Package com.nimbusds.openid.connect.provider.spi.claims

Interface ClaimsSourceRequestContext

All Superinterfaces:
InvocationContext
public interface ClaimsSourceRequestContext extends InvocationContext
OpenID Connect claims request context. The supplied context parameters can be used in the processing and accounting of a claims request.

  • Method Summary

    Modifier and Type
    Method
    Description
    @Nullable net.minidev.json.JSONObject
    getClaimsData()
    Returns the optional claims fulfillment data.
    com.nimbusds.openid.connect.sdk.claims.ClaimsTransport
    getClaimsTransport()
    Returns the claims transport, if applicable.
    @Nullable com.nimbusds.oauth2.sdk.id.ClientID
    getClientID()
    Returns the identifier of the OAuth 2.0 client (client_id).
    @Nullable String
    getClientIPAddress()
    Returns the client IP address.
    @Nullable com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation
    getOIDCClientInformation()
    Returns the registered client information.
    @Nullable com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation
    getOIDCClientInformation(com.nimbusds.oauth2.sdk.id.ClientID clientID)
    Returns the registered client information for the specified client_id.
    default @Nullable SubjectSession
    getSubjectSession()
    Returns the associated subject (end-user) session where the claims sourcing was authorised.
    default @Nullable SubjectSessionID
    getSubjectSessionID()
    Returns the ID of the associated subject (end-user) session where the claims sourcing was authorised.
    @Nullable com.nimbusds.oauth2.sdk.token.AccessToken
    getUserInfoAccessToken()
    Returns the received and successfully validated UserInfo access token for the claims request.

    Methods inherited from interface com.nimbusds.openid.connect.provider.spi.InvocationContext

    getIssuer

  • Method Details

    • getClaimsTransport

      com.nimbusds.openid.connect.sdk.claims.ClaimsTransport getClaimsTransport()
      Returns the claims transport, if applicable.
      Returns:
      UserInfo or ID token, null if the claims source SPI is invoked for another purpose (e.g. in a TokenEncoderContext).

    • getClaimsData

      @Nullable net.minidev.json.JSONObject getClaimsData()
      Returns the optional claims fulfillment data.
      Returns:
      The claims fulfillment data, null if not specified.

    • getClientID

      @Nullable com.nimbusds.oauth2.sdk.id.ClientID getClientID()
      Returns the identifier of the OAuth 2.0 client (client_id).
      Returns:
      The client ID. May be null for a claims source request triggered within an SPI request context where the client_id cannot be resolved.

    • getOIDCClientInformation

      @Nullable com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation getOIDCClientInformation()
      Returns the registered client information.
      Returns:
      The registered client information. May be null for a claims source request triggered within an SPI request context where the client_id cannot be resolved.

    • getOIDCClientInformation

      @Nullable com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation getOIDCClientInformation(com.nimbusds.oauth2.sdk.id.ClientID clientID)
      Returns the registered client information for the specified client_id.
      Parameters:
      clientID - The client ID.
      Returns:
      The registered client information, null if the client_id is invalid.

    • getClientIPAddress

      @Nullable String getClientIPAddress()
      Returns the client IP address.
      Returns:
      The client IP address, null if not available.

    • getUserInfoAccessToken

      @Nullable com.nimbusds.oauth2.sdk.token.AccessToken getUserInfoAccessToken()
      Returns the received and successfully validated UserInfo access token for the claims request. If a claims request is triggered in a OpenID Connect implicit and hybrid flows, where the claims are returned as part of the ID token, an access token is not involved and hence not returned by this method.

      The claims source may use the UserInfo access token for the retrieval of aggregated and distributed claims, where the same token is recognised by the upstream claims providers. See OpenID Connect Core 1.0, section 5.6.

      Returns:
      The UserInfo access token, null if the claims request wasn't triggered by a UserInfo request.

    • getSubjectSessionID

      default @Nullable SubjectSessionID getSubjectSessionID()
      Returns the ID of the associated subject (end-user) session where the claims sourcing was authorised.
      Returns:
      The subject session ID, null if closed or expired, or not available (due to the session key not being encoded into the access token where applicable, or other reasons).

    • getSubjectSession

      default @Nullable SubjectSession getSubjectSession()
      Returns the associated subject (end-user) session where the claims sourcing was authorised.

      The subject session is supplied in the following cases:

      • Claims sourcing for the UserInfo endpoint where the subject session where the claims consent occurred is still present (not expired or closed)
      • Claims sourcing for ID token issue in response to an OAuth 2.0 authorisation code, implicit (including OpenID Connect hybrid response type) and refresh token grants.
      • Claims sourcing for a direct authorisation request where a valid subject session ID was supplied, or a new subject session was created.
      Returns:
      The subject session, null if closed or expired, or not available (due to the session key not being encoded into the access token where applicable, or other reasons).