Package com.nimbusds.openid.connect.provider.spi.tokens

Class MutableAccessTokenAuthorization

java.lang.Object

com.nimbusds.openid.connect.provider.spi.tokens.MutableAccessTokenAuthorization

All Implemented Interfaces:

AccessTokenAuthorization

public final class MutableAccessTokenAuthorization
extends Object
implements AccessTokenAuthorization

Mutable access token authorisation.

Constructor Summary

Constructors

Constructor	Description
MutableAccessTokenAuthorization()	Creates a new empty mutable access token authorisation.
MutableAccessTokenAuthorization(AccessTokenAuthorization source)	Creates a new mutable access token authorisation from the specified one.

Method Summary

Modifier and Type	Method	Description
@Nullable com.nimbusds.oauth2.sdk.id.Actor	getActor()	Returns the access token actor, in impersonation and delegation scenarios.
@Nullable List<com.nimbusds.oauth2.sdk.id.Audience>	getAudienceList()	Returns the audience list of the access token, which may be the logical names of the intended resource servers.
@Nullable Set<String>	getClaimNames()	Returns the names of the consented OpenID claims to be accessed at the UserInfo endpoint.
@Nullable net.minidev.json.JSONObject	getClaimsData()	Returns the optional OpenID claims fulfillment data.
@Nullable List<com.nimbusds.langtag.LangTag>	getClaimsLocales()	Returns the preferred locales for the consented OpenID claims.
@Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation	getClientCertificateConfirmation()	Returns the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.
@Nullable com.nimbusds.oauth2.sdk.id.ClientID	getClientID()	Returns the identifier of the client to which the access token is issued.
@Nullable net.minidev.json.JSONObject	getData()	Returns the optional data for the access token.
@Nullable Instant	getExpirationTime()	Returns the expiration time of the access token.
@Nullable com.nimbusds.oauth2.sdk.id.Issuer	getIssuer()	Returns the issuer of the access token.
@Nullable Instant	getIssueTime()	Returns the issue time of the access token.
@Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation	getJWKThumbprintConfirmation()	Returns the JWK SHA-256 thumbprint confirmation for DPoP.
@Nullable com.nimbusds.oauth2.sdk.id.JWTID	getJWTID()	Returns the JSON Web Token (JWT) identifier of the access token.
@Nullable com.nimbusds.oauth2.sdk.id.Subject	getLocalSubject()	Returns the access token local subject.
@Nullable Map<String,Object>	getOtherTopLevelParameters()	Returns a map of other top-level parameters.
@Nullable net.minidev.json.JSONObject	getPresetClaims()	Returns the preset OpenID claims to be included in the UserInfo response.
@Nullable com.nimbusds.oauth2.sdk.Scope	getScope()	Returns the scope of the access token.
@Nullable com.nimbusds.oauth2.sdk.id.Subject	getSubject()	Returns the access token subject.
@Nullable String	getSubjectSessionKey()	Returns the associated subject (end-user) session key (session ID with omitted HMAC).
@Nullable com.nimbusds.openid.connect.sdk.SubjectType	getSubjectType()	Returns the access token subject type.
String	toString()
MutableAccessTokenAuthorization	withActor(@Nullable com.nimbusds.oauth2.sdk.id.Actor act)	Sets the access token actor, in impersonation and delegation scenarios.
MutableAccessTokenAuthorization	withAudienceList(@Nullable List<com.nimbusds.oauth2.sdk.id.Audience> audList)	Sets the audience list of the access token, which may be the logical names of the intended resource servers.
MutableAccessTokenAuthorization	withClaimNames(@Nullable Set<String> claimNames)	Sets the names of the consented OpenID claims to be accessed at the UserInfo endpoint.
MutableAccessTokenAuthorization	withClaimsData(@Nullable net.minidev.json.JSONObject claimsData)	Sets the OpenID claims fulfillment data for the claims source at the UserInfo endpoint.
MutableAccessTokenAuthorization	withClaimsLocales(@Nullable List<com.nimbusds.langtag.LangTag> claimsLocales)	Sets the preferred locales for the consented OpenID claims.
MutableAccessTokenAuthorization	withClientCertificateConfirmation(@Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation cnfX5t)	Sets the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.
MutableAccessTokenAuthorization	withClientID(@Nullable com.nimbusds.oauth2.sdk.id.ClientID clientID)	Sets the identifier of the client to which the access token is issued.
MutableAccessTokenAuthorization	withData(@Nullable net.minidev.json.JSONObject data)	Sets the optional data for the access token.
MutableAccessTokenAuthorization	withExpirationTime(@Nullable Instant exp)	Sets the expiration time of the access token.
MutableAccessTokenAuthorization	withIssuer(@Nullable com.nimbusds.oauth2.sdk.id.Issuer iss)	Sets the issuer of the access token.
MutableAccessTokenAuthorization	withIssueTime(@Nullable Instant iat)	Sets the issue time of the access token.
MutableAccessTokenAuthorization	withJWKThumbprintConfirmation(@Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation cnfJkt)	Sets the JWK SHA-256 thumbprint confirmation for DPoP.
MutableAccessTokenAuthorization	withJWTID(@Nullable com.nimbusds.oauth2.sdk.id.JWTID jti)	Sets the JSON Web Token (JWT) identifier of the access token.
MutableAccessTokenAuthorization	withLocalSubject(@Nullable com.nimbusds.oauth2.sdk.id.Subject localSubject)	Sets the access token local (system) subject.
MutableAccessTokenAuthorization	withOtherTopLevelParameters(@Nullable Map<String,Object> params)	Sets the other top-level parameters.
MutableAccessTokenAuthorization	withPresetClaims(@Nullable net.minidev.json.JSONObject presetClaims)	Sets the preset OpenID claims to be included in the UserInfo response.
MutableAccessTokenAuthorization	withScope(@Nullable com.nimbusds.oauth2.sdk.Scope scope)	Sets the scope of the access token.
MutableAccessTokenAuthorization	withSubject(@Nullable com.nimbusds.oauth2.sdk.id.Subject sub)	Sets the access token subject.
MutableAccessTokenAuthorization	withSubjectSessionkey(@Nullable String subjectSessionKey)	Sets the associated subject (end-user) session key (session ID with omitted HMAC).
MutableAccessTokenAuthorization	withSubjectType(@Nullable com.nimbusds.openid.connect.sdk.SubjectType subjectType)	Sets the access token subject type.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

