Package com.nimbusds.openid.connect.provider.spi.grants

Class ThirdPartyAssertionAuthorization

  • @Immutable
public class ThirdPartyAssertionAuthorization
extends SubjectAuthorization
    Authorisation produced by a grant handler of assertions (SAML 2.0 or JWT bearer) issued by a third-party security token service.

    Required authorisation details:

    • The subject (end-user).
    • The client identifier, must be registered with the Connect2id server.
    • The authorised scope.

    All other parameters are optional or have suitable defaults.

    • Constructor Detail

      • ThirdPartyAssertionAuthorization

        public ThirdPartyAssertionAuthorization​(com.nimbusds.oauth2.sdk.id.Subject subject,
                                        com.nimbusds.oauth2.sdk.id.ClientID clientID,
                                        com.nimbusds.oauth2.sdk.Scope scope)
        Creates a new authorisation for a third-party issued assertion grant where the client acts on behalf of a user.

        See RFC 7521, section 6.3.

        Parameters:
        subject - The subject (end-user). Must not be null.
        clientID - The client identifier. Must be registered with the Connect2id server. Must not be null.
        scope - The authorised scope values. Must not be null.

      • ThirdPartyAssertionAuthorization

        public ThirdPartyAssertionAuthorization​(com.nimbusds.oauth2.sdk.id.Subject subject,
                                        com.nimbusds.oauth2.sdk.id.ClientID clientID,
                                        com.nimbusds.oauth2.sdk.Scope scope,
                                        AccessTokenSpec accessTokenSpec,
                                        IDTokenSpec idTokenSpec,
                                        ClaimsSpec claimsSpec,
                                        @Nullable net.minidev.json.JSONObject data)
        Creates a new authorisation for a third-party issued assertion grant where the client acts on behalf of a user.

        See RFC 7521, section 6.3.

        Parameters:
        subject - The subject (end-user). Must not be null.
        clientID - The client identifier. Must be registered with the Connect2id server. Must not be null.
        scope - The authorised scope values. Must not be null.
        accessTokenSpec - The access token specification. Must not be null.
        idTokenSpec - The ID token specification. Must not be null.
        claimsSpec - The OpenID claims specification. Must not be null.
        data - Additional data as a JSON object, null if not specified.

      • ThirdPartyAssertionAuthorization

        public ThirdPartyAssertionAuthorization​(com.nimbusds.oauth2.sdk.id.ClientID subject,
                                        com.nimbusds.oauth2.sdk.Scope scope)
        Creates a new authorisation for a third-party issued assertion grant where the client acts on its own behalf.

        See RFC 7521, section 6.2.

        Parameters:
        subject - The client identifier. Must be registered with the Connect2id server. Must not be null.
        scope - The authorised scope values. Must not be null.

      • ThirdPartyAssertionAuthorization

        public ThirdPartyAssertionAuthorization​(com.nimbusds.oauth2.sdk.id.ClientID subject,
                                        com.nimbusds.oauth2.sdk.Scope scope,
                                        AccessTokenSpec accessTokenSpec,
                                        @Nullable net.minidev.json.JSONObject data)
        Creates a new authorisation for a third-party issued assertion grant where the client acts on its own behalf.

        See RFC 7521, section 6.2.

        Parameters:
        subject - The client identifier. Must be registered with the Connect2id server. Must not be null.
        scope - The authorised scope values. Must not be null.
        accessTokenSpec - The access token specification. Must not be null.
        data - Additional data as a JSON object, null if not specified.

    • Method Detail

      • getClientID

        public com.nimbusds.oauth2.sdk.id.ClientID getClientID()
        Returns the authorised client.
        Returns:
        The authorised client identifier, null if not specified.

      • parse

        public static ThirdPartyAssertionAuthorization parse​(net.minidev.json.JSONObject jsonObject)
                                              throws com.nimbusds.oauth2.sdk.ParseException
        Parses a third-party assertion grant authorisation from the specified JSON object.
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        Returns:
        The authorisation.
        Throws:
        com.nimbusds.oauth2.sdk.ParseException - If parsing failed.

      • parse

        public static ThirdPartyAssertionAuthorization parse​(String json)
                                              throws com.nimbusds.oauth2.sdk.ParseException
        Parses a third-party assertion grant authorisation from the specified JSON object string.
        Parameters:
        json - The JSON object string to parse. Must not be null.
        Returns:
        The authorisation.
        Throws:
        com.nimbusds.oauth2.sdk.ParseException - If parsing failed.