|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.nimbusds.oauth2.sdk.AbstractRequest com.nimbusds.oauth2.sdk.AuthorizationRequest com.nimbusds.openid.connect.sdk.OIDCAuthorizationRequest
@Immutable public final class OIDCAuthorizationRequest
OpenID Connect authorisation request. Used to authenticate (if required) an end-user and request the end-user's authorisation to release information to the client. This class is immutable.
Example HTTP request (code flow):
https://server.example.com/op/authorize? response_type=code%20id_token &client_id=s6BhdRkqt3 &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb &scope=openid &nonce=n-0S6_WzA2Mj &state=af0ifjsldkj
Related specifications:
Constructor Summary | |
---|---|
OIDCAuthorizationRequest(URL uri,
ResponseType rt,
Scope scope,
ClientID clientID,
URL redirectURI,
State state,
Nonce nonce)
Creates a new minimal OpenID Connect authorisation request. |
|
OIDCAuthorizationRequest(URL uri,
ResponseType rt,
Scope scope,
ClientID clientID,
URL redirectURI,
State state,
Nonce nonce,
Display display,
Prompt prompt,
int maxAge,
List<com.nimbusds.langtag.LangTag> uiLocales,
List<com.nimbusds.langtag.LangTag> claimsLocales,
com.nimbusds.jwt.JWT idTokenHint,
String loginHint,
List<ACR> acrValues,
ClaimsRequest claims)
Creates a new OpenID Connect authorisation request without a request object. |
|
OIDCAuthorizationRequest(URL uri,
ResponseType rt,
Scope scope,
ClientID clientID,
URL redirectURI,
State state,
Nonce nonce,
Display display,
Prompt prompt,
int maxAge,
List<com.nimbusds.langtag.LangTag> uiLocales,
List<com.nimbusds.langtag.LangTag> claimsLocales,
com.nimbusds.jwt.JWT idTokenHint,
String loginHint,
List<ACR> acrValues,
ClaimsRequest claims,
com.nimbusds.jwt.JWT requestObject)
Creates a new OpenID Connect authorisation request with a request object specified by value. |
|
OIDCAuthorizationRequest(URL uri,
ResponseType rt,
Scope scope,
ClientID clientID,
URL redirectURI,
State state,
Nonce nonce,
Display display,
Prompt prompt,
int maxAge,
List<com.nimbusds.langtag.LangTag> uiLocales,
List<com.nimbusds.langtag.LangTag> claimsLocales,
com.nimbusds.jwt.JWT idTokenHint,
String loginHint,
List<ACR> acrValues,
ClaimsRequest claims,
URL requestURI)
Creates a new OpenID Connect authorisation request with a request object specified by URL. |
Method Summary | |
---|---|
List<ACR> |
getACRValues()
Gets the requested Authentication Context Class Reference values. |
ClaimsRequest |
getClaims()
Gets the individual claims to be returned. |
List<com.nimbusds.langtag.LangTag> |
getClaimsLocales()
Gets the end-user's preferred languages and scripts for the claims being returned, ordered by preference. |
Display |
getDisplay()
Gets the requested display type. |
com.nimbusds.jwt.JWT |
getIDTokenHint()
Gets the ID Token hint. |
String |
getLoginHint()
Gets the login hint. |
int |
getMaxAge()
Gets the required maximum authentication age. |
Nonce |
getNonce()
Gets the nonce. |
Prompt |
getPrompt()
Gets the requested prompt. |
com.nimbusds.jwt.JWT |
getRequestObject()
Gets the request object. |
URL |
getRequestURI()
Gets the request object URL. |
List<com.nimbusds.langtag.LangTag> |
getUILocales()
Gets the end-user's preferred languages and scripts for the user interface, ordered by preference. |
static AuthorizationRequest |
parse(HTTPRequest httpRequest)
Parses an authorisation request from the specified HTTP GET or HTTP POST request. |
static OIDCAuthorizationRequest |
parse(URL uri,
Map<String,String> params)
Parses an OpenID Connect authorisation request from the specified parameters. |
static OIDCAuthorizationRequest |
parse(URL uri,
String query)
Parses an OpenID Connect authorisation request from the specified URL query string. |
boolean |
specifiesRequestObject()
Returns true if this authorisation request specifies an
OpenID Connect request object (directly through the request
parameter or by reference through the request_uri parameter). |
Map<String,String> |
toParameters()
Returns the parameters for this authorisation request. |
Methods inherited from class com.nimbusds.oauth2.sdk.AuthorizationRequest |
---|
getClientID, getRedirectURI, getResponseType, getScope, getState, toHTTPRequest, toHTTPRequest, toQueryString |
Methods inherited from class com.nimbusds.oauth2.sdk.AbstractRequest |
---|
getURI |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public OIDCAuthorizationRequest(URL uri, ResponseType rt, Scope scope, ClientID clientID, URL redirectURI, State state, Nonce nonce)
uri
- The URI of the authorisation endpoint. May be
null
if the AuthorizationRequest.toHTTPRequest()
method will not be used.rt
- The response type. Corresponds to the
response_type
parameter. Must not be
null
.scope
- The request scope. Corresponds to the
scope
parameter. Must contain an
openid value
. Must
not be null
.clientID
- The client identifier. Corresponds to the
client_id
parameter. Must not be
null
.redirectURI
- The redirection URI. Corresponds to the
redirect_uri
parameter. Must not be
null
.state
- The state. Corresponds to the state
parameter. May be null
.nonce
- The nonce. Corresponds to the nonce
parameter. May be null
for code flow.public OIDCAuthorizationRequest(URL uri, ResponseType rt, Scope scope, ClientID clientID, URL redirectURI, State state, Nonce nonce, Display display, Prompt prompt, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, ClaimsRequest claims)
uri
- The URI of the authorisation endpoint. May be
null
if the AuthorizationRequest.toHTTPRequest()
method will not be used.rt
- The response type. Corresponds to the
response_type
parameter. Must not be
null
.scope
- The request scope. Corresponds to the
scope
parameter. Must contain an
openid value
.
