Package com.nimbusds.openid.connect.provider.spi.claims

Interface ClaimsSourceRequestContext

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      @Nullable net.minidev.json.JSONObject getClaimsData()
      Returns the optional claims fulfillment data.
      com.nimbusds.openid.connect.sdk.claims.ClaimsTransport getClaimsTransport()
      Returns the claims transport, if applicable.
      com.nimbusds.oauth2.sdk.id.ClientID getClientID()
      Returns the identifier of the OAuth 2.0 client (client_id).
      @Nullable String getClientIPAddress()
      Returns the client IP address.
      @Nullable SubjectSession getSubjectSession()
      Returns the associated subject (end-user) session where the claims sourcing was authorised.
      @Nullable com.nimbusds.oauth2.sdk.token.AccessToken getUserInfoAccessToken()
      Returns the received and successfully validated UserInfo access token for the claims request.

    • Method Detail

      • getClaimsTransport

        com.nimbusds.openid.connect.sdk.claims.ClaimsTransport getClaimsTransport()
        Returns the claims transport, if applicable.
        Returns:
        UserInfo or ID token, null if the claims source SPI is invoked for another purpose (e.g. in a TokenEncoderContext).

      • getClaimsData

        @Nullable net.minidev.json.JSONObject getClaimsData()
        Returns the optional claims fulfillment data.
        Returns:
        The claims fulfillment data, null if not specified.

      • getClientID

        com.nimbusds.oauth2.sdk.id.ClientID getClientID()
        Returns the identifier of the OAuth 2.0 client (client_id).
        Returns:
        The client ID. Not null.

      • getClientIPAddress

        @Nullable String getClientIPAddress()
        Returns the client IP address.
        Returns:
        The client IP address, null if not available.

      • getUserInfoAccessToken

        @Nullable com.nimbusds.oauth2.sdk.token.AccessToken getUserInfoAccessToken()
        Returns the received and successfully validated UserInfo access token for the claims request. If a claims request is triggered in a OpenID Connect implicit and hybrid flows, where the claims are returned as part of the ID token, an access token is not involved and hence not returned by this method.

        The claims source may use the UserInfo access token for the retrieval of aggregated and distributed claims, where the same token is recognised by the upstream claims providers. See OpenID Connect Core 1.0, section 5.6.

        Returns:
        The UserInfo access token, null if the claims request wasn't triggered by a UserInfo request.

      • getSubjectSession

        @Nullable SubjectSession getSubjectSession()
        Returns the associated subject (end-user) session where the claims sourcing was authorised.

        The subject session is supplied in the following cases:

        • Claims sourcing for the UserInfo endpoint where the subject session where the claims consent occurred is still present (not expired or closed)
        • Claims sourcing for ID token issue in response to an OAuth 2.0 authorisation code, implicit (including OpenID Connect hybrid response type) and refresh token grants.
        • Claims sourcing for a direct authorisation request where a valid subject session ID was supplied, or a new subject session was created.
        Returns:
        The subject session, null if closed or expired, or not available (due to the session key not being encoded into the access token where applicable, or other reasons).