MutableAccessTokenAuthorization

public MutableAccessTokenAuthorization()

Creates a new empty mutable access token authorisation.

MutableAccessTokenAuthorization

public MutableAccessTokenAuthorization(AccessTokenAuthorization source)

Creates a new mutable access token authorisation from the specified one.

Parameters:

source - The source access token authorisation. Must not be null.

Method Details

withSubject

public MutableAccessTokenAuthorization withSubject(@Nullable com.nimbusds.oauth2.sdk.id.Subject sub)

Sets the access token subject.

Parameters:

sub - The subject, null if not specified.

Returns:

This object.

getSubject

public @Nullable com.nimbusds.oauth2.sdk.id.Subject getSubject()

Description copied from interface: AccessTokenAuthorization

Returns the access token subject.

Specified by:

getSubject in interface AccessTokenAuthorization

Returns:

The subject, null if not specified.

withActor

public MutableAccessTokenAuthorization withActor(@Nullable com.nimbusds.oauth2.sdk.id.Actor act)

Sets the access token actor, in impersonation and delegation scenarios.

Parameters:

act - The actor, null if not specified.

Returns:

This object.

getActor

public @Nullable com.nimbusds.oauth2.sdk.id.Actor getActor()

Description copied from interface: AccessTokenAuthorization

Returns the access token actor, in impersonation and delegation scenarios.

Specified by:

getActor in interface AccessTokenAuthorization

Returns:

The actor, null if not specified.

withClientID

public MutableAccessTokenAuthorization withClientID(@Nullable com.nimbusds.oauth2.sdk.id.ClientID clientID)

Sets the identifier of the client to which the access token is issued.

Parameters:

clientID - The client identifier, null if not specified.

Returns:

This object.

getClientID

public @Nullable com.nimbusds.oauth2.sdk.id.ClientID getClientID()

Description copied from interface: AccessTokenAuthorization

Returns the identifier of the client to which the access token is issued.

Specified by:

getClientID in interface AccessTokenAuthorization

Returns:

The client identifier, null if not specified.

withScope

public MutableAccessTokenAuthorization withScope(@Nullable com.nimbusds.oauth2.sdk.Scope scope)

Sets the scope of the access token.

Parameters:

scope - The scope, null if not specified.

Returns:

This object.

getScope

public @Nullable com.nimbusds.oauth2.sdk.Scope getScope()

Description copied from interface: AccessTokenAuthorization

Returns the scope of the access token.

Specified by:

getScope in interface AccessTokenAuthorization

Returns:

The scope, null if not specified.

withExpirationTime

public MutableAccessTokenAuthorization withExpirationTime(@Nullable Instant exp)

Sets the expiration time of the access token.

Parameters:

exp - The expiration time, null if not specified.

Returns:

This object.

getExpirationTime

public @Nullable Instant getExpirationTime()

Description copied from interface: AccessTokenAuthorization

Returns the expiration time of the access token.

