Package com.nimbusds.openid.connect.sdk.op

Interface ReadOnlyOIDCProviderMetadata

All Superinterfaces:
ReadOnlyAuthorizationServerEndpointMetadata, ReadOnlyAuthorizationServerMetadata, ReadOnlyOIDCProviderEndpointMetadata
All Known Implementing Classes:
OIDCProviderMetadata
public interface ReadOnlyOIDCProviderMetadata extends ReadOnlyAuthorizationServerMetadata, ReadOnlyOIDCProviderEndpointMetadata
Read-only OpenID Provider (OP) metadata.

Related specifications:

  • OpenID Connect Discovery 1.0, section 3
  • OpenID Connect Session Management 1.0, section 2.1 (draft 28)
  • OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02)
  • OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 07)
  • OpenID Connect for Identity Assurance 1.0 (draft 12)
  • OpenID Connect Federation 1.0 (draft 22)
  • OAuth 2.0 Authorization Server Metadata (RFC 8414)
  • OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705)
  • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
  • OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)
  • OAuth 2.0 Rich Authorization Requests (RFC 9396)

  • Method Details

    • getReadOnlyMtlsEndpointAliases

      ReadOnlyOIDCProviderEndpointMetadata getReadOnlyMtlsEndpointAliases()
      Description copied from interface: ReadOnlyAuthorizationServerMetadata
      Gets the aliases for communication with mutual TLS. Corresponds to the mtls_endpoint_aliases metadata field.
      Specified by:
      getReadOnlyMtlsEndpointAliases in interface ReadOnlyAuthorizationServerMetadata
      Returns:
      The aliases for communication with mutual TLS, null when no aliases are defined.

    • getACRs

      List<ACR> getACRs()
      Gets the supported Authentication Context Class References (ACRs). Corresponds to the acr_values_supported metadata field.
      Returns:
      The supported ACRs, null if not specified.

    • getSubjectTypes

      List<SubjectType> getSubjectTypes()
      Gets the supported subject types. Corresponds to the subject_types_supported metadata field.
      Returns:
      The supported subject types.

    • getIDTokenJWSAlgs

      List<com.nimbusds.jose.JWSAlgorithm> getIDTokenJWSAlgs()
      Gets the supported JWS algorithms for ID tokens. Corresponds to the id_token_signing_alg_values_supported metadata field.
      Returns:
      The supported JWS algorithms, null if not specified.

    • getIDTokenJWEAlgs

      List<com.nimbusds.jose.JWEAlgorithm> getIDTokenJWEAlgs()
      Gets the supported JWE algorithms for ID tokens. Corresponds to the id_token_encryption_alg_values_supported metadata field.
      Returns:
      The supported JWE algorithms, null if not specified.

    • getIDTokenJWEEncs

      List<com.nimbusds.jose.EncryptionMethod> getIDTokenJWEEncs()
      Gets the supported encryption methods for ID tokens. Corresponds to the id_token_encryption_enc_values_supported metadata field.
      Returns:
      The supported encryption methods, null if not specified.

    • getUserInfoJWSAlgs

      List<com.nimbusds.jose.JWSAlgorithm> getUserInfoJWSAlgs()
      Gets the supported JWS algorithms for UserInfo JWTs. Corresponds to the userinfo_signing_alg_values_supported metadata field.
      Returns:
      The supported JWS algorithms, null if not specified.

    • getUserInfoJWEAlgs

      List<com.nimbusds.jose.JWEAlgorithm> getUserInfoJWEAlgs()
      Gets the supported JWE algorithms for UserInfo JWTs. Corresponds to the userinfo_encryption_alg_values_supported metadata field.
      Returns:
      The supported JWE algorithms, null if not specified.

    • getUserInfoJWEEncs

      List<com.nimbusds.jose.EncryptionMethod> getUserInfoJWEEncs()
      Gets the supported encryption methods for UserInfo JWTs. Corresponds to the userinfo_encryption_enc_values_supported metadata field.
      Returns:
      The supported encryption methods, null if not specified.

    • getDisplays

      List<Display> getDisplays()
      Gets the supported displays. Corresponds to the display_values_supported metadata field.
      Returns:
      The supported displays, null if not specified.

    • getClaimTypes

      List<ClaimType> getClaimTypes()
      Gets the supported claim types. Corresponds to the claim_types_supported metadata field.
      Returns:
      The supported claim types, null if not specified.

    • getClaims

      List<String> getClaims()
      Gets the supported claims names. Corresponds to the claims_supported metadata field.
      Returns:
      The supported claims names, null if not specified.

    • getClaimsLocales

      List<com.nimbusds.langtag.LangTag> getClaimsLocales()
      Gets the supported claims locales. Corresponds to the claims_locales_supported metadata field.
      Returns:
      The supported claims locales, null if not specified.

