Skip navigation links

Connect2id Server SDK 4.25 API

Toolkit for developing Connect2id Server connectors and extensions

See: Description

Packages 
Package Description
com.nimbusds.openid.connect.provider.spi
Common SPI classes.
com.nimbusds.openid.connect.provider.spi.claims
OpenID Connect claims source SPIs.
com.nimbusds.openid.connect.provider.spi.config
Configuration related SPIs.
com.nimbusds.openid.connect.provider.spi.crypto
Cryptographic services exposed by the Connect2id server to selected SPIs.
com.nimbusds.openid.connect.provider.spi.events
Event listener SPIs.
com.nimbusds.openid.connect.provider.spi.grants
OAuth 2.0 authorisation grant handler SPIs.
com.nimbusds.openid.connect.provider.spi.par
Pushed authorisation request (PAR) SPI classes.
com.nimbusds.openid.connect.provider.spi.reg
Client / relying party registration SPIs.
com.nimbusds.openid.connect.provider.spi.secrets
Client secret encoding and decoding SPI.
com.nimbusds.openid.connect.provider.spi.tokens
Token generation, encoding and decoding SPIs.
com.nimbusds.openid.connect.provider.spi.tokens.introspection
OAuth 2.0 token introspection related SPI.
com.nimbusds.openid.connect.provider.spi.tokens.response
Token response customisation.

Toolkit for developing Connect2id Server connectors and extensions

  1. Java Service Provider Interface (SPI) for sourcing OpenID Connect claims about a subject (end-user), such as email, name, phone number and address. Used by the Connect2id Server in its OpenID Connect Provider (OP) role to aggregate claims from one or more sources (LDAP, RDMBS, etc).
  2. SPI for handling resource owner password credential grants (see RFC 6749, section 4.3). Used by the Connect2id Server to delegate validation of the submitted username / password and authorisation for the requested token.
  3. SPI for handling client credential grants (see RFC 6749, section 4.4). Used by the Connect2id Server to delegate authorisation for the requested token.
  4. SPI for handling client-issued (self-issued) JWT bearer assertion grants (see RFC 7523, section 2.1). Used by the Connect2id server to delegate authorisation for the requested token.
  5. SPI for handling third-party issued JWT bearer assertion grants (see RFC 7523, section 2.1). Used by the Connect2id server to delegate validation of the JWT and authorisation for the requested token.
  6. SPI for handling client-issued (self-issued) SAML 2.0 bearer assertion grants (see RFC 7522, section 2.1). Used by the Connect2id server to delegate authorisation for the requested token.
  7. SPI for handling third-party issued SAML 2.0 bearer assertion grants (see RFC 7522, section 2.1). Used by the Connect2id server to delegate validation of the SAML 2.0 assertion and authorisation for the requested token.
  8. SPI for sourcing Java properties to be merged into the system properties at Connect2id server startup. Can be used to override selected or all Connect2id server configuration properties.
  9. SPIs for listening to ID and access token issue events.
  10. SPI for encoding and decoding authorisations for self-contained access tokens into JWT claims sets. Configurable via Connect2id server properties.
  11. SPI for generating and decoding identifier-based access tokens. Configurable via Connect2id server properties.
  12. SPI for customising token success and error response. Can be used to include additional parameters in the token response, such as an "authorization_details" parameter required in OAuth 2.0 Rich Authorization Requests.
  13. SPI for shaping token introspection responses (RFC 7662, section 2.2). May be used to return only scopes specific to the requesting protected resource, in order to prevent leaking of authorisation information when issuing tokens for multiple resources.
  14. SPI for intercepting HTTP requests at the client registration endpoint. Can be used to process software statements (RFC 7591, section 2.3) and signed (JWT) registration requests.
  15. SPI for performing additional validation of metadata of OAuth 2.0 clients and OpenID Connect relying parties during registration (initial and update).
  16. SPI for performing additional validation of Pushed Authorisation Requests (PAR).
  17. SPI for encoding client secrets before persisting them to storage.

Download

Official releases of the Connect2id Server toolkit are pushed to Maven Central under

GroupId: com.nimbusds

ArtifactId: c2id-server-sdk

These include the library’s source code, compiled JAR and JavaDocs.

To add the SDK to your Maven project use the following template:

<dependency>
    <groupId>com.nimbusds</groupId>
    <artifactId>c2id-server-sdk</artifactId>
    <version>[version]</version>
</dependency>

where [version] should match the expected by the particular Connect2id Server version you're running.

Questions or comments?

Email [email protected]

Skip navigation links

Copyright © 2021 Connect2id Ltd.. All rights reserved.