001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.as; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 030import com.nimbusds.oauth2.sdk.util.OrderedJSONObject; 031 032 033/** 034 * OAuth 2.0 Authorisation Server (AS) endpoint metadata. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (RFC 8705) 042 * <li>OAuth 2.0 Pushed Authorization Requests (RFC 9126) 043 * <li>OAuth 2.0 Device Authorization Grant (RFC 8628) 044 * <li>OpenID Connect Client Initiated Backchannel Authentication Flow - 045 * Core 1.0 046 * </ul> 047 */ 048public class AuthorizationServerEndpointMetadata implements ReadOnlyAuthorizationServerEndpointMetadata { 049 050 /** 051 * The registered parameter names. 052 */ 053 private static final Set<String> REGISTERED_PARAMETER_NAMES; 054 055 056 static { 057 Set<String> p = new HashSet<>(); 058 p.add("authorization_endpoint"); 059 p.add("token_endpoint"); 060 p.add("registration_endpoint"); 061 p.add("introspection_endpoint"); 062 p.add("revocation_endpoint"); 063 p.add("request_object_endpoint"); 064 p.add("pushed_authorization_request_endpoint"); 065 p.add("device_authorization_endpoint"); 066 p.add("backchannel_authentication_endpoint"); 067 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 068 } 069 070 071 /** 072 * Gets the registered provider metadata parameter names for endpoints. 073 * 074 * @return The registered provider metadata parameter names for 075 * endpoints, as an unmodifiable set. 076 */ 077 public static Set<String> getRegisteredParameterNames() { 078 079 return REGISTERED_PARAMETER_NAMES; 080 } 081 082 083 /** 084 * The authorisation endpoint. 085 */ 086 private URI authzEndpoint; 087 088 089 /** 090 * The token endpoint. 091 */ 092 private URI tokenEndpoint; 093 094 095 /** 096 * The registration endpoint. 097 */ 098 private URI regEndpoint; 099 100 101 /** 102 * The token introspection endpoint. 103 */ 104 private URI introspectionEndpoint; 105 106 107 /** 108 * The token revocation endpoint. 109 */ 110 private URI revocationEndpoint; 111 112 113 /** 114 * The request object endpoint. 115 */ 116 private URI requestObjectEndpoint; 117 118 119 /** 120 * The pushed request object endpoint. 121 */ 122 private URI parEndpoint; 123 124 125 /** 126 * The device authorization endpoint. 127 */ 128 private URI deviceAuthzEndpoint; 129 130 131 /** 132 * The back-channel authentication endpoint. 133 */ 134 private URI backChannelAuthEndpoint; 135 136 137 /** 138 * Creates a new OAuth 2.0 Authorisation Server (AS) endpoint metadata 139 * instance. 140 */ 141 public AuthorizationServerEndpointMetadata() { 142 } 143 144 145 @Override 146 public URI getAuthorizationEndpointURI() { 147 148 return authzEndpoint; 149 } 150 151 152 /** 153 * Sets the authorisation endpoint URI. Corresponds the 154 * {@code authorization_endpoint} metadata field. 155 * 156 * @param authzEndpoint The authorisation endpoint URI, {@code null} if 157 * not specified. 158 */ 159 public void setAuthorizationEndpointURI(final URI authzEndpoint) { 160 161 this.authzEndpoint = authzEndpoint; 162 } 163 164 165 @Override 166 public URI getTokenEndpointURI() { 167 168 return tokenEndpoint; 169 } 170 171 172 /** 173 * Sts the token endpoint URI. Corresponds the {@code token_endpoint} 174 * metadata field. 175 * 176 * @param tokenEndpoint The token endpoint URI, {@code null} if not 177 * specified. 178 */ 179 public void setTokenEndpointURI(final URI tokenEndpoint) { 180 181 this.tokenEndpoint = tokenEndpoint; 182 } 183 184 185 @Override 186 public URI getRegistrationEndpointURI() { 187 188 return regEndpoint; 189 } 190 191 192 /** 193 * Sets the client registration endpoint URI. Corresponds to the 194 * {@code registration_endpoint} metadata field. 