    • supportsClaimsParam

      boolean supportsClaimsParam()
      Gets the support for the claims authorisation request parameter. Corresponds to the claims_parameter_supported metadata field.
      Returns:
      true if the claim parameter is supported, else false.

    • supportsFrontChannelLogout

      boolean supportsFrontChannelLogout()
      Gets the support for front-channel logout. Corresponds to the frontchannel_logout_supported metadata field.
      Returns:
      true if front-channel logout is supported, else false.

    • supportsFrontChannelLogoutSession

      boolean supportsFrontChannelLogoutSession()
      Gets the support for front-channel logout with a session ID. Corresponds to the frontchannel_logout_session_supported metadata field.
      Returns:
      true if front-channel logout with a session ID is supported, else false.

    • supportsBackChannelLogout

      boolean supportsBackChannelLogout()
      Gets the support for back-channel logout. Corresponds to the backchannel_logout_supported metadata field.
      Returns:
      true if back-channel logout is supported, else false.

    • supportsBackChannelLogoutSession

      boolean supportsBackChannelLogoutSession()
      Gets the support for back-channel logout with a session ID. Corresponds to the backchannel_logout_session_supported metadata field.
      Returns:
      true if back-channel logout with a session ID is supported, else false.

    • supportsVerifiedClaims

      boolean supportsVerifiedClaims()
      Gets support for verified claims. Corresponds to the verified_claims_supported metadata field.
      Returns:
      true if verified claims are supported, else false.

    • getIdentityTrustFrameworks

      List<IdentityTrustFramework> getIdentityTrustFrameworks()
      Gets the supported identity trust frameworks. Corresponds to the trust_frameworks_supported metadata field.
      Returns:
      The supported identity trust frameworks, null if not specified.

    • getIdentityEvidenceTypes

      List<IdentityEvidenceType> getIdentityEvidenceTypes()
      Gets the supported identity evidence types. Corresponds to the evidence_supported metadata field.
      Returns:
      The supported identity evidence types, null if not specified.

    • getDocumentTypes

      List<DocumentType> getDocumentTypes()
      Gets the supported identity document types. Corresponds to the documents_supported metadata field.
      Returns:
      The supported identity document types, null if not specified.

    • getIdentityDocumentTypes

      @Deprecated List<IDDocumentType> getIdentityDocumentTypes()
      Deprecated.
      Use getDocumentTypes() instead.
      Gets the supported identity document types. Corresponds to the id_documents_supported metadata field.
      Returns:
      The supported identity documents types, null if not specified.

    • getDocumentMethods

      List<IdentityVerificationMethod> getDocumentMethods()
      Gets the supported coarse identity verification methods for evidences of type document. Corresponds to the documents_methods_supported metadata field.
      Returns:
      The supported identity verification methods for document evidences, null if not specified.

    • getDocumentValidationMethods

      List<ValidationMethodType> getDocumentValidationMethods()
      Gets the supported validation methods for evidences of type document. Corresponds to the documents_validation_methods_supported metadata field.
      Returns:
      The validation methods for document evidences, null if not specified.

    • getDocumentVerificationMethods

      List<VerificationMethodType> getDocumentVerificationMethods()
      Gets the supported verification methods for evidences of type document. Corresponds to the documents_verification_methods_supported metadata field.
      Returns:
      The verification methods for document evidences, null if not specified.

    • getElectronicRecordTypes

      List<ElectronicRecordType> getElectronicRecordTypes()
      Gets the supported electronic record types. Corresponds to the electronic_records_supported metadata field.
      Returns:
      The supported electronic record types, null if not specified.

    • getIdentityVerificationMethods

      @Deprecated List<IdentityVerificationMethod> getIdentityVerificationMethods()
      Deprecated.
      Gets the supported identity verification methods. Corresponds to the id_documents_verification_methods_supported metadata field.
      Returns:
      The supported identity verification methods, null if not specified.

    • getVerifiedClaims

      List<String> getVerifiedClaims()
      Gets the names of the supported verified claims. Corresponds to the claims_in_verified_claims_supported metadata field.
      Returns:
      The supported verified claims names, null if not specified.

    • getAttachmentTypes

      List<AttachmentType> getAttachmentTypes()
      Gets the supported evidence attachment types. Corresponds to the attachments_supported metadata field.
      Returns:
      The supported evidence attachment types, empty if attachments are not supported, null if not specified.

    • getAttachmentDigestAlgs

      List<HashAlgorithm> getAttachmentDigestAlgs()
      Gets the supported digest algorithms for the external evidence attachments. Corresponds to the digest_algorithms_supported metadata field.
      Returns:
      The supported digest algorithms, null if not specified.