001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2021, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.net.URI; 022import java.util.List; 023import java.util.Map; 024 025import com.nimbusds.jose.EncryptionMethod; 026import com.nimbusds.jose.JWEAlgorithm; 027import com.nimbusds.jose.JWSAlgorithm; 028import com.nimbusds.langtag.LangTag; 029import com.nimbusds.oauth2.sdk.as.ReadOnlyAuthorizationServerMetadata; 030import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod; 031import com.nimbusds.openid.connect.sdk.Display; 032import com.nimbusds.openid.connect.sdk.SubjectType; 033import com.nimbusds.openid.connect.sdk.assurance.IdentityTrustFramework; 034import com.nimbusds.openid.connect.sdk.assurance.evidences.*; 035import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.AttachmentType; 036import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.HashAlgorithm; 037import com.nimbusds.openid.connect.sdk.claims.ACR; 038import com.nimbusds.openid.connect.sdk.claims.ClaimType; 039import com.nimbusds.openid.connect.sdk.federation.registration.ClientRegistrationType; 040 041 042/** 043 * Read-only OpenID Provider (OP) metadata. 044 * 045 * <p>Related specifications: 046 * 047 * <ul> 048 * <li>OpenID Connect Discovery 1.0, section 3. 049 * <li>OpenID Connect Session Management 1.0, section 2.1 (draft 28). 050 * <li>OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02). 051 * <li>OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 04). 052 * <li>OpenID Connect for Identity Assurance 1.0 (draft 12). 053 * <li>OpenID Connect Federation 1.0 (draft 12). 054 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 055 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 056 * Access Tokens (RFC 8705) 057 * <li>Financial-grade API: JWT Secured Authorization Response Mode for 058 * OAuth 2.0 (JARM) 059 * <li>OAuth 2.0 Authorization Server Issuer Identifier in Authorization 060 * Response (draft-ietf-oauth-iss-auth-resp-00) 061 * </ul> 062 */ 063public interface ReadOnlyOIDCProviderMetadata extends ReadOnlyAuthorizationServerMetadata, ReadOnlyOIDCProviderEndpointMetadata { 064 065 066 @Override 067 ReadOnlyOIDCProviderEndpointMetadata getReadOnlyMtlsEndpointAliases(); 068 069 070 /** 071 * Gets the supported Authentication Context Class References (ACRs). 072 * Corresponds to the {@code acr_values_supported} metadata field. 073 * 074 * @return The supported ACRs, {@code null} if not specified. 075 */ 076 List<ACR> getACRs(); 077 078 079 /** 080 * Gets the supported subject types. Corresponds to the 081 * {@code subject_types_supported} metadata field. 082 * 083 * @return The supported subject types. 084 */ 085 List<SubjectType> getSubjectTypes(); 086 087 088 /** 089 * Gets the supported JWS algorithms for ID tokens. Corresponds to the 090 * {@code id_token_signing_alg_values_supported} metadata field. 091 * 092 * @return The supported JWS algorithms, {@code null} if not specified. 093 */ 094 List<JWSAlgorithm> getIDTokenJWSAlgs(); 095 096 097 /** 098 * Gets the supported JWE algorithms for ID tokens. Corresponds to the 099 * {@code id_token_encryption_alg_values_supported} metadata field. 100 * 101 * @return The supported JWE algorithms, {@code null} if not specified. 102 */ 103 List<JWEAlgorithm> getIDTokenJWEAlgs(); 104 105 106 /** 107 * Gets the supported encryption methods for ID tokens. Corresponds to 108 * the {@code id_token_encryption_enc_values_supported} metadata field. 109 * 110 * @return The supported encryption methods, {@code null} if not 111 * specified. 112 */ 113 List<EncryptionMethod> getIDTokenJWEEncs(); 114 115 116 /** 117 * Gets the supported JWS algorithms for UserInfo JWTs. Corresponds to 118 * the {@code userinfo_signing_alg_values_supported} metadata field. 119 * 120 * @return The supported JWS algorithms, {@code null} if not specified. 121 */ 122 List<JWSAlgorithm> getUserInfoJWSAlgs(); 123 124 125 /** 126 * Gets the supported JWE algorithms for UserInfo JWTs. Corresponds to 127 * the {@code userinfo_encryption_alg_values_supported} metadata field. 128 * 129 * @return The supported JWE algorithms, {@code null} if not specified. 