001package com.nimbusds.openid.connect.provider.spi.claims; 002 003 004import net.minidev.json.JSONObject; 005 006import com.nimbusds.oauth2.sdk.id.ClientID; 007import com.nimbusds.oauth2.sdk.token.AccessToken; 008import com.nimbusds.openid.connect.provider.spi.InvocationContext; 009import com.nimbusds.openid.connect.provider.spi.tokens.TokenEncoderContext; 010import com.nimbusds.openid.connect.sdk.claims.ClaimsTransport; 011 012 013/** 014 * OpenID Connect claims request context. The supplied context parameters can 015 * be used in the processing and accounting of a claims request. 016 */ 017public interface ClaimsSourceRequestContext extends InvocationContext { 018 019 020 /** 021 * Returns the claims transport, if applicable. 022 * 023 * @return {@link ClaimsTransport#USERINFO UserInfo} or 024 * {@link ClaimsTransport#ID_TOKEN ID token}, {@code null} if 025 * the claims source SPI is invoked for another purpose (e.g. 026 * in a {@link TokenEncoderContext}). 027 */ 028 ClaimsTransport getClaimsTransport(); 029 030 031 /** 032 * Returns the optional claims fulfillment data. 033 * 034 * @return The claims fulfillment data, {@code null} if not specified. 035 */ 036 JSONObject getClaimsData(); 037 038 039 /** 040 * Returns the identifier of the OAuth 2.0 client (client_id). 041 * 042 * @return The client ID. Not {@code null}. 043 */ 044 ClientID getClientID(); 045 046 047 /** 048 * Returns the client IP address. 049 * 050 * @return The client IP address, {@code null} if not available. 051 */ 052 String getClientIPAddress(); 053 054 055 /** 056 * Returns the received and successfully validated UserInfo access 057 * token for the claims request. If a claims request is triggered in a 058 * OpenID Connect implicit and hybrid flows, where the claims are 059 * returned as part of the ID token, an access token is not involved 060 * and hence not returned by this method. 061 * 062 * <p>The claims source may use the UserInfo access token for the 063 * retrieval of aggregated and distributed claims, where the same token 064 * is recognised by the upstream claims providers. See OpenID Connect 065 * Core 1.0, section 5.6. 066 * 067 * @return The UserInfo access token, {@code null} if the claims 068 * request wasn't triggered by a UserInfo request. 069 */ 070 AccessToken getUserInfoAccessToken(); 071}