Class MutableAccessTokenAuthorization
java.lang.Object
com.nimbusds.openid.connect.provider.spi.tokens.MutableAccessTokenAuthorization
- All Implemented Interfaces:
AccessTokenAuthorization
public final class MutableAccessTokenAuthorization
extends Object
implements AccessTokenAuthorization
Mutable access token authorisation.
-
Constructor Summary
ConstructorDescriptionCreates a new empty mutable access token authorisation.Creates a new mutable access token authorisation from the specified one. -
Method Summary
Modifier and TypeMethodDescription@Nullable com.nimbusds.oauth2.sdk.id.Actor
getActor()
Returns the access token actor, in impersonation and delegation scenarios.@Nullable List<com.nimbusds.oauth2.sdk.id.Audience>
Returns the audience list of the access token, which may be the logical names of the intended resource servers.Returns the names of the consented OpenID claims to be accessed at the UserInfo endpoint.@Nullable net.minidev.json.JSONObject
Returns the optional OpenID claims fulfillment data.@Nullable List<com.nimbusds.langtag.LangTag>
Returns the preferred locales for the consented OpenID claims.@Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation
Returns the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.@Nullable com.nimbusds.oauth2.sdk.id.ClientID
Returns the identifier of the client to which the access token is issued.@Nullable net.minidev.json.JSONObject
getData()
Returns the optional data for the access token.@Nullable Instant
Returns the expiration time of the access token.@Nullable com.nimbusds.oauth2.sdk.id.Issuer
Returns the issuer of the access token.@Nullable Instant
Returns the issue time of the access token.@Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation
Returns the JWK SHA-256 thumbprint confirmation for DPoP.@Nullable com.nimbusds.oauth2.sdk.id.JWTID
getJWTID()
Returns the JSON Web Token (JWT) identifier of the access token.@Nullable com.nimbusds.oauth2.sdk.id.Subject
Returns the access token local subject.Returns a map of other top-level parameters.@Nullable net.minidev.json.JSONObject
Returns the preset OpenID claims to be included in the UserInfo response.@Nullable com.nimbusds.oauth2.sdk.Scope
getScope()
Returns the scope of the access token.@Nullable com.nimbusds.oauth2.sdk.id.Subject
Returns the access token subject.@Nullable String
Returns the associated subject (end-user) session key (session ID with omitted HMAC).@Nullable com.nimbusds.openid.connect.sdk.SubjectType
Returns the access token subject type.toString()
withActor
(@Nullable com.nimbusds.oauth2.sdk.id.Actor act) Sets the access token actor, in impersonation and delegation scenarios.withAudienceList
(@Nullable List<com.nimbusds.oauth2.sdk.id.Audience> audList) Sets the audience list of the access token, which may be the logical names of the intended resource servers.withClaimNames
(@Nullable Set<String> claimNames) Sets the names of the consented OpenID claims to be accessed at the UserInfo endpoint.withClaimsData
(@Nullable net.minidev.json.JSONObject claimsData) Sets the OpenID claims fulfillment data for the claims source at the UserInfo endpoint.withClaimsLocales
(@Nullable List<com.nimbusds.langtag.LangTag> claimsLocales) Sets the preferred locales for the consented OpenID claims.withClientCertificateConfirmation
(@Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation cnfX5t) Sets the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.withClientID
(@Nullable com.nimbusds.oauth2.sdk.id.ClientID clientID) Sets the identifier of the client to which the access token is issued.withData
(@Nullable net.minidev.json.JSONObject data) Sets the optional data for the access token.withExpirationTime
(@Nullable Instant exp) Sets the expiration time of the access token.withIssuer
(@Nullable com.nimbusds.oauth2.sdk.id.Issuer iss) Sets the issuer of the access token.withIssueTime
(@Nullable Instant iat) Sets the issue time of the access token.withJWKThumbprintConfirmation
(@Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation cnfJkt) Sets the JWK SHA-256 thumbprint confirmation for DPoP.withJWTID
(@Nullable com.nimbusds.oauth2.sdk.id.JWTID jti) Sets the JSON Web Token (JWT) identifier of the access token.withLocalSubject
(@Nullable com.nimbusds.oauth2.sdk.id.Subject localSubject) Sets the access token local (system) subject.withOtherTopLevelParameters
(@Nullable Map<String, Object> params) Sets the other top-level parameters.withPresetClaims
(@Nullable net.minidev.json.JSONObject presetClaims) Sets the preset OpenID claims to be included in the UserInfo response.withScope
(@Nullable com.nimbusds.oauth2.sdk.Scope scope) Sets the scope of the access token.withSubject
(@Nullable com.nimbusds.oauth2.sdk.id.Subject sub) Sets the access token subject.withSubjectSessionkey
(@Nullable String subjectSessionKey) Sets the associated subject (end-user) session key (session ID with omitted HMAC).withSubjectType
(@Nullable com.nimbusds.openid.connect.sdk.SubjectType subjectType) Sets the access token subject type.
-
Constructor Details
-
MutableAccessTokenAuthorization
public MutableAccessTokenAuthorization()Creates a new empty mutable access token authorisation. -
MutableAccessTokenAuthorization
Creates a new mutable access token authorisation from the specified one.- Parameters:
source
- The source access token authorisation. Must not benull
.
-
-
Method Details
-
withSubject
public MutableAccessTokenAuthorization withSubject(@Nullable com.nimbusds.oauth2.sdk.id.Subject sub) Sets the access token subject.- Parameters:
sub
- The subject,null
if not specified.- Returns:
- This object.
-
getSubject
Description copied from interface:AccessTokenAuthorization
Returns the access token subject.- Specified by:
getSubject
in interfaceAccessTokenAuthorization
- Returns:
- The subject,
null
if not specified.
-
withActor
Sets the access token actor, in impersonation and delegation scenarios.- Parameters:
act
- The actor,null
if not specified.- Returns:
- This object.
-
getActor
Description copied from interface:AccessTokenAuthorization
Returns the access token actor, in impersonation and delegation scenarios.- Specified by:
getActor
in interfaceAccessTokenAuthorization
- Returns:
- The actor,
null
if not specified.
-
withClientID
public MutableAccessTokenAuthorization withClientID(@Nullable com.nimbusds.oauth2.sdk.id.ClientID clientID) Sets the identifier of the client to which the access token is issued.- Parameters:
clientID
- The client identifier,null
if not specified.- Returns:
- This object.
-
getClientID
Description copied from interface:AccessTokenAuthorization
Returns the identifier of the client to which the access token is issued.- Specified by:
getClientID
in interfaceAccessTokenAuthorization
- Returns:
- The client identifier,
null
if not specified.
-
withScope
Sets the scope of the access token.- Parameters:
scope
- The scope,null
if not specified.- Returns:
- This object.
-
getScope
Description copied from interface:AccessTokenAuthorization
Returns the scope of the access token.- Specified by:
getScope
in interfaceAccessTokenAuthorization
- Returns:
- The scope,
null
if not specified.
-
withExpirationTime
Sets the expiration time of the access token.- Parameters:
exp
- The expiration time,null
if not specified.- Returns:
- This object.
-
getExpirationTime
Description copied from interface:AccessTokenAuthorization
Returns the expiration time of the access token.- Specified by:
getExpirationTime
in interfaceAccessTokenAuthorization
- Returns:
- The expiration time,
null
if not specified.
-
withIssueTime
Sets the issue time of the access token.- Parameters:
iat
- The issue time,null
if not specified.- Returns:
- This object.
-
getIssueTime
Description copied from interface:AccessTokenAuthorization
Returns the issue time of the access token.- Specified by:
getIssueTime
in interfaceAccessTokenAuthorization
- Returns:
- The issue time,
null
if not specified.
-
withIssuer
Sets the issuer of the access token.- Parameters:
iss
- The issuer,null
if not specified.- Returns:
- This object.
-
getIssuer
Description copied from interface:AccessTokenAuthorization
Returns the issuer of the access token.- Specified by:
getIssuer
in interfaceAccessTokenAuthorization
- Returns:
- The issuer,
null
if not specified.
-
withAudienceList
public MutableAccessTokenAuthorization withAudienceList(@Nullable List<com.nimbusds.oauth2.sdk.id.Audience> audList) Sets the audience list of the access token, which may be the logical names of the intended resource servers.- Parameters:
audList
- The audience list,null
if not specified.- Returns:
- This object.
-
getAudienceList
Description copied from interface:AccessTokenAuthorization
Returns the audience list of the access token, which may be the logical names of the intended resource servers.- Specified by:
getAudienceList
in interfaceAccessTokenAuthorization
- Returns:
- The audience list,
null
if not specified.
-
withSubjectType
public MutableAccessTokenAuthorization withSubjectType(@Nullable com.nimbusds.openid.connect.sdk.SubjectType subjectType) Sets the access token subject type.- Parameters:
subjectType
- The subject type,null
if not specified (may implypublic
).- Returns:
- This object.
-
getSubjectType
Description copied from interface:AccessTokenAuthorization
Returns the access token subject type.- Specified by:
getSubjectType
in interfaceAccessTokenAuthorization
- Returns:
- The subject type,
null
if not specified (may implypublic
).
-
withLocalSubject
public MutableAccessTokenAuthorization withLocalSubject(@Nullable com.nimbusds.oauth2.sdk.id.Subject localSubject) Sets the access token local (system) subject.- Parameters:
localSubject
- The local (system) subject,null
if not specified or for a pairwisesubject type
that couldn't be reversed.- Returns:
- This object.
-
getLocalSubject
Description copied from interface:AccessTokenAuthorization
Returns the access token local subject. Equals theAccessTokenAuthorization.getSubject()
value unless thesubject type
is pairwise.Use this method if there is a need to get the local (system) subject for an access token which subject was made pairwise for its audience (resource server).
Note, an access token which subject is made pairwise must not have its local subject exposed in introspection responses intended for the token audience!
- Specified by:
getLocalSubject
in interfaceAccessTokenAuthorization
- Returns:
- The local subject,
null
if not specified or for a pairwisesubject type
that couldn't be reversed.
-
withJWTID
Sets the JSON Web Token (JWT) identifier of the access token.- Parameters:
jti
- The JWT ID,null
if not specified or applicable.- Returns:
- This object.
-
getJWTID
Description copied from interface:AccessTokenAuthorization
Returns the JSON Web Token (JWT) identifier of the access token.- Specified by:
getJWTID
in interfaceAccessTokenAuthorization
- Returns:
- The JWT ID,
null
if not specified or applicable.
-
withClaimNames
Sets the names of the consented OpenID claims to be accessed at the UserInfo endpoint.- Parameters:
claimNames
- The claim names,null
if not specified.- Returns:
- This object.
-
getClaimNames
Description copied from interface:AccessTokenAuthorization
Returns the names of the consented OpenID claims to be accessed at the UserInfo endpoint.- Specified by:
getClaimNames
in interfaceAccessTokenAuthorization
- Returns:
- The claim names,
null
if not specified.
-
withClaimsLocales
public MutableAccessTokenAuthorization withClaimsLocales(@Nullable List<com.nimbusds.langtag.LangTag> claimsLocales) Sets the preferred locales for the consented OpenID claims.- Parameters:
claimsLocales
- The preferred claims locales,null
if not specified.- Returns:
- This object.
-
getClaimsLocales
Description copied from interface:AccessTokenAuthorization
Returns the preferred locales for the consented OpenID claims.- Specified by:
getClaimsLocales
in interfaceAccessTokenAuthorization
- Returns:
- The preferred claims locales,
null
if not specified.
