Package com.nimbusds.openid.connect.provider.spi.grants

Class SelfIssuedAssertionAuthorization

java.lang.Object
com.nimbusds.openid.connect.provider.spi.grants.GrantAuthorization
com.nimbusds.openid.connect.provider.spi.grants.SubjectAuthorization
com.nimbusds.openid.connect.provider.spi.grants.SelfIssuedAssertionAuthorization
@Immutable public class SelfIssuedAssertionAuthorization extends SubjectAuthorization
Authorisation produced by a grant handler of self-issued assertions (SAML 2.0 or JWT bearer).

Required authorisation details:

  • The subject (end-user).
  • The authorised scope.

All other parameters are optional or have suitable defaults.

  • Constructor Details

    • SelfIssuedAssertionAuthorization

      public SelfIssuedAssertionAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.Scope scope)
      Creates a new authorisation for a self-issued assertion grant where the client acts on behalf of a user.

      See RFC 7521, section 6.3.

      Parameters:
      subject - The subject (end-user). Must not be null.
      scope - The authorised scope values. Must not be null.

    • SelfIssuedAssertionAuthorization

      public SelfIssuedAssertionAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.Scope scope, AccessTokenSpec accessTokenSpec, IDTokenSpec idTokenSpec, ClaimsSpec claimsSpec, @Nullable net.minidev.json.JSONObject data)
      Creates a new authorisation for a self-issued assertion grant where the client acts on behalf of a user.

      See RFC 7521, section 6.3.

      Parameters:
      subject - The subject (end-user). Must not be null.
      scope - The authorised scope values. Must not be null.
      accessTokenSpec - The access token specification. Must not be null.
      idTokenSpec - The ID token specification. Must not be null.
      claimsSpec - The OpenID claims specification. Must not be null.
      data - Additional data as a JSON object, null if not specified.

    • SelfIssuedAssertionAuthorization

      public SelfIssuedAssertionAuthorization(com.nimbusds.oauth2.sdk.id.ClientID subject, com.nimbusds.oauth2.sdk.Scope scope)
      Creates a new authorisation for a self-issued assertion grant where the client acts on its own behalf.

      See RFC 7521, section 6.2.

      Parameters:
      subject - The client identifier. Must not be null.
      scope - The authorised scope values. Must not be null.

    • SelfIssuedAssertionAuthorization

      public SelfIssuedAssertionAuthorization(com.nimbusds.oauth2.sdk.id.ClientID subject, com.nimbusds.oauth2.sdk.Scope scope, AccessTokenSpec accessTokenSpec, @Nullable net.minidev.json.JSONObject data)
      Creates a new authorisation for a self-issued assertion grant where the client acts on its own behalf.

      See RFC 7521, section 6.2.

      Parameters:
      subject - The client identifier. Must not be null.
      scope - The authorised scope values. Must not be null.
      accessTokenSpec - The access token specification. Must not be null.
      data - Additional data as a JSON object, null if not specified.

  • Method Details

    • parse

      public static SelfIssuedAssertionAuthorization parse(net.minidev.json.JSONObject jsonObject) throws com.nimbusds.oauth2.sdk.ParseException
      Parses a self-issued assertion grant authorisation from the specified JSON object.
      Parameters:
      jsonObject - The JSON object to parse. Must not be null.
      Returns:
      The authorisation.
      Throws:
      com.nimbusds.oauth2.sdk.ParseException - If parsing failed.

    • parse

      public static SelfIssuedAssertionAuthorization parse(String json) throws com.nimbusds.oauth2.sdk.ParseException
      Parses a self-issued assertion grant authorisation from the specified JSON object string.
      Parameters:
      json - The JSON object string to parse. Must not be null.
      Returns:
      The authorisation.
      Throws:
      com.nimbusds.oauth2.sdk.ParseException - If parsing failed.