001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2021, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.net.URI; 022import java.util.List; 023import java.util.Map; 024 025import com.nimbusds.jose.EncryptionMethod; 026import com.nimbusds.jose.JWEAlgorithm; 027import com.nimbusds.jose.JWSAlgorithm; 028import com.nimbusds.langtag.LangTag; 029import com.nimbusds.oauth2.sdk.as.ReadOnlyAuthorizationServerMetadata; 030import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod; 031import com.nimbusds.openid.connect.sdk.Display; 032import com.nimbusds.openid.connect.sdk.SubjectType; 033import com.nimbusds.openid.connect.sdk.assurance.IdentityTrustFramework; 034import com.nimbusds.openid.connect.sdk.assurance.evidences.*; 035import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.AttachmentType; 036import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.HashAlgorithm; 037import com.nimbusds.openid.connect.sdk.claims.ACR; 038import com.nimbusds.openid.connect.sdk.claims.ClaimType; 039import com.nimbusds.openid.connect.sdk.federation.registration.ClientRegistrationType; 040 041 042/** 043 * Read-only OpenID Provider (OP) metadata. 044 * 045 * <p>Related specifications: 046 * 047 * <ul> 048 * <li>OpenID Connect Discovery 1.0, section 3 049 * <li>OpenID Connect Session Management 1.0, section 2.1 (draft 28) 050 * <li>OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02) 051 * <li>OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 07) 052 * <li>OpenID Connect for Identity Assurance 1.0 (draft 12) 053 * <li>OpenID Connect Federation 1.0 (draft 12) 054 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 055 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 056 * Access Tokens (RFC 8705) 057 * <li>Financial-grade API: JWT Secured Authorization Response Mode for 058 * OAuth 2.0 (JARM) 059 * <li>OAuth 2.0 Authorization Server Issuer Identification (RFC 9207) 060 * </ul> 061 */ 062public interface ReadOnlyOIDCProviderMetadata extends ReadOnlyAuthorizationServerMetadata, ReadOnlyOIDCProviderEndpointMetadata { 063 064 065 @Override 066 ReadOnlyOIDCProviderEndpointMetadata getReadOnlyMtlsEndpointAliases(); 067 068 069 /** 070 * Gets the supported Authentication Context Class References (ACRs). 071 * Corresponds to the {@code acr_values_supported} metadata field. 072 * 073 * @return The supported ACRs, {@code null} if not specified. 074 */ 075 List<ACR> getACRs(); 076 077 078 /** 079 * Gets the supported subject types. Corresponds to the 080 * {@code subject_types_supported} metadata field. 081 * 082 * @return The supported subject types. 083 */ 084 List<SubjectType> getSubjectTypes(); 085 086 087 /** 088 * Gets the supported JWS algorithms for ID tokens. Corresponds to the 089 * {@code id_token_signing_alg_values_supported} metadata field. 090 * 091 * @return The supported JWS algorithms, {@code null} if not specified. 092 */ 093 List<JWSAlgorithm> getIDTokenJWSAlgs(); 094 095 096 /** 097 * Gets the supported JWE algorithms for ID tokens. Corresponds to the 098 * {@code id_token_encryption_alg_values_supported} metadata field. 099 * 100 * @return The supported JWE algorithms, {@code null} if not specified. 101 */ 102 List<JWEAlgorithm> getIDTokenJWEAlgs(); 103 104 105 /** 106 * Gets the supported encryption methods for ID tokens. Corresponds to 107 * the {@code id_token_encryption_enc_values_supported} metadata field. 108 * 109 * @return The supported encryption methods, {@code null} if not 110 * specified. 111 */ 112 List<EncryptionMethod> getIDTokenJWEEncs(); 113 114 115 /** 116 * Gets the supported JWS algorithms for UserInfo JWTs. Corresponds to 117 * the {@code userinfo_signing_alg_values_supported} metadata field. 118 * 119 * @return The supported JWS algorithms, {@code null} if not specified. 120 */ 121 List<JWSAlgorithm> getUserInfoJWSAlgs(); 122 123 124 /** 125 * Gets the supported JWE algorithms for UserInfo JWTs. Corresponds to 126 * the {@code userinfo_encryption_alg_values_supported} metadata field. 127 * 128 * @return The supported JWE algorithms, {@code null} if not specified. 