Package org.apereo.cas.configuration.model.support.oidc

Class OidcIdTokenProperties

java.lang.Object
org.apereo.cas.configuration.model.support.oidc.OidcIdTokenProperties
All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-support-oidc") public class OidcIdTokenProperties extends Object implements Serializable
This is OidcIdTokenProperties.
Since:
6.6.0
See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    OidcIdTokenProperties()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    getMaxTimeToLiveInSeconds()
    Hard timeout to kill the id token and expire it.
    boolean
    isIncludeIdTokenClaims()
    As per OpenID Connect Core section 5.4, "The Claims requested by the profile, email, address, and phone scope values are returned from the userinfo endpoint", except for response_type=id_token, where they are returned in the id_token (as there is no access token issued that could be used to access the userinfo endpoint).
    OidcIdTokenProperties
    setIncludeIdTokenClaims(boolean includeIdTokenClaims)
    As per OpenID Connect Core section 5.4, "The Claims requested by the profile, email, address, and phone scope values are returned from the userinfo endpoint", except for response_type=id_token, where they are returned in the id_token (as there is no access token issued that could be used to access the userinfo endpoint).
    OidcIdTokenProperties
    setMaxTimeToLiveInSeconds(String maxTimeToLiveInSeconds)
    Hard timeout to kill the id token and expire it.

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • OidcIdTokenProperties

      public OidcIdTokenProperties()

  • Method Details

    • getMaxTimeToLiveInSeconds

      public String getMaxTimeToLiveInSeconds()
      Hard timeout to kill the id token and expire it.

    • isIncludeIdTokenClaims

      public boolean isIncludeIdTokenClaims()
      As per OpenID Connect Core section 5.4, "The Claims requested by the profile, email, address, and phone scope values are returned from the userinfo endpoint", except for response_type=id_token, where they are returned in the id_token (as there is no access token issued that could be used to access the userinfo endpoint). The Claims requested by the profile, email, address, and phone scope values are returned from the userinfo endpoint when a response_type value is used that results in an access token being issued. However, when no access token is issued (which is the case for the response_type value id_token), the resulting Claims are returned in the ID Token.

      Setting this flag to true will force CAS to include claims in the ID token regardless of the response type. Note that this setting MUST ONLY be used as a last resort, to stay compliant with the specification as much as possible. DO NOT use this setting without due consideration.

      Note that this setting is set to true by default mainly provided to preserve backward compatibility with previous CAS versions that included claims into the ID token without considering the response type. The behavior of this setting may change and it may be removed in future CAS releases.

    • setMaxTimeToLiveInSeconds

      public OidcIdTokenProperties setMaxTimeToLiveInSeconds(String maxTimeToLiveInSeconds)
      Hard timeout to kill the id token and expire it.
      Returns:
      this.

    • setIncludeIdTokenClaims

      public OidcIdTokenProperties setIncludeIdTokenClaims(boolean includeIdTokenClaims)
      As per OpenID Connect Core section 5.4, "The Claims requested by the profile, email, address, and phone scope values are returned from the userinfo endpoint", except for response_type=id_token, where they are returned in the id_token (as there is no access token issued that could be used to access the userinfo endpoint). The Claims requested by the profile, email, address, and phone scope values are returned from the userinfo endpoint when a response_type value is used that results in an access token being issued. However, when no access token is issued (which is the case for the response_type value id_token), the resulting Claims are returned in the ID Token.

      Setting this flag to true will force CAS to include claims in the ID token regardless of the response type. Note that this setting MUST ONLY be used as a last resort, to stay compliant with the specification as much as possible. DO NOT use this setting without due consideration.

      Note that this setting is set to true by default mainly provided to preserve backward compatibility with previous CAS versions that included claims into the ID token without considering the response type. The behavior of this setting may change and it may be removed in future CAS releases.

      Returns:
      this.