Package com.nimbusds.openid.connect.sdk.rp.statement

Class SoftwareStatementProcessor<C extends com.nimbusds.jose.proc.SecurityContext>

java.lang.Object
com.nimbusds.openid.connect.sdk.rp.statement.SoftwareStatementProcessor<C>
Type Parameters:
C - Optional security context to pass to the underlying JWK source.
@ThreadSafe public class SoftwareStatementProcessor<C extends com.nimbusds.jose.proc.SecurityContext> extends Object
Processor of software statements for client registrations.

Related specifications:

  • OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591)

  • Constructor Details

    • SoftwareStatementProcessor

      public SoftwareStatementProcessor(Issuer issuer, boolean required, Set<com.nimbusds.jose.JWSAlgorithm> jwsAlgs, com.nimbusds.jose.jwk.JWKSet jwkSet)
      Creates a new software statement processor.
      Parameters:
      issuer - The allowed software statement issuer. Must not be null.
      required - If true the processed client metadata must include a software statement and if missing this will result in a invalid_software_statement error. If false client metadata with missing software statement will be returned unmodified by the processor.
      jwsAlgs - The allowed JWS algorithms of the software statements. Must not be empty or null.
      jwkSet - The public JWK set for verifying the software statement signatures.

    • SoftwareStatementProcessor

      public SoftwareStatementProcessor(Issuer issuer, boolean required, Set<com.nimbusds.jose.JWSAlgorithm> jwsAlgs, URL jwkSetURL, int connectTimeoutMs, int readTimeoutMs, int sizeLimitBytes)
      Creates a new software statement processor.
      Parameters:
      issuer - The allowed software statement issuer. Must not be null.
      required - If true the processed client metadata must include a software statement and if missing this will result in a invalid_software_statement error. If false client metadata with missing software statement will be returned unmodified by the processor.
      jwsAlgs - The allowed JWS algorithms of the software statements. Must not be empty or null.
      jwkSetURL - The public JWK set URL for verifying the software statement signatures.
      connectTimeoutMs - The HTTP connect timeout in milliseconds for retrieving the JWK set, zero implies no timeout (determined by the underlying HTTP client).
      readTimeoutMs - The HTTP read timeout in milliseconds for retrieving the JWK set, zero implies no timeout (determined by the underlying HTTP client).
      sizeLimitBytes - The HTTP entity size limit in bytes when retrieving the JWK set, zero implies no limit.

    • SoftwareStatementProcessor

      public SoftwareStatementProcessor(Issuer issuer, boolean required, Set<com.nimbusds.jose.JWSAlgorithm> jwsAlgs, com.nimbusds.jose.jwk.source.JWKSource<C> jwkSource)
      Creates a new software statement processor.
      Parameters:
      issuer - The allowed software statement issuer. Must not be null.
      required - If true the processed client metadata must include a software statement and if missing this will result in a invalid_software_statement error. If false client metadata with missing software statement will be returned unmodified by the processor.
      jwsAlgs - The allowed JWS algorithms of the software statements. Must not be empty or null.
      jwkSource - The public JWK source to use for verifying the software statement signatures.

    • SoftwareStatementProcessor

      @Deprecated public SoftwareStatementProcessor(Issuer issuer, boolean required, Set<com.nimbusds.jose.JWSAlgorithm> jwsAlgs, com.nimbusds.jose.jwk.source.JWKSource<C> jwkSource, Set<String> additionalRequiredClaims)
      Deprecated.
      Creates a new software statement processor.
      Parameters:
      issuer - The allowed software statement issuer. Must not be null.
      required - If true the processed client metadata must include a software statement and if missing this will result in a invalid_software_statement error. If false client metadata with missing software statement will be returned unmodified by the processor.
      jwsAlgs - The allowed JWS algorithms of the software statements. Must not be empty or null.
      jwkSource - The public JWK source to use for verifying the software statement signatures.
      additionalRequiredClaims - The names of any additional JWT claims other than "iss" (issuer) that must be present in the software statement, empty or null if none.

    • SoftwareStatementProcessor

      public SoftwareStatementProcessor(Issuer issuer, boolean required, Set<com.nimbusds.jose.JWSAlgorithm> jwsAlgs, Set<com.nimbusds.jose.JOSEObjectType> jwtTypes, com.nimbusds.jose.jwk.source.JWKSource<C> jwkSource, Set<String> additionalRequiredClaims)
      Creates a new software statement processor.
      Parameters:
      issuer - The allowed software statement issuer. Must not be null.
      required - If true the processed client metadata must include a software statement and if missing this will result in a invalid_software_statement error. If false client metadata with missing software statement will be returned unmodified by the processor.
      jwsAlgs - The allowed JWS algorithms of the software statements. Must not be empty or null.
      jwtTypes - The allowed JWT "typ" (type) header values of the software statements, null or empty to accept JWT or none.
      jwkSource - The public JWK source to use for verifying the software statement signatures.
      additionalRequiredClaims - The names of any additional JWT claims other than "iss" (issuer) that must be present in the software statement, empty or null if none.

  • Method Details

    • process

      public OIDCClientMetadata process(OIDCClientMetadata clientMetadata) throws InvalidSoftwareStatementException, com.nimbusds.jose.JOSEException
      Processes an optional software statement in the specified client metadata.
      Parameters:
      clientMetadata - The client metadata, must not be null.
      Returns:
      The processed client metadata, with the merged software statement.
      Throws:
      InvalidSoftwareStatementException - On a invalid or missing required software statement.
      com.nimbusds.jose.JOSEException - On a internal JOSE signature verification exception.

    • process

      public OIDCClientMetadata process(OIDCClientMetadata clientMetadata, C context) throws InvalidSoftwareStatementException, com.nimbusds.jose.JOSEException
      Processes an optional software statement in the specified client metadata.
      Parameters:
      clientMetadata - The client metadata, must not be null.
      context - Optional security context to pass to the underlying JWK source, null if not specified.
      Returns:
      The processed client metadata, with the merged software statement.
      Throws:
      InvalidSoftwareStatementException - On a invalid or missing required software statement.
      com.nimbusds.jose.JOSEException - On a internal JOSE signature verification exception.