129 */ 130 List<JWEAlgorithm> getUserInfoJWEAlgs(); 131 132 133 /** 134 * Gets the supported encryption methods for UserInfo JWTs. Corresponds 135 * to the {@code userinfo_encryption_enc_values_supported} metadata 136 * field. 137 * 138 * @return The supported encryption methods, {@code null} if not 139 * specified. 140 */ 141 List<EncryptionMethod> getUserInfoJWEEncs(); 142 143 144 /** 145 * Gets the supported displays. Corresponds to the 146 * {@code display_values_supported} metadata field. 147 * 148 * @return The supported displays, {@code null} if not specified. 149 */ 150 List<Display> getDisplays(); 151 152 153 /** 154 * Gets the supported claim types. Corresponds to the 155 * {@code claim_types_supported} metadata field. 156 * 157 * @return The supported claim types, {@code null} if not specified. 158 */ 159 List<ClaimType> getClaimTypes(); 160 161 162 /** 163 * Gets the supported claims names. Corresponds to the 164 * {@code claims_supported} metadata field. 165 * 166 * @return The supported claims names, {@code null} if not specified. 167 */ 168 List<String> getClaims(); 169 170 171 /** 172 * Gets the supported claims locales. Corresponds to the 173 * {@code claims_locales_supported} metadata field. 174 * 175 * @return The supported claims locales, {@code null} if not specified. 176 */ 177 List<LangTag> getClaimsLocales(); 178 179 180 /** 181 * Gets the support for the {@code claims} authorisation request 182 * parameter. Corresponds to the {@code claims_parameter_supported} 183 * metadata field. 184 * 185 * @return {@code true} if the {@code claim} parameter is supported, 186 * else {@code false}. 187 */ 188 boolean supportsClaimsParam(); 189 190 191 /** 192 * Gets the support for front-channel logout. Corresponds to the 193 * {@code frontchannel_logout_supported} metadata field. 194 * 195 * @return {@code true} if front-channel logout is supported, else 196 * {@code false}. 197 */ 198 boolean supportsFrontChannelLogout(); 199 200 201 /** 202 * Gets the support for front-channel logout with a session ID. 203 * Corresponds to the {@code frontchannel_logout_session_supported} 204 * metadata field. 205 * 206 * @return {@code true} if front-channel logout with a session ID is 207 * supported, else {@code false}. 208 */ 209 boolean supportsFrontChannelLogoutSession(); 210 211 212 /** 213 * Gets the support for back-channel logout. Corresponds to the 214 * {@code backchannel_logout_supported} metadata field. 215 * 216 * @return {@code true} if back-channel logout is supported, else 217 * {@code false}. 218 */ 219 boolean supportsBackChannelLogout(); 220 221 222 /** 223 * Gets the support for back-channel logout with a session ID. 224 * Corresponds to the {@code backchannel_logout_session_supported} 225 * metadata field. 226 * 227 * @return {@code true} if back-channel logout with a session ID is 228 * supported, else {@code false}. 229 */ 230 boolean supportsBackChannelLogoutSession(); 231 232 233 /** 234 * Gets support for verified claims. Corresponds to the 235 * {@code verified_claims_supported} metadata field. 236 * 237 * @return {@code true} if verified claims are supported, else 238 * {@code false}. 239 */ 240 boolean supportsVerifiedClaims(); 241 242 243 /** 244 * Gets the supported identity trust frameworks. Corresponds to the 245 * {@code trust_frameworks_supported} metadata field. 246 * 247 * @return The supported identity trust frameworks, {@code null} if not 248 * specified. 249 */ 250 List<IdentityTrustFramework> getIdentityTrustFrameworks(); 251 252 253 /** 254 * Gets the supported identity evidence types. Corresponds to the 255 * {@code evidence_supported} metadata field. 256 * 257 * @return The supported identity evidence types, {@code null} if not 258 * specified. 259 */ 260 List<IdentityEvidenceType> getIdentityEvidenceTypes(); 261 262 263 /** 264 * Gets the supported identity document types. Corresponds to the 265 * {@code documents_supported} metadata field. 266 * 267 * @return The supported identity document types, {@code null} if not 268 * specified. 