001package com.nimbusds.openid.connect.provider.spi.claims;
002
003
004import net.minidev.json.JSONObject;
005
006import com.nimbusds.oauth2.sdk.id.ClientID;
007import com.nimbusds.oauth2.sdk.token.AccessToken;
008import com.nimbusds.openid.connect.provider.spi.InvocationContext;
009import com.nimbusds.openid.connect.provider.spi.tokens.TokenEncoderContext;
010import com.nimbusds.openid.connect.sdk.claims.ClaimsTransport;
011
012
013/**
014 * OpenID Connect claims request context. The supplied context parameters can
015 * be used in the processing and accounting of a claims request.
016 */
017public interface ClaimsSourceRequestContext extends InvocationContext {
018        
019        
020        /**
021         * Returns the claims transport, if applicable.
022         *
023         * @return {@link ClaimsTransport#USERINFO UserInfo} or
024         *         {@link ClaimsTransport#ID_TOKEN ID token}, {@code null} if
025         *         the claims source SPI is invoked for another purpose (e.g.
026         *         in a {@link TokenEncoderContext}).
027         */
028        ClaimsTransport getClaimsTransport();
029        
030        
031        /**
032         * Returns the optional claims fulfillment data.
033         *
034         * @return The claims fulfillment data, {@code null} if not specified.
035         */
036        JSONObject getClaimsData();
037
038
039        /**
040         * Returns the identifier of the OAuth 2.0 client (client_id).
041         *
042         * @return The client ID. Not {@code null}.
043         */
044        ClientID getClientID();
045        
046        
047        /**
048         * Returns the client IP address.
049         *
050         * @return The client IP address, {@code null} if not available.
051         */
052        String getClientIPAddress();
053        
054        
055        /**
056         * Returns the received and successfully validated UserInfo access
057         * token for the claims request. If a claims request is triggered in a
058         * OpenID Connect implicit and hybrid flows, where the claims are
059         * returned as part of the ID token, an access token is not involved
060         * and hence not returned by this method.
061         *
062         * <p>The claims source may use the UserInfo access token for the
063         * retrieval of aggregated and distributed claims, where the same token
064         * is recognised by the upstream claims providers. See OpenID Connect
065         * Core 1.0, section 5.6.
066         *
067         * @return The UserInfo access token, {@code null} if the claims
068         *         request wasn't triggered by a UserInfo request.
069         */
070        AccessToken getUserInfoAccessToken();
071}