Must not be null
.clientID
- The client identifier. Corresponds to the
client_id
parameter. Must not be
null
.redirectURI
- The redirection URI. Corresponds to the
redirect_uri
parameter. Must not be
null
.state
- The state. Corresponds to the recommended
state
parameter. null
if not
specified.nonce
- The nonce. Corresponds to the nonce
parameter. May be null
for code flow.display
- The requested display type. Corresponds to the
optional display
parameter.
null
if not specified.prompt
- The requested prompt. Corresponds to the
optional prompt
parameter. null
if not specified.maxAge
- The required maximum authentication age, in
seconds. Corresponds to the optional
max_age
parameter. Zero if not
specified.uiLocales
- The preferred languages and scripts for the
user interface. Corresponds to the optional
ui_locales
parameter. null
if
not specified.claimsLocales
- The preferred languages and scripts for claims
being returned. Corresponds to the optional
claims_locales
parameter. null
if not specified.idTokenHint
- The ID Token hint. Corresponds to the optional
id_token_hint
parameter. null
if not specified.loginHint
- The login hint. Corresponds to the optional
login_hint
parameter. null
if
not specified.acrValues
- The requested Authentication Context Class
Reference values. Corresponds to the optional
acr_values
parameter. null
if
not specified.claims
- The individual claims to be returned.
Corresponds to the optional claims
parameter. null
if not specified.public OIDCAuthorizationRequest(URL uri, ResponseType rt, Scope scope, ClientID clientID, URL redirectURI, State state, Nonce nonce, Display display, Prompt prompt, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, ClaimsRequest claims, com.nimbusds.jwt.JWT requestObject)
uri
- The URI of the authorisation endpoint. May be
null
if the AuthorizationRequest.toHTTPRequest()
method will not be used.rt
- The response type set. Corresponds to the
response_type
parameter. Must not be
null
.scope
- The request scope. Corresponds to the
scope
parameter. Must contain an
openid value
.
Must not be null
.clientID
- The client identifier. Corresponds to the
client_id
parameter. Must not be
null
.redirectURI
- The redirection URI. Corresponds to the
redirect_uri
parameter. Must not be
null
.state
- The state. Corresponds to the recommended
state
parameter. null
if not
specified.nonce
- The nonce. Corresponds to the nonce
parameter. May be null
for code flow.display
- The requested display type. Corresponds to the
optional display
parameter.
null
if not specified.prompt
- The requested prompt. Corresponds to the
optional prompt
parameter. null
if not specified.maxAge
- The required maximum authentication age, in
seconds. Corresponds to the optional
max_age
parameter. Zero if not
specified.uiLocales
- The preferred languages and scripts for the
user interface. Corresponds to the optional
ui_locales
parameter. null
if
not specified.claimsLocales
- The preferred languages and scripts for claims
being returned. Corresponds to the optional
claims_locales
parameter. null
if not specified.idTokenHint
- The ID Token hint. Corresponds to the optional
id_token_hint
parameter. null
if not specified.loginHint
- The login hint. Corresponds to the optional
login_hint
parameter. null
if
not specified.acrValues
- The requested Authentication Context Class
Reference values. Corresponds to the optional
acr_values
parameter. null
if
not specified.claims
- The individual claims to be returned.
Corresponds to the optional claims
parameter. null
if not specified.requestObject
- The request object. Corresponds to the optional
request
parameter. null
if not
specified.public OIDCAuthorizationRequest(URL uri, ResponseType rt, Scope scope, ClientID clientID, URL redirectURI, State state, Nonce nonce, Display display, Prompt prompt, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, ClaimsRequest claims, URL requestURI)
uri
- The URI of the authorisation endpoint. May be
null
if the AuthorizationRequest.toHTTPRequest()
method will not be used.rt
- The response type. Corresponds to the
response_type
parameter. Must not be
null
.scope
- The request scope. Corresponds to the
scope
parameter. Must contain an
openid value
.