Specified by:

getExpirationTime in interface AccessTokenAuthorization

Returns:

The expiration time, null if not specified.

withIssueTime

public MutableAccessTokenAuthorization withIssueTime(@Nullable Instant iat)

Sets the issue time of the access token.

Parameters:

iat - The issue time, null if not specified.

Returns:

This object.

getIssueTime

public @Nullable Instant getIssueTime()

Description copied from interface: AccessTokenAuthorization

Returns the issue time of the access token.

Specified by:

getIssueTime in interface AccessTokenAuthorization

Returns:

The issue time, null if not specified.

withIssuer

public MutableAccessTokenAuthorization withIssuer(@Nullable com.nimbusds.oauth2.sdk.id.Issuer iss)

Sets the issuer of the access token.

Parameters:

iss - The issuer, null if not specified.

Returns:

This object.

getIssuer

public @Nullable com.nimbusds.oauth2.sdk.id.Issuer getIssuer()

Description copied from interface: AccessTokenAuthorization

Returns the issuer of the access token.

Specified by:

getIssuer in interface AccessTokenAuthorization

Returns:

The issuer, null if not specified.

withAudienceList

public MutableAccessTokenAuthorization withAudienceList(@Nullable List<com.nimbusds.oauth2.sdk.id.Audience> audList)

Sets the audience list of the access token, which may be the logical names of the intended resource servers.

Parameters:

audList - The audience list, null if not specified.

Returns:

This object.

getAudienceList

public @Nullable List<com.nimbusds.oauth2.sdk.id.Audience> getAudienceList()

Description copied from interface: AccessTokenAuthorization

Returns the audience list of the access token, which may be the logical names of the intended resource servers.

Specified by:

getAudienceList in interface AccessTokenAuthorization

Returns:

The audience list, null if not specified.

withSubjectType

public MutableAccessTokenAuthorization withSubjectType(@Nullable com.nimbusds.openid.connect.sdk.SubjectType subjectType)

Sets the access token subject type.

Parameters:

subjectType - The subject type, null if not specified (may imply public).

Returns:

This object.

getSubjectType

public @Nullable com.nimbusds.openid.connect.sdk.SubjectType getSubjectType()

Description copied from interface: AccessTokenAuthorization

Returns the access token subject type.

Specified by:

getSubjectType in interface AccessTokenAuthorization

Returns:

The subject type, null if not specified (may imply public).

withLocalSubject

public MutableAccessTokenAuthorization withLocalSubject(@Nullable com.nimbusds.oauth2.sdk.id.Subject localSubject)

Sets the access token local (system) subject.

Parameters:

localSubject - The local (system) subject, null if not specified or for a pairwise subject type that couldn't be reversed.

Returns:

This object.

getLocalSubject

public @Nullable com.nimbusds.oauth2.sdk.id.Subject getLocalSubject()

Description copied from interface: AccessTokenAuthorization

Returns the access token local subject. Equals the AccessTokenAuthorization.getSubject() value unless the subject type is pairwise.

Use this method if there is a need to get the local (system) subject for an access token which subject was made pairwise for its audience (resource server).

Note, an access token which subject is made pairwise must not have its local subject exposed in introspection responses intended for the token audience!

Specified by:

getLocalSubject in interface AccessTokenAuthorization

Returns:

The local subject, null if not specified or for a pairwise subject type that couldn't be reversed.

withJWTID

public MutableAccessTokenAuthorization withJWTID(@Nullable com.nimbusds.oauth2.sdk.id.JWTID jti)

Sets the JSON Web Token (JWT) identifier of the access token.

Parameters:

jti - The JWT ID, null if not specified or applicable.

Returns:

This object.

getJWTID

public @Nullable com.nimbusds.oauth2.sdk.id.JWTID getJWTID()

Description copied from interface: AccessTokenAuthorization

Returns the JSON Web Token (JWT) identifier of the access token.

Specified by:

getJWTID in interface AccessTokenAuthorization

Returns:

The JWT ID, null if not specified or applicable.

withClaimNames

public MutableAccessTokenAuthorization withClaimNames(@Nullable Set<String> claimNames)

Sets the names of the consented OpenID claims to be accessed at the UserInfo endpoint.

Parameters:

claimNames - The claim names, null if not specified.

Returns:

This object.

getClaimNames

public @Nullable Set<String> getClaimNames()

Description copied from interface: AccessTokenAuthorization

Returns the names of the consented OpenID claims to be accessed at the UserInfo endpoint.

Specified by:

getClaimNames in interface AccessTokenAuthorization

Returns:

The claim names, null if not specified.

withClaimsLocales

public MutableAccessTokenAuthorization withClaimsLocales(@Nullable List<com.nimbusds.langtag.LangTag> claimsLocales)

Sets the preferred locales for the consented OpenID claims.

