Class ThirdPartyAssertionAuthorization
- java.lang.Object
-
- com.nimbusds.openid.connect.provider.spi.grants.GrantAuthorization
-
- com.nimbusds.openid.connect.provider.spi.grants.SubjectAuthorization
-
- com.nimbusds.openid.connect.provider.spi.grants.ThirdPartyAssertionAuthorization
-
@Immutable public class ThirdPartyAssertionAuthorization extends SubjectAuthorization
Authorisation produced by agrant handler
of assertions (SAML 2.0 or JWT bearer) issued by a third-party security token service.Required authorisation details:
- The subject (end-user).
- The client identifier, must be registered with the Connect2id server.
- The authorised scope.
All other parameters are optional or have suitable defaults.
-
-
Constructor Summary
Constructors Constructor Description ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.ClientID subject, com.nimbusds.oauth2.sdk.Scope scope)
Creates a new authorisation for a third-party issued assertion grant where the client acts on its own behalf.ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.ClientID subject, com.nimbusds.oauth2.sdk.Scope scope, AccessTokenSpec accessTokenSpec, @Nullable net.minidev.json.JSONObject data)
Creates a new authorisation for a third-party issued assertion grant where the client acts on its own behalf.ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.Scope scope)
Creates a new authorisation for a third-party issued assertion grant where the client acts on behalf of a user.ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.Scope scope, AccessTokenSpec accessTokenSpec, IDTokenSpec idTokenSpec, ClaimsSpec claimsSpec, @Nullable net.minidev.json.JSONObject data)
Creates a new authorisation for a third-party issued assertion grant where the client acts on behalf of a user.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description com.nimbusds.oauth2.sdk.id.ClientID
getClientID()
Returns the authorised client.static ThirdPartyAssertionAuthorization
parse(String json)
Parses a third-party assertion grant authorisation from the specified JSON object string.static ThirdPartyAssertionAuthorization
parse(net.minidev.json.JSONObject jsonObject)
Parses a third-party assertion grant authorisation from the specified JSON object.net.minidev.json.JSONObject
toJSONObject()
Returns a JSON object representation of this authorisation.-
Methods inherited from class com.nimbusds.openid.connect.provider.spi.grants.SubjectAuthorization
getACR, getAMRList, getAuthTime, getIDTokenSpec, getSubject
-
Methods inherited from class com.nimbusds.openid.connect.provider.spi.grants.GrantAuthorization
getAccessTokenSpec, getAudience, getClaimsSpec, getData, getScope
-
-
-
-
Constructor Detail
-
ThirdPartyAssertionAuthorization
public ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.Scope scope)
Creates a new authorisation for a third-party issued assertion grant where the client acts on behalf of a user.See RFC 7521, section 6.3.
- Parameters:
subject
- The subject (end-user). Must not benull
.clientID
- The client identifier. Must be registered with the Connect2id server. Must not benull
.scope
- The authorised scope values. Must not benull
.
-
ThirdPartyAssertionAuthorization
public ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.Scope scope, AccessTokenSpec accessTokenSpec, IDTokenSpec idTokenSpec, ClaimsSpec claimsSpec, @Nullable net.minidev.json.JSONObject data)
Creates a new authorisation for a third-party issued assertion grant where the client acts on behalf of a user.See RFC 7521, section 6.3.
- Parameters:
subject
- The subject (end-user). Must not benull
.clientID
- The client identifier. Must be registered with the Connect2id server. Must not benull
.scope
- The authorised scope values. Must not benull
.accessTokenSpec
- The access token specification. Must not benull
.idTokenSpec
- The ID token specification. Must not benull
.claimsSpec
- The OpenID claims specification. Must not benull
.data
- Additional data as a JSON object,null
if not specified.
-
ThirdPartyAssertionAuthorization
public ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.ClientID subject, com.nimbusds.oauth2.sdk.Scope scope)
Creates a new authorisation for a third-party issued assertion grant where the client acts on its own behalf.See RFC 7521, section 6.2.
- Parameters:
subject
- The client identifier. Must be registered with the Connect2id server. Must not benull
.scope
- The authorised scope values. Must not benull
.
-
ThirdPartyAssertionAuthorization
public ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.ClientID subject, com.nimbusds.oauth2.sdk.Scope scope, AccessTokenSpec accessTokenSpec, @Nullable net.minidev.json.JSONObject data)
Creates a new authorisation for a third-party issued assertion grant where the client acts on its own behalf.See RFC 7521, section 6.2.
- Parameters:
subject
- The client identifier. Must be registered with the Connect2id server. Must not benull
.scope
- The authorised scope values. Must not benull
.accessTokenSpec
- The access token specification. Must not benull
.data
- Additional data as a JSON object,null
if not specified.
-
-
Method Detail
-
getClientID
public com.nimbusds.oauth2.sdk.id.ClientID getClientID()
Returns the authorised client.- Returns:
- The authorised client identifier,
null
if not specified.
-
toJSONObject
public net.minidev.json.JSONObject toJSONObject()
Description copied from class:GrantAuthorization
Returns a JSON object representation of this authorisation.- Overrides:
toJSONObject
in classSubjectAuthorization
- Returns:
- The JSON object representation.
-
parse
public static ThirdPartyAssertionAuthorization parse(net.minidev.json.JSONObject jsonObject) throws com.nimbusds.oauth2.sdk.ParseException
Parses a third-party assertion grant authorisation from the specified JSON object.- Parameters:
jsonObject
- The JSON object to parse. Must not benull
.- Returns:
- The authorisation.
- Throws:
com.nimbusds.oauth2.sdk.ParseException
- If parsing failed.
-
parse
public static ThirdPartyAssertionAuthorization parse(String json) throws com.nimbusds.oauth2.sdk.ParseException
Parses a third-party assertion grant authorisation from the specified JSON object string.- Parameters:
json
- The JSON object string to parse. Must not benull
.- Returns:
- The authorisation.
- Throws:
com.nimbusds.oauth2.sdk.ParseException
- If parsing failed.
-
-