195 * 196 * @param regEndpoint The client registration endpoint URI, 197 * {@code null} if not specified. 198 */ 199 public void setRegistrationEndpointURI(final URI regEndpoint) { 200 201 this.regEndpoint = regEndpoint; 202 } 203 204 205 @Override 206 public URI getIntrospectionEndpointURI() { 207 208 return introspectionEndpoint; 209 } 210 211 212 /** 213 * Sets the token introspection endpoint URI. Corresponds to the 214 * {@code introspection_endpoint} metadata field. 215 * 216 * @param introspectionEndpoint The token introspection endpoint URI, 217 * {@code null} if not specified. 218 */ 219 public void setIntrospectionEndpointURI(final URI introspectionEndpoint) { 220 221 this.introspectionEndpoint = introspectionEndpoint; 222 } 223 224 225 @Override 226 public URI getRevocationEndpointURI() { 227 228 return revocationEndpoint; 229 } 230 231 232 /** 233 * Sets the token revocation endpoint URI. Corresponds to the 234 * {@code revocation_endpoint} metadata field. 235 * 236 * @param revocationEndpoint The token revocation endpoint URI, 237 * {@code null} if not specified. 238 */ 239 public void setRevocationEndpointURI(final URI revocationEndpoint) { 240 241 this.revocationEndpoint = revocationEndpoint; 242 } 243 244 245 @Override 246 @Deprecated 247 public URI getRequestObjectEndpoint() { 248 249 return requestObjectEndpoint; 250 } 251 252 253 /** 254 * Sets the request object endpoint. Corresponds to the 255 * {@code request_object_endpoint} metadata field. 256 * 257 * @param requestObjectEndpoint The request object endpoint, 258 * {@code null} if not specified. 259 */ 260 @Deprecated 261 public void setRequestObjectEndpoint(final URI requestObjectEndpoint) { 262 263 this.requestObjectEndpoint = requestObjectEndpoint; 264 } 265 266 267 @Override 268 public URI getPushedAuthorizationRequestEndpointURI() { 269 270 return parEndpoint; 271 } 272 273 274 /** 275 * Gets the pushed authorisation request endpoint. Corresponds to the 276 * {@code pushed_authorization_request_endpoint} metadata field. 277 * 278 * @param parEndpoint The pushed authorisation request endpoint, 279 * {@code null} if not specified. 280 */ 281 public void setPushedAuthorizationRequestEndpointURI(final URI parEndpoint) { 282 283 this.parEndpoint = parEndpoint; 284 } 285 286 287 @Override 288 public URI getDeviceAuthorizationEndpointURI() { 289 290 return deviceAuthzEndpoint; 291 } 292 293 294 /** 295 * Sets the device authorization endpoint URI. Corresponds the 296 * {@code device_authorization_endpoint} metadata field. 297 * 298 * @param deviceAuthzEndpoint The device authorization endpoint URI, 299 * {@code null} if not specified. 300 */ 301 public void setDeviceAuthorizationEndpointURI(final URI deviceAuthzEndpoint) { 302 303 this.deviceAuthzEndpoint = deviceAuthzEndpoint; 304 } 305 306 307 @Override 308 public URI getBackChannelAuthenticationEndpointURI() { 309 310 return backChannelAuthEndpoint; 311 } 312 313 314 @Deprecated 315 @Override 316 public URI getBackChannelAuthenticationEndpoint() { 317 318 return getBackChannelAuthenticationEndpointURI(); 319 } 320 321 322 /** 323 * Sets the back-channel authentication endpoint URI. Corresponds the 324 * {@code backchannel_authentication_endpoint} metadata field. 325 * 326 * @param backChannelAuthEndpoint The back-channel authentication e 327 * endpoint URI, {@code null} if not 328 * specified. 