001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.as; 019 020 021import com.nimbusds.oauth2.sdk.ParseException; 022import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 023import com.nimbusds.oauth2.sdk.util.OrderedJSONObject; 024import net.minidev.json.JSONObject; 025 026import java.net.URI; 027import java.util.Collections; 028import java.util.HashSet; 029import java.util.Set; 030 031 032/** 033 * OAuth 2.0 Authorisation Server (AS) endpoint metadata. 034 * 035 * <p>Related specifications: 036 * 037 * <ul> 038 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 039 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 040 * Access Tokens (RFC 8705) 041 * <li>OAuth 2.0 Pushed Authorization Requests (RFC 9126) 042 * <li>OAuth 2.0 Device Authorization Grant (RFC 8628) 043 * <li>OpenID Connect Client Initiated Backchannel Authentication Flow - 044 * Core 1.0 045 * <li>OpenID Federation 1.0 046 * </ul> 047 */ 048public class AuthorizationServerEndpointMetadata implements ReadOnlyAuthorizationServerEndpointMetadata { 049 050 /** 051 * The registered parameter names. 052 */ 053 private static final Set<String> REGISTERED_PARAMETER_NAMES; 054 055 056 static { 057 Set<String> p = new HashSet<>(); 058 p.add("authorization_endpoint"); 059 p.add("token_endpoint"); 060 p.add("registration_endpoint"); 061 p.add("introspection_endpoint"); 062 p.add("revocation_endpoint"); 063 p.add("request_object_endpoint"); 064 p.add("pushed_authorization_request_endpoint"); 065 p.add("device_authorization_endpoint"); 066 p.add("backchannel_authentication_endpoint"); 067 p.add("federation_registration_endpoint"); 068 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 069 } 070 071 072 /** 073 * Gets the registered provider metadata parameter names for endpoints. 074 * 075 * @return The registered provider metadata parameter names for 076 * endpoints, as an unmodifiable set. 077 */ 078 public static Set<String> getRegisteredParameterNames() { 079 080 return REGISTERED_PARAMETER_NAMES; 081 } 082 083 084 /** 085 * The authorisation endpoint. 086 */ 087 private URI authzEndpoint; 088 089 090 /** 091 * The token endpoint. 092 */ 093 private URI tokenEndpoint; 094 095 096 /** 097 * The registration endpoint. 098 */ 099 private URI regEndpoint; 100 101 102 /** 103 * The token introspection endpoint. 104 */ 105 private URI introspectionEndpoint; 106 107 108 /** 109 * The token revocation endpoint. 110 */ 111 private URI revocationEndpoint; 112 113 114 /** 115 * The request object endpoint. 116 */ 117 private URI requestObjectEndpoint; 118 119 120 /** 121 * The pushed request object endpoint. 122 */ 123 private URI parEndpoint; 124 125 126 /** 127 * The device authorization endpoint. 128 */ 129 private URI deviceAuthzEndpoint; 130 131 132 /** 133 * The back-channel authentication endpoint. 134 */ 135 private URI backChannelAuthEndpoint; 136 137 138 /** 139 * The federation registration endpoint. 140 */ 141 private URI federationRegistrationEndpoint; 142 143 144 /** 145 * Creates a new OAuth 2.0 Authorisation Server (AS) endpoint metadata 146 * instance. 147 */ 148 public AuthorizationServerEndpointMetadata() { 149 } 150 151 152 @Override 153 public URI getAuthorizationEndpointURI() { 154 return authzEndpoint; 155 } 156 157 158 /** 159 * Sets the authorisation endpoint URI. Corresponds the 160 * {@code authorization_endpoint} metadata field. 161 * 162 * @param authzEndpoint The authorisation endpoint URI, {@code null} if 163 * not specified. 164 */ 165 public void setAuthorizationEndpointURI(final URI authzEndpoint) { 166 this.authzEndpoint = authzEndpoint; 167 } 168 169 170 @Override 171 public URI getTokenEndpointURI() { 172 return tokenEndpoint; 173 } 174 175 176 /** 177 * Sts the token endpoint URI. Corresponds the {@code token_endpoint} 178 * metadata field. 179 * 180 * @param tokenEndpoint The token endpoint URI, {@code null} if not 181 * specified. 