Must not be null
.clientID
- The client identifier. Corresponds to the
client_id
parameter. Must not be
null
.redirectURI
- The redirection URI. Corresponds to the
redirect_uri
parameter. Must not be
null
.state
- The state. Corresponds to the recommended
state
parameter. null
if not
specified.nonce
- The nonce. Corresponds to the nonce
parameter. May be null
for code flow.display
- The requested display type. Corresponds to the
optional display
parameter.
null
if not specified.prompt
- The requested prompt. Corresponds to the
optional prompt
parameter. null
if not specified.maxAge
- The required maximum authentication age, in
seconds. Corresponds to the optional
max_age
parameter. Zero if not
specified.uiLocales
- The preferred languages and scripts for the
user interface. Corresponds to the optional
ui_locales
parameter. null
if
not specified.claimsLocales
- The preferred languages and scripts for claims
being returned. Corresponds to the optional
claims_locales
parameter. null
if not specified.idTokenHint
- The ID Token hint. Corresponds to the optional
id_token_hint
parameter. null
if not specified.loginHint
- The login hint. Corresponds to the optional
login_hint
parameter. null
if
not specified.acrValues
- The requested Authentication Context Class
Reference values. Corresponds to the optional
acr_values
parameter. null
if
not specified.claims
- The individual claims to be returned.
Corresponds to the optional claims
parameter. null
if not specified.requestURI
- The request object URL. Corresponds to the
optional request_uri
parameter.
null
if not specified.Method Detail |
---|
public Nonce getNonce()
nonce
parameter.
null
if not specified.public Display getDisplay()
display
parameter.
null
if not specified.public Prompt getPrompt()
prompt
parameter.
null
if not specified.public int getMaxAge()
max_age
parameter.
public List<com.nimbusds.langtag.LangTag> getUILocales()
ui_locales
parameter.
null
if not specified.public List<com.nimbusds.langtag.LangTag> getClaimsLocales()
claims_locales
parameter.
null
if not specified.public com.nimbusds.jwt.JWT getIDTokenHint()
id_token_hint
parameter.
null
if not specified.public String getLoginHint()
login_hint
parameter.
null
if not specified.public List<ACR> getACRValues()
acr_values
parameter.
null
if not specified.public ClaimsRequest getClaims()
claims
parameter.
null
if not
specified.public com.nimbusds.jwt.JWT getRequestObject()
request
parameter.
null
if not specified.public URL getRequestURI()
request_uri
parameter.
null
if not specified.public boolean specifiesRequestObject()
true
if this authorisation request specifies an
OpenID Connect request object (directly through the request
parameter or by reference through the request_uri
parameter).
true
if a request object is specified, else
false
.public Map<String,String> toParameters() throws SerializeException
AuthorizationRequest
Example parameters:
response_type = code client_id = s6BhdRkqt3 state = xyz redirect_uri = https://client.example.com/cb
toParameters
in class AuthorizationRequest
SerializeException
- If this authorisation request couldn't be
serialised to an parameters map.public static OIDCAuthorizationRequest parse(URL uri, Map<String,String> params) throws ParseException
Example parameters:
response_type = token id_token client_id = s6BhdRkqt3 redirect_uri = https://client.example.com/cb scope = openid profile state = af0ifjsldkj nonce = -0S6_WzA2Mj
uri
- The URI of the authorisation endpoint. May be
null
if the AuthorizationRequest.toHTTPRequest()
method
will not be used.params
- The parameters. Must not be null
.
ParseException
- If the parameters couldn't be parsed to an
OpenID Connect authorisation request.public static OIDCAuthorizationRequest parse(URL uri, String query) throws ParseException
Example URL query string:
response_type=token%20id_token &client_id=s6BhdRkqt3 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb &scope=openid%20profile &state=af0ifjsldkj &nonce=n-0S6_WzA2Mj
uri
- The URI of the authorisation endpoint. May be
null
if the AuthorizationRequest.toHTTPRequest()
method
will not be used.query
- The URL query string. Must not be null
.
ParseException
- If the query string couldn't be parsed to an
OpenID Connect authorisation request.public static AuthorizationRequest parse(HTTPRequest httpRequest) throws ParseException
Example HTTP request (GET):
https://server.example.com/op/authorize? response_type=code%20id_token &client_id=s6BhdRkqt3 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb &scope=openid &nonce=n-0S6_WzA2Mj &state=af0ifjsldkj
httpRequest
- The HTTP request. Must not be null
.
ParseException
- If the HTTP request couldn't be parsed to an
OpenID Connect authorisation request.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |