Package com.nimbusds.openid.connect.sdk
Class OIDCClaimsRequest
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.OIDCClaimsRequest
-
- All Implemented Interfaces:
net.minidev.json.JSONAware
@Immutable public class OIDCClaimsRequest extends Object implements net.minidev.json.JSONAware
Specifies individual OpenID claims to return from the UserInfo endpoint and / or in the ID Token. Replaces the deprecatedClaimsRequest
class.Example:
{ "userinfo": { "given_name": {"essential": true}, "nickname": null, "email": {"essential": true}, "email_verified": {"essential": true}, "picture": null, "http://example.info/claims/groups": null }, "id_token": { "auth_time": {"essential": true}, "acr": {"values": ["urn:mace:incommon:iap:silver"] } } }
Related specifications:
- OpenID Connect Core 1.0, section 5.5.
- OpenID Connect for Identity Assurance 1.0.
-
-
Constructor Summary
Constructors Constructor Description OIDCClaimsRequest()
Creates a new empty OpenID claims request.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description OIDCClaimsRequest
add(OIDCClaimsRequest other)
Adds the entries from the specified other OpenID claims request.ClaimsSetRequest
getIDTokenClaimsRequest()
Returns the claims requested in the ID token.List<VerifiedClaimsSetRequest>
getIDTokenVerifiedClaimsRequestList()
Deprecated.List<VerifiedClaimsSetRequest>
getIDTokenVerifiedClaimsRequests()
Returns the list of verified claims sets requested in the ID token.ClaimsSetRequest
getUserInfoClaimsRequest()
Returns the claims requested at the UserInfo endpoint.List<VerifiedClaimsSetRequest>
getUserInfoVerifiedClaimsRequestList()
Deprecated.List<VerifiedClaimsSetRequest>
getUserInfoVerifiedClaimsRequests()
Returns the list of verified claims sets requested at the UserInfo endpoint.static OIDCClaimsRequest
parse(String json)
Parses an OpenID claims request from the specified JSON object string representation.static OIDCClaimsRequest
parse(net.minidev.json.JSONObject jsonObject)
Parses an OpenID claims request from the specified JSON object representation.static OIDCClaimsRequest
resolve(ResponseType responseType, Scope scope)
Resolves the OpenID claims request for the specified response type and scope.static OIDCClaimsRequest
resolve(ResponseType responseType, Scope scope, OIDCClaimsRequest claimsRequest)
Resolves the merged OpenID claims request from the specified OpenID authentication request parameters.static OIDCClaimsRequest
resolve(ResponseType responseType, Scope scope, OIDCClaimsRequest claimsRequest, Map<Scope.Value,Set<String>> customClaims)
Resolves the merged OpenID claims request from the specified OpenID authentication request parameters.static OIDCClaimsRequest
resolve(ResponseType responseType, Scope scope, Map<Scope.Value,Set<String>> customClaims)
Resolves the OpenID claims request for the specified response type and scope.static OIDCClaimsRequest
resolve(AuthenticationRequest authRequest)
Resolves the merged OpenID claims request for the specified OpenID authentication request.net.minidev.json.JSONObject
toJSONObject()
Returns the JSON object representation of this OpenID claims request.String
toJSONString()
String
toString()
OIDCClaimsRequest
withIDTokenClaimsRequest(ClaimsSetRequest idToken)
Sets the claims requested in the ID token.OIDCClaimsRequest
withIDTokenVerifiedClaimsRequest(VerifiedClaimsSetRequest idTokenVerified)
Deprecated.OIDCClaimsRequest
withIDTokenVerifiedClaimsRequest(VerifiedClaimsSetRequest idTokenVerified)
Sets a single verified claims set requested in the ID token.OIDCClaimsRequest
withIDTokenVerifiedClaimsRequestList(List<VerifiedClaimsSetRequest> idTokenVerifiedList)
Deprecated.OIDCClaimsRequest
withIDTokenVerifiedClaimsRequests(List<VerifiedClaimsSetRequest> idTokenVerifiedList)
Sets the list of verified claims sets requested in the ID token.OIDCClaimsRequest
withUserInfoClaimsRequest(ClaimsSetRequest userInfo)
Sets the claims requested at the UserInfo endpoint.OIDCClaimsRequest
withUserInfoVerifiedClaimsRequest(VerifiedClaimsSetRequest userInfoVerified)
Deprecated.OIDCClaimsRequest
withUserInfoVerifiedClaimsRequest(VerifiedClaimsSetRequest userInfoVerified)
Sets a single verified claims set requested at the UserInfo endpoint.OIDCClaimsRequest
withUserInfoVerifiedClaimsRequestList(List<VerifiedClaimsSetRequest> userInfoVerifiedList)
Deprecated.OIDCClaimsRequest
withUserInfoVerifiedClaimsRequests(List<VerifiedClaimsSetRequest> userInfoVerifiedList)
Sets the list of verified claims sets requested at the UserInfo endpoint.