Parameters:

claimsLocales - The preferred claims locales, null if not specified.

Returns:

This object.

getClaimsLocales

public @Nullable List<com.nimbusds.langtag.LangTag> getClaimsLocales()

Description copied from interface: AccessTokenAuthorization

Returns the preferred locales for the consented OpenID claims.

Specified by:

getClaimsLocales in interface AccessTokenAuthorization

Returns:

The preferred claims locales, null if not specified.

withPresetClaims

public MutableAccessTokenAuthorization withPresetClaims(@Nullable net.minidev.json.JSONObject presetClaims)

Sets the preset OpenID claims to be included in the UserInfo response.

Parameters:

presetClaims - The preset OpenID claims, null if not specified.

Returns:

This object.

getPresetClaims

public @Nullable net.minidev.json.JSONObject getPresetClaims()

Description copied from interface: AccessTokenAuthorization

Returns the preset OpenID claims to be included in the UserInfo response.

Specified by:

getPresetClaims in interface AccessTokenAuthorization

Returns:

The preset OpenID claims, null if not specified.

withClaimsData

public MutableAccessTokenAuthorization withClaimsData(@Nullable net.minidev.json.JSONObject claimsData)

Sets the OpenID claims fulfillment data for the claims source at the UserInfo endpoint.

Parameters:

claimsData - The OpenID claims fulfillment data, null if not specified.

Returns:

This object.

getClaimsData

public @Nullable net.minidev.json.JSONObject getClaimsData()

Description copied from interface: AccessTokenAuthorization

Returns the optional OpenID claims fulfillment data.

Specified by:

getClaimsData in interface AccessTokenAuthorization

Returns:

The OpenID claims fulfillment data, null if not specified.

withSubjectSessionkey

public MutableAccessTokenAuthorization withSubjectSessionkey(@Nullable String subjectSessionKey)

Sets the associated subject (end-user) session key (session ID with omitted HMAC).

Parameters:

subjectSessionKey - The subject session key, null if not available.

Returns:

This object.

getSubjectSessionKey

public @Nullable String getSubjectSessionKey()

Description copied from interface: AccessTokenAuthorization

Returns the associated subject (end-user) session key (session ID with omitted HMAC).

Specified by:

getSubjectSessionKey in interface AccessTokenAuthorization

Returns:

The subject session key, null if not available.

withData

public MutableAccessTokenAuthorization withData(@Nullable net.minidev.json.JSONObject data)

Sets the optional data for the access token.

Parameters:

data - The optional data, represented as a JSON object, null if not specified.

Returns:

This object.

getData

public @Nullable net.minidev.json.JSONObject getData()

Description copied from interface: AccessTokenAuthorization

Returns the optional data for the access token.

Specified by:

getData in interface AccessTokenAuthorization

Returns:

The optional data, represented as a JSON object, null if not specified.

withClientCertificateConfirmation

public MutableAccessTokenAuthorization withClientCertificateConfirmation(@Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation cnfX5t)

Sets the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.

Parameters:

cnfX5t - The client X.509 certificate confirmation, null if none.

Returns:

This object.

getClientCertificateConfirmation

public @Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation getClientCertificateConfirmation()

Description copied from interface: AccessTokenAuthorization

Returns the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.

Specified by:

getClientCertificateConfirmation in interface AccessTokenAuthorization

Returns:

The client X.509 certificate confirmation, null if none.

withJWKThumbprintConfirmation

public MutableAccessTokenAuthorization withJWKThumbprintConfirmation(@Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation cnfJkt)

Sets the JWK SHA-256 thumbprint confirmation for DPoP.

Parameters:

cnfJkt - The JWK thumbprint confirmation, null if none.

Returns:

This object.

getJWKThumbprintConfirmation

public @Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation getJWKThumbprintConfirmation()

Description copied from interface: AccessTokenAuthorization

Returns the JWK SHA-256 thumbprint confirmation for DPoP.

Specified by:

getJWKThumbprintConfirmation in interface AccessTokenAuthorization

Returns:

The JWK thumbprint confirmation, null if none.

withOtherTopLevelParameters

public MutableAccessTokenAuthorization withOtherTopLevelParameters(@Nullable Map<String,Object> params)

Sets the other top-level parameters.

Parameters:

params - Other top-level parameters, the values should map to JSON entities, null if none.

Returns:

This object.

getOtherTopLevelParameters

public @Nullable Map<String,Object> getOtherTopLevelParameters()

Description copied from interface: AccessTokenAuthorization

Returns a map of other top-level parameters.

Specified by:

getOtherTopLevelParameters in interface AccessTokenAuthorization

Returns:

Other top-level parameters, the values should map to JSON entities, null if none.

toString

public String toString()

Overrides:

toString in class Object