001 package com.nimbusds.oauth2.sdk.auth;
002
003
004 import net.jcip.annotations.Immutable;
005
006 import com.nimbusds.oauth2.sdk.id.Identifier;
007
008
009 /**
010 * Client authentication method at the Token endpoint. This class is immutable.
011 *
012 * <p>Constants are provided for four client authentication methods:
013 *
014 * <ul>
015 * <li>{@link #CLIENT_SECRET_BASIC} (default)
016 * <li>{@link #CLIENT_SECRET_POST}
017 * <li>{@link #CLIENT_SECRET_JWT}
018 * <li>{@link #PRIVATE_KEY_JWT}
019 * </ul>
020 *
021 * <p>Use the constructor to define a custom client authentication method.
022 *
023 * <p>Related specifications:
024 *
025 * <ul>
026 * <li>OAuth 2.0 (RFC 6749), section 2.3.
027 * </ul>
028 *
029 * @author Vladimir Dzhuvinov
030 * @version $version$ (2013-01-18)
031 */
032 @Immutable
033 public final class ClientAuthenticationMethod extends Identifier {
034
035
036 /**
037 * Clients that have received a client secret from the authorisation
038 * server authenticate with the authorisation server in accordance with
039 * section 3.2.1 of OAuth 2.0 using HTTP Basic authentication. This is
040 * the default if no method has been registered for the client.
041 */
042 public static final ClientAuthenticationMethod CLIENT_SECRET_BASIC =
043 new ClientAuthenticationMethod("client_secret_basic");
044
045
046 /**
047 * Clients that have received a client secret from the authorisation
048 * server authenticate with the authorisation server in accordance with
049 * section 3.2.1 of OAuth 2.0 by including the client credentials in
050 * the request body.
051 */
052 public static final ClientAuthenticationMethod CLIENT_SECRET_POST =
053 new ClientAuthenticationMethod("client_secret_post");
054
055
056 /**
057 * Clients that have received a client secret from the authorisation
058 * server, create a JWT using an HMAC SHA algorithm, such as HMAC
059 * SHA-256. The HMAC (Hash-based Message Authentication Code) is
060 * calculated using the value of client secret as the shared key. The
061 * client authenticates in accordance with section 2.2 of (JWT) Bearer
062 * Token Profiles and OAuth 2.0 Assertion Profile.
063 */
064 public static final ClientAuthenticationMethod CLIENT_SECRET_JWT =
065 new ClientAuthenticationMethod("client_secret_jwt");
066
067
068 /**
069 * Clients that have registered a public key sign a JWT using the RSA
070 * algorithm if a RSA key was registered or the ECDSA algorithm if an
071 * Elliptic Curve key was registered (see JWA for the algorithm
072 * identifiers). The client authenticates in accordance with section
073 * 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile.
074 */
075 public static final ClientAuthenticationMethod PRIVATE_KEY_JWT =
076 new ClientAuthenticationMethod("private_key_jwt");
077
078
079 /**
080 * Gets the default client authentication method.
081 *
082 * @return {@link #CLIENT_SECRET_BASIC}
083 */
084 public static ClientAuthenticationMethod getDefault() {
085
086 return CLIENT_SECRET_BASIC;
087 }
088
089
090 /**
091 * Creates a new client authentication method with the specified value.
092 *
093 * @param value The authentication method value. Must not be
094 * {@code null} or empty string.
095 */
096 public ClientAuthenticationMethod(final String value) {
097
098 super(value);
099 }
100
101
102 @Override
103 public boolean equals(final Object object) {
104
105 return object != null &&
106 object instanceof ClientAuthenticationMethod &&
107 this.toString().equals(object.toString());
108 }
109 }