329 */ 330 public void setBackChannelAuthenticationEndpointURI(final URI backChannelAuthEndpoint) { 331 332 this.backChannelAuthEndpoint = backChannelAuthEndpoint; 333 } 334 335 336 /** 337 * Sets the back-channel authentication endpoint URI. Corresponds the 338 * {@code backchannel_authentication_endpoint} metadata field. 339 * 340 * @deprecated Use {@link #setBackChannelAuthenticationEndpointURI} 341 * instead. 342 * 343 * @param backChannelAuthEndpoint The back-channel authentication e 344 * endpoint URI, {@code null} if not 345 * specified. 346 */ 347 @Deprecated 348 public void setBackChannelAuthenticationEndpoint(final URI backChannelAuthEndpoint) { 349 350 setBackChannelAuthenticationEndpointURI(backChannelAuthEndpoint); 351 } 352 353 354 @Override 355 public JSONObject toJSONObject() { 356 357 JSONObject o = new OrderedJSONObject(); 358 359 if (getAuthorizationEndpointURI() != null) 360 o.put("authorization_endpoint", getAuthorizationEndpointURI().toString()); 361 362 if (getTokenEndpointURI() != null) 363 o.put("token_endpoint", getTokenEndpointURI().toString()); 364 365 if (getRegistrationEndpointURI() != null) 366 o.put("registration_endpoint", getRegistrationEndpointURI().toString()); 367 368 if (getIntrospectionEndpointURI() != null) 369 o.put("introspection_endpoint", getIntrospectionEndpointURI().toString()); 370 371 if (getRevocationEndpointURI() != null) 372 o.put("revocation_endpoint", getRevocationEndpointURI().toString()); 373 374 if (getRequestObjectEndpoint() != null) 375 o.put("request_object_endpoint", getRequestObjectEndpoint().toString()); 376 377 if (getPushedAuthorizationRequestEndpointURI() != null) 378 o.put("pushed_authorization_request_endpoint", getPushedAuthorizationRequestEndpointURI().toString()); 379 380 if (getDeviceAuthorizationEndpointURI() != null) 381 o.put("device_authorization_endpoint", getDeviceAuthorizationEndpointURI().toString()); 382 383 if (getBackChannelAuthenticationEndpointURI() != null) 384 o.put("backchannel_authentication_endpoint", getBackChannelAuthenticationEndpointURI().toString()); 385 386 return o; 387 } 388 389 390 @Override 391 public String toString() { 392 return toJSONObject().toJSONString(); 393 } 394 395 396 /** 397 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 398 * JSON object. 399 * 400 * @param jsonObject The JSON object to parse. Must not be 401 * {@code null}. 402 * 403 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 404 * 405 * @throws ParseException If the JSON object couldn't be parsed to an 406 * OAuth 2.0 Authorisation Server endpoint metadata. 407 */ 408 public static AuthorizationServerEndpointMetadata parse(final JSONObject jsonObject) 409 throws ParseException { 410 411 AuthorizationServerEndpointMetadata as = new AuthorizationServerEndpointMetadata(); 412 as.authzEndpoint = JSONObjectUtils.getURI(jsonObject, "authorization_endpoint", null); 413 as.tokenEndpoint = JSONObjectUtils.getURI(jsonObject, "token_endpoint", null); 414 as.regEndpoint = JSONObjectUtils.getURI(jsonObject, "registration_endpoint", null); 415 as.introspectionEndpoint = JSONObjectUtils.getURI(jsonObject, "introspection_endpoint", null); 416 as.revocationEndpoint = JSONObjectUtils.getURI(jsonObject, "revocation_endpoint", null); 417 as.requestObjectEndpoint = JSONObjectUtils.getURI(jsonObject, "request_object_endpoint", null); 418 as.parEndpoint = JSONObjectUtils.getURI(jsonObject, "pushed_authorization_request_endpoint", null); 419 as.deviceAuthzEndpoint = JSONObjectUtils.getURI(jsonObject, "device_authorization_endpoint", null); 420 as.backChannelAuthEndpoint = JSONObjectUtils.getURI(jsonObject, "backchannel_authentication_endpoint", null); 421 return as; 422 } 423}