130 */ 131 List<JWEAlgorithm> getUserInfoJWEAlgs(); 132 133 134 /** 135 * Gets the supported encryption methods for UserInfo JWTs. Corresponds 136 * to the {@code userinfo_encryption_enc_values_supported} metadata 137 * field. 138 * 139 * @return The supported encryption methods, {@code null} if not 140 * specified. 141 */ 142 List<EncryptionMethod> getUserInfoJWEEncs(); 143 144 145 /** 146 * Gets the supported displays. Corresponds to the 147 * {@code display_values_supported} metadata field. 148 * 149 * @return The supported displays, {@code null} if not specified. 150 */ 151 List<Display> getDisplays(); 152 153 154 /** 155 * Gets the supported claim types. Corresponds to the 156 * {@code claim_types_supported} metadata field. 157 * 158 * @return The supported claim types, {@code null} if not specified. 159 */ 160 List<ClaimType> getClaimTypes(); 161 162 163 /** 164 * Gets the supported claims names. Corresponds to the 165 * {@code claims_supported} metadata field. 166 * 167 * @return The supported claims names, {@code null} if not specified. 168 */ 169 List<String> getClaims(); 170 171 172 /** 173 * Gets the supported claims locales. Corresponds to the 174 * {@code claims_locales_supported} metadata field. 175 * 176 * @return The supported claims locales, {@code null} if not specified. 177 */ 178 List<LangTag> getClaimsLocales(); 179 180 181 /** 182 * Gets the support for the {@code claims} authorisation request 183 * parameter. Corresponds to the {@code claims_parameter_supported} 184 * metadata field. 185 * 186 * @return {@code true} if the {@code claim} parameter is supported, 187 * else {@code false}. 188 */ 189 boolean supportsClaimsParam(); 190 191 192 /** 193 * Gets the support for front-channel logout. Corresponds to the 194 * {@code frontchannel_logout_supported} metadata field. 195 * 196 * @return {@code true} if front-channel logout is supported, else 197 * {@code false}. 198 */ 199 boolean supportsFrontChannelLogout(); 200 201 202 /** 203 * Gets the support for front-channel logout with a session ID. 204 * Corresponds to the {@code frontchannel_logout_session_supported} 205 * metadata field. 206 * 207 * @return {@code true} if front-channel logout with a session ID is 208 * supported, else {@code false}. 209 */ 210 boolean supportsFrontChannelLogoutSession(); 211 212 213 /** 214 * Gets the support for back-channel logout. Corresponds to the 215 * {@code backchannel_logout_supported} metadata field. 216 * 217 * @return {@code true} if back-channel logout is supported, else 218 * {@code false}. 219 */ 220 boolean supportsBackChannelLogout(); 221 222 223 /** 224 * Gets the support for back-channel logout with a session ID. 225 * Corresponds to the {@code backchannel_logout_session_supported} 226 * metadata field. 227 * 228 * @return {@code true} if back-channel logout with a session ID is 229 * supported, else {@code false}. 230 */ 231 boolean supportsBackChannelLogoutSession(); 232 233 234 /** 235 * Gets support for verified claims. Corresponds to the 236 * {@code verified_claims_supported} metadata field. 237 * 238 * @return {@code true} if verified claims are supported, else 239 * {@code false}. 240 */ 241 boolean supportsVerifiedClaims(); 242 243 244 /** 245 * Gets the supported identity trust frameworks. Corresponds to the 246 * {@code trust_frameworks_supported} metadata field. 247 * 248 * @return The supported identity trust frameworks, {@code null} if not 249 * specified. 250 */ 251 List<IdentityTrustFramework> getIdentityTrustFrameworks(); 252 253 254 /** 255 * Gets the supported identity evidence types. Corresponds to the 256 * {@code evidence_supported} metadata field. 257 * 258 * @return The supported identity evidence types, {@code null} if not 259 * specified. 260 */ 261 List<IdentityEvidenceType> getIdentityEvidenceTypes(); 262 263 264 /** 265 * Gets the supported identity document types. Corresponds to the 266 * {@code documents_supported} metadata field. 267 * 268 * @return The supported identity document types, {@code null} if not 269 * specified. 