001package com.nimbusds.openid.connect.provider.spi.tokens; 002 003 004import java.time.Instant; 005import java.util.List; 006import java.util.Set; 007 008import com.nimbusds.langtag.LangTag; 009import com.nimbusds.oauth2.sdk.Scope; 010import com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation; 011import com.nimbusds.oauth2.sdk.id.*; 012import net.minidev.json.JSONObject; 013 014 015/** 016 * Access token authorisation. 017 */ 018public interface AccessTokenAuthorization { 019 020 021 /** 022 * Returns the token subject. 023 * 024 * @return The subject, {@code null} if not specified. 025 */ 026 Subject getSubject(); 027 028 029 /** 030 * Returns the token actor, in impersonation and delegation scenarios. 031 * 032 * @return The actor, {@code null} if not specified. 033 */ 034 Actor getActor(); 035 036 037 /** 038 * Returns the identifier of the client to which the token is issued. 039 * 040 * @return The client identifier, {@code null} if not specified. 041 */ 042 ClientID getClientID(); 043 044 045 /** 046 * Returns the scope of the token. 047 * 048 * @return The scope, {@code null} if not specified. 049 */ 050 Scope getScope(); 051 052 053 /** 054 * Returns the expiration time of the token. 055 * 056 * @return The expiration time, {@code null} if not specified. 057 */ 058 Instant getExpirationTime(); 059 060 061 /** 062 * Returns the issue time of the token. 063 * 064 * @return The issue time, {@code null} if not specified. 065 */ 066 Instant getIssueTime(); 067 068 069 /** 070 * Returns the issuer of the token. 071 * 072 * @return The issuer, {@code null} if not specified. 073 */ 074 Issuer getIssuer(); 075 076 077 /** 078 * Returns the audience list of the token, which may be the logical 079 * names of the intended resource servers. 080 * 081 * @return The audience list, {@code null} if not specified. 082 */ 083 List<Audience> getAudienceList(); 084 085 086 /** 087 * Returns the JSON Web Token (JWT) identifier of the token. 088 * 089 * @return The JWT ID, {@code null} if not specified or applicable. 090 */ 091 JWTID getJWTID(); 092 093 094 /** 095 * Returns the names of the consented OpenID claims to be accessed at 096 * the UserInfo endpoint. 097 * 098 * @return The claim names, {@code null} if not specified. 099 */ 100 Set<String> getClaimNames(); 101 102 103 /** 104 * Returns the preferred locales for the consented OpenID claims. 105 * 106 * @return The preferred claims locales, {@code null} if not specified. 107 */ 108 List<LangTag> getClaimsLocales(); 109 110 111 /** 112 * Returns the preset OpenID claims to be included in the UserInfo 113 * response. 114 * 115 * @return The preset OpenID claims, {@code null} if not specified. 116 */ 117 JSONObject getPresetClaims(); 118 119 120 /** 121 * Returns the optional data for the token. 122 * 123 * @return The optional data, represented as a JSON object, 124 * {@code null} if not specified. 125 */ 126 JSONObject getData(); 127 128 129 /** 130 * Returns the client X.509 certificate confirmation (SHA-256 131 * thumbprint) for mutual TLS. 132 * 133 * @return The client X.509 certificate confirmation, {@code null} if 134 * not specified. 135 */ 136 X509CertificateConfirmation getClientCertificateConfirmation(); 137}