182 */ 183 public void setTokenEndpointURI(final URI tokenEndpoint) { 184 this.tokenEndpoint = tokenEndpoint; 185 } 186 187 188 @Override 189 public URI getRegistrationEndpointURI() { 190 return regEndpoint; 191 } 192 193 194 /** 195 * Sets the client registration endpoint URI. Corresponds to the 196 * {@code registration_endpoint} metadata field. 197 * 198 * @param regEndpoint The client registration endpoint URI, 199 * {@code null} if not specified. 200 */ 201 public void setRegistrationEndpointURI(final URI regEndpoint) { 202 this.regEndpoint = regEndpoint; 203 } 204 205 206 @Override 207 public URI getIntrospectionEndpointURI() { 208 return introspectionEndpoint; 209 } 210 211 212 /** 213 * Sets the token introspection endpoint URI. Corresponds to the 214 * {@code introspection_endpoint} metadata field. 215 * 216 * @param introspectionEndpoint The token introspection endpoint URI, 217 * {@code null} if not specified. 218 */ 219 public void setIntrospectionEndpointURI(final URI introspectionEndpoint) { 220 this.introspectionEndpoint = introspectionEndpoint; 221 } 222 223 224 @Override 225 public URI getRevocationEndpointURI() { 226 return revocationEndpoint; 227 } 228 229 230 /** 231 * Sets the token revocation endpoint URI. Corresponds to the 232 * {@code revocation_endpoint} metadata field. 233 * 234 * @param revocationEndpoint The token revocation endpoint URI, 235 * {@code null} if not specified. 236 */ 237 public void setRevocationEndpointURI(final URI revocationEndpoint) { 238 this.revocationEndpoint = revocationEndpoint; 239 } 240 241 242 @Override 243 @Deprecated 244 public URI getRequestObjectEndpoint() { 245 return requestObjectEndpoint; 246 } 247 248 249 /** 250 * Sets the request object endpoint. Corresponds to the 251 * {@code request_object_endpoint} metadata field. 252 * 253 * @param requestObjectEndpoint The request object endpoint, 254 * {@code null} if not specified. 255 */ 256 @Deprecated 257 public void setRequestObjectEndpoint(final URI requestObjectEndpoint) { 258 this.requestObjectEndpoint = requestObjectEndpoint; 259 } 260 261 262 @Override 263 public URI getPushedAuthorizationRequestEndpointURI() { 264 return parEndpoint; 265 } 266 267 268 /** 269 * Gets the pushed authorisation request endpoint. Corresponds to the 270 * {@code pushed_authorization_request_endpoint} metadata field. 271 * 272 * @param parEndpoint The pushed authorisation request endpoint, 273 * {@code null} if not specified. 274 */ 275 public void setPushedAuthorizationRequestEndpointURI(final URI parEndpoint) { 276 this.parEndpoint = parEndpoint; 277 } 278 279 280 @Override 281 public URI getDeviceAuthorizationEndpointURI() { 282 return deviceAuthzEndpoint; 283 } 284 285 286 /** 287 * Sets the device authorization endpoint URI. Corresponds the 288 * {@code device_authorization_endpoint} metadata field. 289 * 290 * @param deviceAuthzEndpoint The device authorization endpoint URI, 291 * {@code null} if not specified. 292 */ 293 public void setDeviceAuthorizationEndpointURI(final URI deviceAuthzEndpoint) { 294 this.deviceAuthzEndpoint = deviceAuthzEndpoint; 295 } 296 297 298 @Override 299 public URI getBackChannelAuthenticationEndpointURI() { 300 return backChannelAuthEndpoint; 301 } 302 303 304 @Deprecated 305 @Override 306 public URI getBackChannelAuthenticationEndpoint() { 307 return getBackChannelAuthenticationEndpointURI(); 308 } 309 310 311 /** 312 * Sets the back-channel authentication endpoint URI. Corresponds the 313 * {@code backchannel_authentication_endpoint} metadata field. 314 * 315 * @param backChannelAuthEndpoint The back-channel authentication e 316 * endpoint URI, {@code null} if not 317 * specified. 318 */ 319 public void setBackChannelAuthenticationEndpointURI(final URI backChannelAuthEndpoint) { 320 this.backChannelAuthEndpoint = backChannelAuthEndpoint; 321 } 322 323 324 /** 325 * Sets the back-channel authentication endpoint URI. Corresponds the 326 * {@code backchannel_authentication_endpoint} metadata field. 327 * 328 * @deprecated Use {@link #setBackChannelAuthenticationEndpointURI} 329 * instead. 330 * 331 * @param backChannelAuthEndpoint The back-channel authentication e 332 * endpoint URI, {@code null} if not 333 * specified. 