Connect2id Server SDK 5.2 API
Connect2id Server SDK
SDK for developing Connect2id Server connectors and extensions
- Java Service Provider Interface (SPI) for sourcing OpenID Connect claims about a subject (end-user), such as email, name, phone number and address. Used by the Connect2id Server in its OpenID Connect Provider (OP) role to aggregate claims from one or more sources (LDAP, RDMBS, etc).
- SPI for handling resource owner password credential grants (see RFC 6749, section 4.3). Used by the Connect2id Server to delegate validation of the submitted username / password and authorisation for the requested token.
- SPI for handling client credential grants (see RFC 6749, section 4.4). Used by the Connect2id Server to delegate authorisation for the requested token.
- SPI for handling client-issued (self-issued) JWT bearer assertion grants (see RFC 7523, section 2.1). Used by the Connect2id server to delegate authorisation for the requested token.
- SPI for handling third-party issued JWT bearer assertion grants (see RFC 7523, section 2.1). Used by the Connect2id server to delegate validation of the JWT and authorisation for the requested token.
- SPI for handling client-issued (self-issued) SAML 2.0 bearer assertion grants (see RFC 7522, section 2.1). Used by the Connect2id server to delegate authorisation for the requested token.
- SPI for handling third-party issued SAML 2.0 bearer assertion grants (see RFC 7522, section 2.1). Used by the Connect2id server to delegate validation of the SAML 2.0 assertion and authorisation for the requested token.
- SPI for sourcing Java properties to be merged into the system properties at Connect2id server startup. Can be used to override selected or all Connect2id server configuration properties.
- SPIs for listening to ID and access token issue events.
- SPI for encoding and decoding authorisations for self-contained access tokens into JWT claims sets. Configurable via Connect2id server properties.
- SPI for generating and decoding identifier-based access tokens. Configurable via Connect2id server properties.
- SPI for customising token success and error response. Can be used to include additional parameters in the token response, such as an "authorization_details" parameter required in OAuth 2.0 Rich Authorization Requests.
- SPI for shaping token introspection responses (RFC 7662, section 2.2). May be used to return only scopes specific to the requesting protected resource, in order to prevent leaking of authorisation information when issuing tokens for multiple resources.
- SPI for intercepting HTTP requests at the client registration endpoint. Can be used to process software statements (RFC 7591, section 2.3) and signed (JWT) registration requests.
- SPI for performing additional validation of metadata of OAuth 2.0 clients and OpenID Connect relying parties during registration (initial and update).
- SPI for performing additional validation and optional modification of received OAuth 2.0 authorisation / OpenID authentication requests.
- SPI for performing additional validation and optional modification of received Pushed Authorisation Requests (PAR).
- SPI for encoding client secrets before persisting them to storage.
Download
Official releases of the Connect2id Server toolkit are pushed to Maven Central under
GroupId: com.nimbusds
ArtifactId: c2id-server-sdk
These include the library’s source code, compiled JAR and JavaDocs.
To add the SDK to your Maven project use the following template:
<dependency> <groupId>com.nimbusds</groupId> <artifactId>c2id-server-sdk</artifactId> <version>[version]</version> </dependency>
where [version]
should match the expected by the particular
Connect2id Server version you're running.
Questions or comments?
Email [email protected]
Package
Description
Common SPI classes.
Authorisation request SPI classes.
OpenID Connect claims source SPIs.
Client authentication SPIs.
Configuration related SPIs.
Cryptographic services exposed by the Connect2id server to selected SPIs.
Event listener SPIs.
OAuth 2.0 authorisation grant handler SPIs.
Interfaces representing common internal Connect2id server objects.
Session store object interfaces.
Pushed authorisation request (PAR) SPI classes.
Client / relying party registration SPIs.
Client secret encoding and decoding SPI.
Token generation, encoding and decoding SPIs.
OAuth 2.0 token introspection related SPI.
Token response customisation.