Package com.nimbusds.openid.connect.provider.spi.grants

Class SubjectAuthorization

java.lang.Object
com.nimbusds.openid.connect.provider.spi.grants.GrantAuthorization
com.nimbusds.openid.connect.provider.spi.grants.SubjectAuthorization
Direct Known Subclasses:
PasswordGrantAuthorization, SelfIssuedAssertionAuthorization, ThirdPartyAssertionAuthorization, TokenExchangeAuthorization
@Immutable public class SubjectAuthorization extends GrantAuthorization
OAuth 2.0 / OpenID Connect authorisation produced by a GrantHandler specifying a subject (end-user) and permitting ID token issue.

Required authorisation details:

  • The subject (end-user).
  • The authorised scope.

All other parameters are optional or have suitable defaults.

  • Constructor Details

    • SubjectAuthorization

      public SubjectAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.Scope scope, AccessTokenSpec accessTokenSpec, IDTokenSpec idTokenSpec, ClaimsSpec claimsSpec, @Nullable net.minidev.json.JSONObject data)
      Creates a new authorisation for the specified subject.
      Parameters:
      subject - The subject (end-user) identifier. Must not be null.
      scope - The authorised scope values. Must not be null.
      accessTokenSpec - The access token specification. Must not be null.
      idTokenSpec - The ID token specification. Must not be null.
      claimsSpec - The OpenID claims specification. Must not be null.
      data - Additional data as a JSON object, null if not specified.

  • Method Details

    • getSubject

      public com.nimbusds.oauth2.sdk.id.Subject getSubject()
      Returns the subject (end-user) identifier.
      Returns:
      The subject identifier.

    • getAuthTime

      public @Nullable Date getAuthTime()
      Returns the time of the subject authentication.
      Returns:
      The time of the subject authentication. If null it will be set to now. Applies only if an ID token is issued.

    • getACR

      public @Nullable com.nimbusds.openid.connect.sdk.claims.ACR getACR()
      Returns the Authentication Context Class Reference (ACR).
      Returns:
      The Authentication Context Class Reference (ACR), null if not specified. Applies only if an ID token is issued.

    • getAMRList

      public @Nullable List<com.nimbusds.openid.connect.sdk.claims.AMR> getAMRList()
      Returns The Authentication Methods Reference (AMR) list.
      Returns:
      The Authentication Methods Reference (AMR) list, null if not specified. Applies only if an ID token is issued.

    • getIDTokenSpec

      public IDTokenSpec getIDTokenSpec()
      Returns the ID token specification.
      Returns:
      The ID token specification.

    • toJSONObject

      public net.minidev.json.JSONObject toJSONObject()
      Description copied from class: GrantAuthorization
      Returns a JSON object representation of this authorisation.
      Overrides:
      toJSONObject in class GrantAuthorization
      Returns:
      The JSON object representation.

    • parse

      public static SubjectAuthorization parse(net.minidev.json.JSONObject jsonObject) throws com.nimbusds.oauth2.sdk.ParseException
      Parses a subject authorisation from the specified JSON object.
      Parameters:
      jsonObject - The JSON object to parse. Must not be null.
      Returns:
      The subject authorisation.
      Throws:
      com.nimbusds.oauth2.sdk.ParseException - If parsing failed.

    • parse

      public static SubjectAuthorization parse(String json) throws com.nimbusds.oauth2.sdk.ParseException
      Parses a subject authorisation from the specified JSON object string.
      Parameters:
      json - The JSON object string to parse. Must not be null.
      Returns:
      The subject authorisation.
      Throws:
      com.nimbusds.oauth2.sdk.ParseException - If parsing failed.