Source code

001package com.nimbusds.openid.connect.sdk.rp;
002
003import com.nimbusds.oauth2.sdk.ParseException;
004import com.nimbusds.oauth2.sdk.auth.Secret;
005import com.nimbusds.oauth2.sdk.client.ClientUpdateRequest;
006import com.nimbusds.oauth2.sdk.http.HTTPRequest;
007import com.nimbusds.oauth2.sdk.id.ClientID;
008import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
009import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
010import java.net.URL;
011import net.jcip.annotations.Immutable;
012import net.minidev.json.JSONObject;
013import org.apache.commons.lang3.StringUtils;
014
015
016/**
017 * OpenID Connect client registration request. This class is immutable.
018 * 
019 * Note that the update operation is not specified in OpenID Connect Dynamic
020 * Client Registration.
021 * 
022 * <p>Example HTTP request:
023 *
024 * <pre>
025 * PUT /register/s6BhdRkqt3 HTTP/1.1
026 * Accept: application/json
027 * Host: server.example.com
028 * Authorization: Bearer reg-23410913-abewfq.123483
029 *
030 * {
031 *  "client_id"                  :"s6BhdRkqt3",
032 *  "client_secret"              : "cf136dc3c1fc93f31185e5885805d",
033 *  "redirect_uris"              : ["https://client.example.org/callback", "https://client.example.org/alt"],
034 *  "scope"                      : "read write dolphin",
035 *  "grant_types"                : ["authorization_code", "refresh_token"]
036 *  "token_endpoint_auth_method" : "client_secret_basic",
037 *  "jwks_uri"                   : "https://client.example.org/my_public_keys.jwks"
038 *  "client_name"                : "My New Example",
039 *  "client_name#fr"             : "Mon Nouvel Exemple",
040 *  "logo_uri"                   : "https://client.example.org/newlogo.png"
041 *  "logo_uri#fr"                : "https://client.example.org/fr/newlogo.png"
042 * }
043 *
044 * </pre>
045 *
046 * <p>Related specifications:
047 *
048 * <ul>
049 *     <li>OAuth 2.0 Dynamic Client Registration Protocol 
050 *         (draft-ietf-oauth-dyn-reg-14), section 4.3.
051 * </ul>
052 * 
053 * @author Vladimir Dzhuvinov
054 */
055@Immutable
056public final class OIDCClientUpdateRequest extends ClientUpdateRequest {
057        
058        
059        /**
060         * Creates a new OpenID Connect client update request.
061         *
062         * @param uri         The URI of the client update endpoint. May be
063         *                    {@code null} if the {@link #toHTTPRequest()}
064         *                    method will not be used.
065         * @param accessToken The client registration access token. Must not be
066         *                    {@code null}.
067         * @param metadata    The client metadata. Must not be {@code null} and 
068         *                    must specify one or more redirect URIs.
069         * @param secret      The optional client secret, {@code null} if not
070         *                    specified.
071         */
072        public OIDCClientUpdateRequest(final URL uri,
073                                       final ClientID id,
074                                       final BearerAccessToken accessToken,
075                                       final OIDCClientMetadata metadata,
076                                       final Secret secret) {
077                
078                super(uri, id, accessToken, metadata, secret);
079        }
080        
081        
082        /**
083         * Gets the associated OpenID Connect client metadata.
084         *
085         * @return The OpenID Connect client metadata.
086         */
087        public OIDCClientMetadata getOIDCClientMetadata() {
088                
089                return (OIDCClientMetadata)getClientMetadata();
090        }
091        
092        
093        /**
094         * Parses an OpenID Connect client update request from the specified 
095         * HTTP PUT request.
096         *
097         * @param httpRequest The HTTP request. Must not be {@code null}.
098         *
099         * @return The OpenID Connect client update request.
100         *
101         * @throws ParseException If the HTTP request couldn't be parsed to an
102         *                        OpenID Connect client update request.
103         */
104        public static ClientUpdateRequest parse(final HTTPRequest httpRequest)
105                throws ParseException {
106
107                httpRequest.ensureMethod(HTTPRequest.Method.PUT);
108                
109                String authzHeaderValue = httpRequest.getAuthorization();
110                
111                if (StringUtils.isBlank(authzHeaderValue))
112                        throw new ParseException("Missing HTTP Authorization header");
113                
114                BearerAccessToken accessToken = BearerAccessToken.parse(authzHeaderValue);
115                
116                JSONObject jsonObject = httpRequest.getQueryAsJSONObject();
117                
118                ClientID id = new ClientID(JSONObjectUtils.getString(jsonObject, "client_id"));
119
120                OIDCClientMetadata metadata = OIDCClientMetadata.parse(jsonObject);
121                
122                Secret clientSecret = null;
123                
124                if (jsonObject.get("client_secret") != null)
125                        clientSecret = new Secret(JSONObjectUtils.getString(jsonObject, "client_secret"));
126                        
127                
128                return new OIDCClientUpdateRequest(httpRequest.getURL(), id, accessToken, metadata, clientSecret);
129        }
130}