001package com.nimbusds.openid.connect.provider.spi.claims; 002 003 004import com.nimbusds.oauth2.sdk.id.ClientID; 005import com.nimbusds.oauth2.sdk.token.AccessToken; 006import com.nimbusds.openid.connect.provider.spi.InvocationContext; 007import com.nimbusds.openid.connect.provider.spi.tokens.TokenEncoderContext; 008import com.nimbusds.openid.connect.sdk.claims.ClaimsTransport; 009 010 011/** 012 * OpenID Connect claims request context. The supplied context parameters can 013 * be used in the processing and accounting of a claims request. 014 */ 015public interface ClaimsSourceRequestContext extends InvocationContext { 016 017 018 /** 019 * Returns the claims transport, if applicable. 020 * 021 * @return {@link ClaimsTransport#USERINFO UserInfo} or 022 * {@link ClaimsTransport#ID_TOKEN ID token}, {@code null} if 023 * the claims source SPI is invoked for another purpose (e.g. 024 * in a {@link TokenEncoderContext}). 025 */ 026 ClaimsTransport getClaimsTransport(); 027 028 029 /** 030 * Returns the identifier of the OAuth 2.0 client (client_id). 031 * 032 * @return The client ID. Not {@code null}. 033 */ 034 ClientID getClientID(); 035 036 037 /** 038 * Returns the client IP address. 039 * 040 * @return The client IP address, {@code null} if not available. 041 */ 042 String getClientIPAddress(); 043 044 045 /** 046 * Returns the received and successfully validated UserInfo access 047 * token for the claims request. If a claims request is triggered in a 048 * OpenID Connect implicit and hybrid flows, where the claims are 049 * returned as part of the ID token, an access token is not involved 050 * and hence not returned by this method. 051 * 052 * <p>The claims source may use the UserInfo access token for the 053 * retrieval of aggregated and distributed claims, where the same token 054 * is recognised by the upstream claims providers. See OpenID Connect 055 * Core 1.0, section 5.6. 056 * 057 * @return The UserInfo access token, {@code null} if the claims 058 * request wasn't triggered by a UserInfo request. 059 */ 060 AccessToken getUserInfoAccessToken(); 061}