270 */ 271 List<DocumentType> getDocumentTypes(); 272 273 274 /** 275 * Gets the supported identity document types. Corresponds to the 276 * {@code id_documents_supported} metadata field. 277 * 278 * @return The supported identity documents types, {@code null} if not 279 * specified. 280 * @deprecated Use {@link #getDocumentTypes} instead. 281 */ 282 @Deprecated 283 List<IDDocumentType> getIdentityDocumentTypes(); 284 285 286 /** 287 * Gets the supported coarse identity verification methods for 288 * evidences of type document. Corresponds to the 289 * {@code documents_methods_supported} metadata field. 290 * 291 * @return The supported identity verification methods for document 292 * evidences, {@code null} if not specified. 293 */ 294 List<IdentityVerificationMethod> getDocumentMethods(); 295 296 297 /** 298 * Gets the supported validation methods for evidences of type 299 * document. Corresponds to the 300 * {@code documents_validation_methods_supported} metadata field. 301 * 302 * @return The validation methods for document evidences, {@code null} 303 * if not specified. 304 */ 305 List<ValidationMethodType> getDocumentValidationMethods(); 306 307 308 /** 309 * Gets the supported verification methods for evidences of type 310 * document. Corresponds to the 311 * {@code documents_verification_methods_supported} metadata field. 312 * 313 * @return The verification methods for document evidences, {@code null} 314 * if not specified. 315 */ 316 List<VerificationMethodType> getDocumentVerificationMethods(); 317 318 319 /** 320 * Gets the supported electronic record types. Corresponds to the 321 * {@code electronic_records_supported} metadata field. 322 * 323 * @return The supported electronic record types, {@code null} if not 324 * specified. 325 */ 326 List<ElectronicRecordType> getElectronicRecordTypes(); 327 328 329 /** 330 * Gets the supported identity verification methods. Corresponds to the 331 * {@code id_documents_verification_methods_supported} metadata field. 332 * 333 * @return The supported identity verification methods, {@code null} if 334 * not specified. 335 */ 336 @Deprecated 337 List<IdentityVerificationMethod> getIdentityVerificationMethods(); 338 339 340 /** 341 * Gets the names of the supported verified claims. Corresponds to the 342 * {@code claims_in_verified_claims_supported} metadata field. 343 * 344 * @return The supported verified claims names, {@code null} if not 345 * specified. 346 */ 347 List<String> getVerifiedClaims(); 348 349 350 /** 351 * Gets the supported evidence attachment types. Corresponds to the 352 * {@code attachments_supported} metadata field. 353 * 354 * @return The supported evidence attachment types, empty if 355 * attachments are not supported, {@code null} if not 356 * specified. 357 */ 358 List<AttachmentType> getAttachmentTypes(); 359 360 361 /** 362 * Gets the supported digest algorithms for the external evidence 363 * attachments. Corresponds to the {@code digest_algorithms_supported} 364 * metadata field. 365 * 366 * @return The supported digest algorithms, {@code null} if not 367 * specified. 368 */ 369 List<HashAlgorithm> getAttachmentDigestAlgs(); 370 371 372 /** 373 * Gets the supported federation client registration types. Corresponds 374 * to the {@code client_registration_types_supported} metadata field. 375 * 376 * @return The supported client registration types, {@code null} if not 377 * specified. 378 */ 379 List<ClientRegistrationType> getClientRegistrationTypes(); 380 381 382 /** 383 * Gets the supported client authentication methods for automatic 384 * federation client registration. Corresponds to the 385 * {@code client_registration_authn_methods_supported} field. 386 * 387 * @return The supported authentication methods for automatic 388 * federation client registration, {@code null} if not 389 * specified. 390 */ 391 Map<EndpointName, List<ClientAuthenticationMethod>> getClientRegistrationAuthnMethods(); 392 393 394 /** 395 * Gets the organisation name (in federation). Corresponds to the 396 * {@code organization_name} metadata field. 397 * 398 * @return The organisation name, {@code null} if not specified. 399 */ 400 String getOrganizationName(); 401}