpoint != null) 394 o.put("token_endpoint", tokenEndpoint.toString()); 395 396 if (regEndpoint != null) 397 o.put("registration_endpoint", regEndpoint.toString()); 398 399 if (introspectionEndpoint != null) 400 o.put("introspection_endpoint", introspectionEndpoint.toString()); 401 402 if (revocationEndpoint != null) 403 o.put("revocation_endpoint", revocationEndpoint.toString()); 404 405 if (requestObjectEndpoint != null) 406 o.put("request_object_endpoint", requestObjectEndpoint.toString()); 407 408 if (parEndpoint != null) 409 o.put("pushed_authorization_request_endpoint", parEndpoint.toString()); 410 411 if (deviceAuthzEndpoint != null) 412 o.put("device_authorization_endpoint", deviceAuthzEndpoint.toString()); 413 414 if (backChannelAuthEndpoint != null) 415 o.put("backchannel_authentication_endpoint", backChannelAuthEndpoint.toString()); 416 417 return o; 418 } 419 420 421 @Override 422 public String toString() { 423 return toJSONObject().toJSONString(); 424 } 425 426 427 /** 428 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 429 * JSON object. 430 * 431 * @param jsonObject The JSON object to parse. Must not be 432 * {@code null}. 433 * 434 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 435 * 436 * @throws ParseException If the JSON object couldn't be parsed to an 437 * OAuth 2.0 Authorisation Server endpoint metadata. 438 */ 439 public static AuthorizationServerEndpointMetadata parse(final JSONObject jsonObject) 440 throws ParseException { 441 442 // Parse issuer and subject_types_supported first 443 444 AuthorizationServerEndpointMetadata as = new AuthorizationServerEndpointMetadata(); 445 446 as.authzEndpoint = JSONObjectUtils.getURI(jsonObject, "authorization_endpoint", null); 447 as.tokenEndpoint = JSONObjectUtils.getURI(jsonObject, "token_endpoint", null); 448 as.regEndpoint = JSONObjectUtils.getURI(jsonObject, "registration_endpoint", null); 449 as.introspectionEndpoint = JSONObjectUtils.getURI(jsonObject, "introspection_endpoint", null); 450 as.revocationEndpoint = JSONObjectUtils.getURI(jsonObject, "revocation_endpoint", null); 451 as.requestObjectEndpoint = JSONObjectUtils.getURI(jsonObject, "request_object_endpoint", null); 452 as.parEndpoint = JSONObjectUtils.getURI(jsonObject, "pushed_authorization_request_endpoint", null); 453 as.deviceAuthzEndpoint = JSONObjectUtils.getURI(jsonObject, "device_authorization_endpoint", null); 454 as.backChannelAuthEndpoint = JSONObjectUtils.getURI(jsonObject, "backchannel_authentication_endpoint", null); 455 return as; 456 } 457}