Package com.nimbusds.oauth2.sdk

Class AuthorizationResponse

java.lang.Object
com.nimbusds.oauth2.sdk.AuthorizationResponse
All Implemented Interfaces:
Message, Response
Direct Known Subclasses:
AuthorizationErrorResponse, AuthorizationSuccessResponse
public abstract class AuthorizationResponse extends Object implements Response
The base abstract class for authorisation success and error responses.

Related specifications:

  • OAuth 2.0 (RFC 6749)
  • OAuth 2.0 Multiple Response Type Encoding Practices 1.0
  • OAuth 2.0 Form Post Response Mode 1.0
  • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
  • OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)

  • Constructor Details

    • AuthorizationResponse

      protected AuthorizationResponse(URI redirectURI, State state, Issuer issuer, ResponseMode rm)
      Creates a new authorisation response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      state - The state, null if not requested.
      issuer - The issuer, null if not specified.
      rm - The response mode, null if not specified.

    • AuthorizationResponse

      protected AuthorizationResponse(URI redirectURI, com.nimbusds.jwt.JWT jwtResponse, ResponseMode rm)
      Creates a new JSON Web Token (JWT) secured authorisation response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      jwtResponse - The JWT response. Must not be null.
      rm - The response mode, null if not specified.

  • Method Details

    • getRedirectionURI

      public URI getRedirectionURI()
      Returns the base redirection URI.
      Returns:
      The base redirection URI.

    • getState

      public State getState()
      Returns the optional state.
      Returns:
      The state, null if not requested or if the response is JWT-secured in which case the state parameter may be included as a JWT claim.

    • getIssuer

      public Issuer getIssuer()
      Returns the optional issuer.
      Returns:
      The issuer, null if not specified.

    • getJWTResponse

      public com.nimbusds.jwt.JWT getJWTResponse()
      Returns the JSON Web Token (JWT) secured response.
      Returns:
      The JWT-secured response, null for a regular authorisation response.

    • getResponseMode

      public ResponseMode getResponseMode()
      Returns the optional explicit response mode.
      Returns:
      The response mode, null if not specified.

    • impliedResponseMode

      public abstract ResponseMode impliedResponseMode()
      Determines the implied response mode.
      Returns:
      The implied response mode.

    • toParameters

      public abstract Map<String,List<String>> toParameters()
      Returns the parameters of this authorisation response.

      Example parameters (authorisation success): 

       access_token = 2YotnFZFEjr1zCsicMWpAA
 state = xyz
 token_type = example
 expires_in = 3600
      Returns:
      The parameters as a map.

    • toURI

      public URI toURI()
      Returns a URI representation (redirection URI + fragment / query string) of this authorisation response.

      Example URI: 

       https://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA
 &state=xyz
 &token_type=example
 &expires_in=3600
      Returns:
      A URI representation of this authorisation response.

    • toHTTPResponse

      public HTTPResponse toHTTPResponse()
      Returns an HTTP response for this authorisation response. Applies to the query or fragment response mode using HTTP 302 redirection.

      Example HTTP response (authorisation success): 

       HTTP/1.1 302 Found
 Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA
 &state=xyz
 &token_type=example
 &expires_in=3600
      Specified by:
      toHTTPResponse in interface Response
      Returns:
      An HTTP response for this authorisation response.
      See Also:

    • toHTTPRequest

      public HTTPRequest toHTTPRequest()
      Returns an HTTP request for this authorisation response. Applies to the form_post response mode.

      Example HTTP request (authorisation success): 

       GET /cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz HTTP/1.1
 Host: client.example.com
      Returns:
      An HTTP request for this authorisation response.
      See Also:

    • toSuccessResponse

      public AuthorizationSuccessResponse toSuccessResponse()
      Casts this response to an authorisation success response.
      Returns:
      The authorisation success response.

    • toErrorResponse

      public AuthorizationErrorResponse toErrorResponse()
      Casts this response to an authorisation error response.
      Returns:
      The authorisation error response.

    • parse

      public static AuthorizationResponse parse(URI redirectURI, Map<String,List<String>> params) throws ParseException
      Parses an authorisation response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      params - The response parameters to parse. Must not be null.
      Returns:
      The authorisation success or error response.
      Throws:
      ParseException - If the parameters couldn't be parsed to an authorisation success or error response.

    • parse

      public static AuthorizationResponse parse(URI redirectURI, Map<String,List<String>> params, JARMValidator jarmValidator) throws ParseException
      Parses an authorisation response which may be JSON Web Token (JWT) secured.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      params - The response parameters to parse. Must not be null.
      jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM), null if a plain response is expected.
      Returns:
      The authorisation success or error response.
      Throws:
      ParseException - If the parameters couldn't be parsed to an authorisation success or error response, or if validation of the JWT secured response failed.

    • parse

      public static AuthorizationResponse parse(URI uri) throws ParseException
      Parses an authorisation response.

      Use a relative URI if the host, port and path details are not known: 

       URI relUrl = new URI("https:///?code=Qcb0Orv1...&state=af0ifjsldkj");
      Parameters:
      uri - The URI to parse. Can be absolute or relative, with a fragment or query string containing the authorisation response parameters. Must not be null.
      Returns:
      The authorisation success or error response.
      Throws:
      ParseException - If no authorisation response parameters were found in the URL.

    • parse

      public static AuthorizationResponse parse(URI uri, JARMValidator jarmValidator) throws ParseException
      Parses and validates a JSON Web Token (JWT) secured authorisation response.

      Use a relative URI if the host, port and path details are not known: 

       URI relUrl = new URI("https:///?response=eyJhbGciOiJSUzI1NiIsI...");
      Parameters:
      uri - The URI to parse. Can be absolute or relative, with a fragment or query string containing the authorisation response parameters. Must not be null.
      jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM). Must not be null.
      Returns:
      The authorisation success or error response.
      Throws:
      ParseException - If no authorisation response parameters were found in the URL of if validation of the JWT response failed.

    • parse

      public static AuthorizationResponse parse(HTTPResponse httpResponse) throws ParseException
      Parses an authorisation response from the specified initial HTTP 302 redirect response output at the authorisation endpoint.

      Example HTTP response (authorisation success): 

       HTTP/1.1 302 Found
 Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
      Parameters:
      httpResponse - The HTTP response to parse. Must not be null.
      Returns:
      The authorisation response.
      Throws:
      ParseException - If the HTTP response couldn't be parsed to an authorisation response.
      See Also:

    • parse

      public static AuthorizationResponse parse(HTTPResponse httpResponse, JARMValidator jarmValidator) throws ParseException
      Parses and validates a JSON Web Token (JWT) secured authorisation response from the specified initial HTTP 302 redirect response output at the authorisation endpoint.

      Example HTTP response (authorisation success): 

       HTTP/1.1 302 Found
 Location: https://client.example.com/cb?response=eyJhbGciOiJSUzI1...
      Parameters:
      httpResponse - The HTTP response to parse. Must not be null.
      jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM). Must not be null.
      Returns:
      The authorisation response.
      Throws:
      ParseException - If the HTTP response couldn't be parsed to an authorisation response or if validation of the JWT response failed.
      See Also:

    • parse

      public static AuthorizationResponse parse(HTTPRequest httpRequest) throws ParseException
      Parses an authorisation response from the specified HTTP request at the client redirection (callback) URI. Applies to the query, fragment and form_post response modes.

      Example HTTP request (authorisation success): 

       GET /cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz HTTP/1.1
 Host: client.example.com
      Parameters:
      httpRequest - The HTTP request to parse. Must not be null.
      Returns:
      The authorisation response.
      Throws:
      ParseException - If the HTTP request couldn't be parsed to an authorisation response.
      See Also:

    • parse

      public static AuthorizationResponse parse(HTTPRequest httpRequest, JARMValidator jarmValidator) throws ParseException
      Parses and validates a JSON Web Token (JWT) secured authorisation response from the specified HTTP request at the client redirection (callback) URI. Applies to the query.jwt, fragment.jwt and form_post.jwt response modes.

      Example HTTP request (authorisation success): 

       GET /cb?response=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9... HTTP/1.1
 Host: client.example.com
      Parameters:
      httpRequest - The HTTP request to parse. Must not be null.
      jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM). Must not be null.
      Returns:
      The authorisation response.
      Throws:
      ParseException - If the HTTP request couldn't be parsed to an authorisation response or if validation of the JWT response failed.
      See Also:

    • parseResponseParameters

      public static Map<String,List<String>> parseResponseParameters(URI uri) throws ParseException
      Parses the relevant authorisation response parameters. This method is intended for internal SDK usage only.
      Parameters:
      uri - The URI to parse its query or fragment parameters. Must not be null.
      Returns:
      The authorisation response parameters.
      Throws:
      ParseException - If parsing failed.

    • parseResponseParameters

      public static Map<String,List<String>> parseResponseParameters(HTTPRequest httpRequest) throws ParseException
      Parses the relevant authorisation response parameters. This method is intended for internal SDK usage only.
      Parameters:
      httpRequest - The HTTP request. Must not be null.
      Returns:
      The authorisation response parameters.
      Throws:
      ParseException - If parsing failed.