-
withPresetClaims
public MutableAccessTokenAuthorization withPresetClaims(@Nullable net.minidev.json.JSONObject presetClaims) Sets the preset OpenID claims to be included in the UserInfo response.- Parameters:
presetClaims
- The preset OpenID claims,null
if not specified.- Returns:
- This object.
-
getPresetClaims
Description copied from interface:AccessTokenAuthorization
Returns the preset OpenID claims to be included in the UserInfo response.- Specified by:
getPresetClaims
in interfaceAccessTokenAuthorization
- Returns:
- The preset OpenID claims,
null
if not specified.
-
withClaimsData
public MutableAccessTokenAuthorization withClaimsData(@Nullable net.minidev.json.JSONObject claimsData) Sets the OpenID claims fulfillment data for the claims source at the UserInfo endpoint.- Parameters:
claimsData
- The OpenID claims fulfillment data,null
if not specified.- Returns:
- This object.
-
getClaimsData
Description copied from interface:AccessTokenAuthorization
Returns the optional OpenID claims fulfillment data.- Specified by:
getClaimsData
in interfaceAccessTokenAuthorization
- Returns:
- The OpenID claims fulfillment data,
null
if not specified.
-
withSubjectSessionkey
Sets the associated subject (end-user) session key (session ID with omitted HMAC).- Parameters:
subjectSessionKey
- The subject session key,null
if not available.- Returns:
- This object.
-
getSubjectSessionKey
Description copied from interface:AccessTokenAuthorization
Returns the associated subject (end-user) session key (session ID with omitted HMAC).- Specified by:
getSubjectSessionKey
in interfaceAccessTokenAuthorization
- Returns:
- The subject session key,
null
if not available.
-
withData
Sets the optional data for the access token.- Parameters:
data
- The optional data, represented as a JSON object,null
if not specified.- Returns:
- This object.
-
getData
Description copied from interface:AccessTokenAuthorization
Returns the optional data for the access token.- Specified by:
getData
in interfaceAccessTokenAuthorization
- Returns:
- The optional data, represented as a JSON object,
null
if not specified.
-
withClientCertificateConfirmation
public MutableAccessTokenAuthorization withClientCertificateConfirmation(@Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation cnfX5t) Sets the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.- Parameters:
cnfX5t
- The client X.509 certificate confirmation,null
if none.- Returns:
- This object.
-
getClientCertificateConfirmation
public @Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation getClientCertificateConfirmation()Description copied from interface:AccessTokenAuthorization
Returns the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.- Specified by:
getClientCertificateConfirmation
in interfaceAccessTokenAuthorization
- Returns:
- The client X.509 certificate confirmation,
null
if none.
-
withJWKThumbprintConfirmation
public MutableAccessTokenAuthorization withJWKThumbprintConfirmation(@Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation cnfJkt) Sets the JWK SHA-256 thumbprint confirmation for DPoP.- Parameters:
cnfJkt
- The JWK thumbprint confirmation,null
if none.- Returns:
- This object.
-
getJWKThumbprintConfirmation
public @Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation getJWKThumbprintConfirmation()Description copied from interface:AccessTokenAuthorization
Returns the JWK SHA-256 thumbprint confirmation for DPoP.- Specified by:
getJWKThumbprintConfirmation
in interfaceAccessTokenAuthorization
- Returns:
- The JWK thumbprint confirmation,
null
if none.
-
withOtherTopLevelParameters
public MutableAccessTokenAuthorization withOtherTopLevelParameters(@Nullable Map<String, Object> params) Sets the other top-level parameters.- Parameters:
params
- Other top-level parameters, the values should map to JSON entities,null
if none.- Returns:
- This object.
-
getOtherTopLevelParameters
Description copied from interface:AccessTokenAuthorization
Returns a map of other top-level parameters.- Specified by:
getOtherTopLevelParameters
in interfaceAccessTokenAuthorization
- Returns:
- Other top-level parameters, the values should map to JSON
entities,
null
if none.
-
toString
-