Package com.nimbusds.openid.connect.provider.spi.grants

Class ThirdPartyAssertionAuthorization

java.lang.Object
com.nimbusds.openid.connect.provider.spi.grants.GrantAuthorization
com.nimbusds.openid.connect.provider.spi.grants.SubjectAuthorization
com.nimbusds.openid.connect.provider.spi.grants.ThirdPartyAssertionAuthorization
@Immutable public class ThirdPartyAssertionAuthorization extends SubjectAuthorization
Authorisation produced by a grant handler of assertions (SAML 2.0 or JWT bearer) issued by a third-party security token service.

Required authorisation details:

  • The subject (end-user).
  • The client identifier, must be registered with the Connect2id server.
  • The authorised scope.

All other parameters are optional or have suitable defaults.

  • Constructor Details

    • ThirdPartyAssertionAuthorization

      public ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.Scope scope)
      Creates a new authorisation for a third-party issued assertion grant where the client acts on behalf of a user.

      See RFC 7521, section 6.3.

      Parameters:
      subject - The subject (end-user). Must not be null.
      clientID - The client identifier. Must be registered with the Connect2id server. Must not be null.
      scope - The authorised scope values. Must not be null.

    • ThirdPartyAssertionAuthorization

      public ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.Scope scope, AccessTokenSpec accessTokenSpec, IDTokenSpec idTokenSpec, ClaimsSpec claimsSpec, @Nullable net.minidev.json.JSONObject data)
      Creates a new authorisation for a third-party issued assertion grant where the client acts on behalf of a user.

      See RFC 7521, section 6.3.

      Parameters:
      subject - The subject (end-user). Must not be null.
      clientID - The client identifier. Must be registered with the Connect2id server. Must not be null.
      scope - The authorised scope values. Must not be null.
      accessTokenSpec - The access token specification. Must not be null.
      idTokenSpec - The ID token specification. Must not be null.
      claimsSpec - The OpenID claims specification. Must not be null.
      data - Additional data as a JSON object, null if not specified.

    • ThirdPartyAssertionAuthorization

      public ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.ClientID subject, com.nimbusds.oauth2.sdk.Scope scope)
      Creates a new authorisation for a third-party issued assertion grant where the client acts on its own behalf.

      See RFC 7521, section 6.2.

      Parameters:
      subject - The client identifier. Must be registered with the Connect2id server. Must not be null.
      scope - The authorised scope values. Must not be null.

    • ThirdPartyAssertionAuthorization

      public ThirdPartyAssertionAuthorization(com.nimbusds.oauth2.sdk.id.ClientID subject, com.nimbusds.oauth2.sdk.Scope scope, AccessTokenSpec accessTokenSpec, @Nullable net.minidev.json.JSONObject data)
      Creates a new authorisation for a third-party issued assertion grant where the client acts on its own behalf.

      See RFC 7521, section 6.2.

      Parameters:
      subject - The client identifier. Must be registered with the Connect2id server. Must not be null.
      scope - The authorised scope values. Must not be null.
      accessTokenSpec - The access token specification. Must not be null.
      data - Additional data as a JSON object, null if not specified.

  • Method Details

    • getClientID

      public com.nimbusds.oauth2.sdk.id.ClientID getClientID()
      Returns the authorised client.
      Returns:
      The authorised client identifier, null if not specified.

    • toJSONObject

      public net.minidev.json.JSONObject toJSONObject()
      Description copied from class: GrantAuthorization
      Returns a JSON object representation of this authorisation.
      Overrides:
      toJSONObject in class SubjectAuthorization
      Returns:
      The JSON object representation.

    • parse

      public static ThirdPartyAssertionAuthorization parse(net.minidev.json.JSONObject jsonObject) throws com.nimbusds.oauth2.sdk.ParseException
      Parses a third-party assertion grant authorisation from the specified JSON object.
      Parameters:
      jsonObject - The JSON object to parse. Must not be null.
      Returns:
      The authorisation.
      Throws:
      com.nimbusds.oauth2.sdk.ParseException - If parsing failed.

    • parse

      public static ThirdPartyAssertionAuthorization parse(String json) throws com.nimbusds.oauth2.sdk.ParseException
      Parses a third-party assertion grant authorisation from the specified JSON object string.
      Parameters:
      json - The JSON object string to parse. Must not be null.
      Returns:
      The authorisation.
      Throws:
      com.nimbusds.oauth2.sdk.ParseException - If parsing failed.