334 */ 335 @Deprecated 336 public void setBackChannelAuthenticationEndpoint(final URI backChannelAuthEndpoint) { 337 setBackChannelAuthenticationEndpointURI(backChannelAuthEndpoint); 338 } 339 340 341 @Override 342 public URI getFederationRegistrationEndpointURI() { 343 return federationRegistrationEndpoint; 344 } 345 346 347 /** 348 * Sets the federation registration endpoint URI. Corresponds to the 349 * {@code federation_registration_endpoint} metadata field. 350 * 351 * @param federationRegistrationEndpoint The federation registration 352 * endpoint URI, {@code null} if 353 * not specified. 354 */ 355 public void setFederationRegistrationEndpointURI(final URI federationRegistrationEndpoint) { 356 this.federationRegistrationEndpoint = federationRegistrationEndpoint; 357 } 358 359 360 @Override 361 public JSONObject toJSONObject() { 362 363 JSONObject o = new OrderedJSONObject(); 364 365 if (getAuthorizationEndpointURI() != null) 366 o.put("authorization_endpoint", getAuthorizationEndpointURI().toString()); 367 368 if (getTokenEndpointURI() != null) 369 o.put("token_endpoint", getTokenEndpointURI().toString()); 370 371 if (getRegistrationEndpointURI() != null) 372 o.put("registration_endpoint", getRegistrationEndpointURI().toString()); 373 374 if (getIntrospectionEndpointURI() != null) 375 o.put("introspection_endpoint", getIntrospectionEndpointURI().toString()); 376 377 if (getRevocationEndpointURI() != null) 378 o.put("revocation_endpoint", getRevocationEndpointURI().toString()); 379 380 if (getRequestObjectEndpoint() != null) 381 o.put("request_object_endpoint", getRequestObjectEndpoint().toString()); 382 383 if (getPushedAuthorizationRequestEndpointURI() != null) 384 o.put("pushed_authorization_request_endpoint", getPushedAuthorizationRequestEndpointURI().toString()); 385 386 if (getDeviceAuthorizationEndpointURI() != null) 387 o.put("device_authorization_endpoint", getDeviceAuthorizationEndpointURI().toString()); 388 389 if (getBackChannelAuthenticationEndpointURI() != null) 390 o.put("backchannel_authentication_endpoint", getBackChannelAuthenticationEndpointURI().toString()); 391 392 if (getFederationRegistrationEndpointURI() != null) 393 o.put("federation_registration_endpoint", getFederationRegistrationEndpointURI().toString()); 394 395 return o; 396 } 397 398 399 @Override 400 public String toString() { 401 return toJSONObject().toJSONString(); 402 } 403 404 405 /** 406 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 407 * JSON object. 408 * 409 * @param jsonObject The JSON object to parse. Must not be 410 * {@code null}. 411 * 412 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 413 * 414 * @throws ParseException If the JSON object couldn't be parsed to an 415 * OAuth 2.0 Authorisation Server endpoint metadata. 416 */ 417 public static AuthorizationServerEndpointMetadata parse(final JSONObject jsonObject) 418 throws ParseException { 419 420 AuthorizationServerEndpointMetadata as = new AuthorizationServerEndpointMetadata(); 421 as.authzEndpoint = JSONObjectUtils.getURI(jsonObject, "authorization_endpoint", null); 422 as.tokenEndpoint = JSONObjectUtils.getURI(jsonObject, "token_endpoint", null); 423 as.regEndpoint = JSONObjectUtils.getURI(jsonObject, "registration_endpoint", null); 424 as.introspectionEndpoint = JSONObjectUtils.getURI(jsonObject, "introspection_endpoint", null); 425 as.revocationEndpoint = JSONObjectUtils.getURI(jsonObject, "revocation_endpoint", null); 426 as.requestObjectEndpoint = JSONObjectUtils.getURI(jsonObject, "request_object_endpoint", null); 427 as.parEndpoint = JSONObjectUtils.getURI(jsonObject, "pushed_authorization_request_endpoint", null); 428 as.deviceAuthzEndpoint = JSONObjectUtils.getURI(jsonObject, "device_authorization_endpoint", null); 429 as.backChannelAuthEndpoint = JSONObjectUtils.getURI(jsonObject, "backchannel_authentication_endpoint", null); 430 as.federationRegistrationEndpoint = JSONObjectUtils.getURI(jsonObject, "federation_registration_endpoint", null); 431 return as; 432 } 433}