-
-
-
Constructor Detail
-
OIDCClaimsRequest
public OIDCClaimsRequest()
Creates a new empty OpenID claims request.
-
-
Method Detail
-
add
public OIDCClaimsRequest add(OIDCClaimsRequest other)
Adds the entries from the specified other OpenID claims request.- Parameters:
other
- The other OpenID claims request. Ifnull
no claims request entries will be added to this claims request.- Returns:
- The updated OpenID claims request.
-
getIDTokenClaimsRequest
public ClaimsSetRequest getIDTokenClaimsRequest()
Returns the claims requested in the ID token.- Returns:
- The ID token claims request,
null
if not specified.
-
withIDTokenClaimsRequest
public OIDCClaimsRequest withIDTokenClaimsRequest(ClaimsSetRequest idToken)
Sets the claims requested in the ID token.- Parameters:
idToken
- The ID token claims request,null
if not specified.- Returns:
- The updated OpenID claims request.
-
getUserInfoClaimsRequest
public ClaimsSetRequest getUserInfoClaimsRequest()
Returns the claims requested at the UserInfo endpoint.- Returns:
- The UserInfo claims request,
null
if not specified.
-
withUserInfoClaimsRequest
public OIDCClaimsRequest withUserInfoClaimsRequest(ClaimsSetRequest userInfo)
Sets the claims requested at the UserInfo endpoint.- Parameters:
userInfo
- The UserInfo claims request,null
if not specified.- Returns:
- The updated OpenID claims request.
-
getIDTokenVerifiedClaimsRequests
public List<VerifiedClaimsSetRequest> getIDTokenVerifiedClaimsRequests()
Returns the list of verified claims sets requested in the ID token.- Returns:
- The ID token verified claims request list, empty list if not specified.
-
getIDTokenVerifiedClaimsRequestList
@Deprecated public List<VerifiedClaimsSetRequest> getIDTokenVerifiedClaimsRequestList()
Deprecated.Returns the list of verified claims sets requested in the ID token.- Returns:
- The ID token verified claims request list, empty list if not specified.
-
withIDTokenVerifiedClaimsRequests
public OIDCClaimsRequest withIDTokenVerifiedClaimsRequests(List<VerifiedClaimsSetRequest> idTokenVerifiedList)
Sets the list of verified claims sets requested in the ID token.- Parameters:
idTokenVerifiedList
- One or more ID token verified claims requests, empty list if not specified.- Returns:
- The updated OpenID claims request.
-
withIDTokenVerifiedClaimsRequestList
@Deprecated public OIDCClaimsRequest withIDTokenVerifiedClaimsRequestList(List<VerifiedClaimsSetRequest> idTokenVerifiedList)
Deprecated.Sets the list of verified claims sets requested in the ID token.- Parameters:
idTokenVerifiedList
- One or more ID token verified claims requests, empty list if not specified.- Returns:
- The updated OpenID claims request.
-
withIDTokenVerifiedClaimsRequest
public OIDCClaimsRequest withIDTokenVerifiedClaimsRequest(VerifiedClaimsSetRequest idTokenVerified)
Sets a single verified claims set requested in the ID token.- Parameters:
idTokenVerified
- The ID token verified claims request,null
if not specified.- Returns:
- The updated OpenID claims request.
-
withIDTokenVerifiedClaimsRequest
@Deprecated public OIDCClaimsRequest withIDTokenVerifiedClaimsRequest(VerifiedClaimsSetRequest idTokenVerified)
Deprecated.Sets a single verified claims set requested in the ID token.- Parameters:
idTokenVerified
- The ID token verified claims request,null
if not specified.- Returns:
- The updated OpenID claims request.
-
getUserInfoVerifiedClaimsRequests
public List<VerifiedClaimsSetRequest> getUserInfoVerifiedClaimsRequests()
Returns the list of verified claims sets requested at the UserInfo endpoint.- Returns:
- The UserInfo verified claims request list, empty list if not specified.
-
getUserInfoVerifiedClaimsRequestList
@Deprecated public List<VerifiedClaimsSetRequest> getUserInfoVerifiedClaimsRequestList()
Deprecated.Returns the list of verified claims sets requested at the UserInfo endpoint.- Returns:
- The UserInfo verified claims request list, empty list if not specified.
-
withUserInfoVerifiedClaimsRequests
public OIDCClaimsRequest withUserInfoVerifiedClaimsRequests(List<VerifiedClaimsSetRequest> userInfoVerifiedList)
Sets the list of verified claims sets requested at the UserInfo endpoint.- Parameters:
userInfoVerifiedList
- One or more UserInfo verified claims requests, empty list if not specified.- Returns:
- The updated OpenID claims request.
-
withUserInfoVerifiedClaimsRequestList
@Deprecated public OIDCClaimsRequest withUserInfoVerifiedClaimsRequestList(List<VerifiedClaimsSetRequest> userInfoVerifiedList)
Deprecated.Sets the list of verified claims sets requested at the UserInfo endpoint.- Parameters:
userInfoVerifiedList
- One or more UserInfo verified claims requests, empty list if not specified.- Returns:
- The updated OpenID claims request.
-
withUserInfoVerifiedClaimsRequest
public OIDCClaimsRequest withUserInfoVerifiedClaimsRequest(VerifiedClaimsSetRequest userInfoVerified)
Sets a single verified claims set requested at the UserInfo endpoint.- Parameters:
userInfoVerified
- The UserInfo verified claims request,null
if not specified.- Returns:
- The updated OpenID claims request.
-
withUserInfoVerifiedClaimsRequest
@Deprecated public OIDCClaimsRequest withUserInfoVerifiedClaimsRequest(VerifiedClaimsSetRequest userInfoVerified)
Deprecated.Sets a single verified claims set requested at the UserInfo endpoint.- Parameters:
userInfoVerified
- The UserInfo verified claims request,null
if not specified.- Returns:
- The updated OpenID claims request.
-
toJSONObject
public net.minidev.json.JSONObject toJSONObject()
Returns the JSON object representation of this OpenID claims request.Example:
{ "userinfo": { "given_name": {"essential": true}, "nickname": null, "email": {"essential": true}, "email_verified": {"essential": true}, "picture": null, "http://example.info/claims/groups": null }, "id_token": { "auth_time": {"essential": true}, "acr": {"values": ["urn:mace:incommon:iap:silver"] } } }
- Returns:
- The JSON object, empty if no ID token and UserInfo claims are specified.
-
toJSONString
public String toJSONString()
- Specified by:
toJSONString
in interfacenet.minidev.json.JSONAware
-
resolve
public static OIDCClaimsRequest resolve(ResponseType responseType, Scope scope)
Resolves the OpenID claims request for the specified response type and scope. The scope values that arestandard OpenID scope values
are resolved to their respective individual claims requests, any other scope values are ignored.- Parameters:
responseType
- The response type. Must not benull
.scope
- The scope,null
if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).- Returns:
- The OpenID claims request.
-
resolve
public static OIDCClaimsRequest resolve(ResponseType responseType, Scope scope, Map<Scope.Value,Set<String>> customClaims)
Resolves the OpenID claims request for the specified response type and scope. The scope values that arestandard OpenID scope values
are resolved to their respective individual claims requests, any other scope values are checked in the specified custom claims map and resolved accordingly.- Parameters:
responseType
- The response type. Must not benull
.scope
- The scope,null
if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).customClaims
- Custom scope value to set of claim names map,null
if not specified.- Returns:
- The OpenID claims request.
-
resolve
public static OIDCClaimsRequest resolve(ResponseType responseType, Scope scope, OIDCClaimsRequest claimsRequest)
Resolves the merged OpenID claims request from the specified OpenID authentication request parameters. The scope values that arestandard OpenID scope values
are resolved to their respective individual claims requests, any other scope values are ignored.- Parameters:
responseType
- The response type. Must not benull
.scope
- The scope,null
if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).claimsRequest
- The OpenID claims request, corresponding to the optionalclaims
OpenID authentication request parameter,null
if not specified.- Returns:
- The merged OpenID claims request.
-
resolve
public static OIDCClaimsRequest resolve(ResponseType responseType, Scope scope, OIDCClaimsRequest claimsRequest, Map<Scope.Value,Set<String>> customClaims)
Resolves the merged OpenID claims request from the specified OpenID authentication request parameters. The scope values that arestandard OpenID scope values
are resolved to their respective individual claims requests, any other scope values are checked in the specified custom claims map and resolved accordingly.- Parameters:
responseType
- The response type. Must not benull
.scope
- The scope,null
if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).claimsRequest
- The OpenID claims request, corresponding to the optionalclaims
OpenID authentication request parameter,null
if not specified.customClaims
- Custom scope value to set of claim names map,null
if not specified.- Returns:
- The merged OpenID claims request.
-
resolve
public static OIDCClaimsRequest resolve(AuthenticationRequest authRequest)
Resolves the merged OpenID claims request for the specified OpenID authentication request. The scope values that arestandard OpenID scope values
are resolved to their respective individual claims requests, any other scope values are ignored.- Parameters:
authRequest
- The OpenID authentication request. Must not benull
.- Returns:
- The merged OpenID claims request.
-
parse
public static OIDCClaimsRequest parse(net.minidev.json.JSONObject jsonObject) throws ParseException
Parses an OpenID claims request from the specified JSON object representation.Example:
{ "userinfo": { "given_name": {"essential": true}, "nickname": null, "email": {"essential": true}, "email_verified": {"essential": true}, "picture": null, "http://example.info/claims/groups": null }, "id_token": { "auth_time": {"essential": true}, "acr": {"values": ["urn:mace:incommon:iap:silver"] } } }
- Parameters:
jsonObject
- The JSON object to parse. Must not benull
.- Returns:
- The OpenID claims request.
- Throws:
ParseException
- If parsing failed.
-
parse
public static OIDCClaimsRequest parse(String json) throws ParseException
Parses an OpenID claims request from the specified JSON object string representation.Example:
{ "userinfo": { "given_name": {"essential": true}, "nickname": null, "email": {"essential": true}, "email_verified": {"essential": true}, "picture": null, "http://example.info/claims/groups": null }, "id_token": { "auth_time": {"essential": true}, "acr": {"values": ["urn:mace:incommon:iap:silver"] } } }
- Parameters:
json
- The JSON object string to parse. Must not benull
.- Returns:
- The OpenID claims request.
- Throws:
ParseException
- If parsing failed.
-
-