269 */ 270 List<DocumentType> getDocumentTypes(); 271 272 273 /** 274 * Gets the supported identity document types. Corresponds to the 275 * {@code id_documents_supported} metadata field. 276 * 277 * @return The supported identity documents types, {@code null} if not 278 * specified. 279 * @deprecated Use {@link #getDocumentTypes} instead. 280 */ 281 @Deprecated 282 List<IDDocumentType> getIdentityDocumentTypes(); 283 284 285 /** 286 * Gets the supported coarse identity verification methods for 287 * evidences of type document. Corresponds to the 288 * {@code documents_methods_supported} metadata field. 289 * 290 * @return The supported identity verification methods for document 291 * evidences, {@code null} if not specified. 292 */ 293 List<IdentityVerificationMethod> getDocumentMethods(); 294 295 296 /** 297 * Gets the supported validation methods for evidences of type 298 * document. Corresponds to the 299 * {@code documents_validation_methods_supported} metadata field. 300 * 301 * @return The validation methods for document evidences, {@code null} 302 * if not specified. 303 */ 304 List<ValidationMethodType> getDocumentValidationMethods(); 305 306 307 /** 308 * Gets the supported verification methods for evidences of type 309 * document. Corresponds to the 310 * {@code documents_verification_methods_supported} metadata field. 311 * 312 * @return The verification methods for document evidences, {@code null} 313 * if not specified. 314 */ 315 List<VerificationMethodType> getDocumentVerificationMethods(); 316 317 318 /** 319 * Gets the supported electronic record types. Corresponds to the 320 * {@code electronic_records_supported} metadata field. 321 * 322 * @return The supported electronic record types, {@code null} if not 323 * specified. 324 */ 325 List<ElectronicRecordType> getElectronicRecordTypes(); 326 327 328 /** 329 * Gets the supported identity verification methods. Corresponds to the 330 * {@code id_documents_verification_methods_supported} metadata field. 331 * 332 * @return The supported identity verification methods, {@code null} if 333 * not specified. 334 */ 335 @Deprecated 336 List<IdentityVerificationMethod> getIdentityVerificationMethods(); 337 338 339 /** 340 * Gets the names of the supported verified claims. Corresponds to the 341 * {@code claims_in_verified_claims_supported} metadata field. 342 * 343 * @return The supported verified claims names, {@code null} if not 344 * specified. 345 */ 346 List<String> getVerifiedClaims(); 347 348 349 /** 350 * Gets the supported evidence attachment types. Corresponds to the 351 * {@code attachments_supported} metadata field. 352 * 353 * @return The supported evidence attachment types, empty if 354 * attachments are not supported, {@code null} if not 355 * specified. 356 */ 357 List<AttachmentType> getAttachmentTypes(); 358 359 360 /** 361 * Gets the supported digest algorithms for the external evidence 362 * attachments. Corresponds to the {@code digest_algorithms_supported} 363 * metadata field. 364 * 365 * @return The supported digest algorithms, {@code null} if not 366 * specified. 367 */ 368 List<HashAlgorithm> getAttachmentDigestAlgs(); 369 370 371 /** 372 * Gets the supported federation client registration types. Corresponds 373 * to the {@code client_registration_types_supported} metadata field. 374 * 375 * @return The supported client registration types, {@code null} if not 376 * specified. 377 */ 378 List<ClientRegistrationType> getClientRegistrationTypes(); 379 380 381 /** 382 * Gets the supported client authentication methods for automatic 383 * federation client registration. Corresponds to the 384 * {@code client_registration_authn_methods_supported} field. 385 * 386 * @return The supported authentication methods for automatic 387 * federation client registration, {@code null} if not 388 * specified. 389 */ 390 Map<EndpointName, List<ClientAuthenticationMethod>> getClientRegistrationAuthnMethods(); 391 392 393 /** 394 * Gets the organisation name (in federation). Corresponds to the 395 * {@code organization_name} metadata field. 396 * 397 * @return The organisation name, {@code null} if not specified. 398 */ 399 String getOrganizationName(); 400}