com.nimbusds.oauth2.sdk.auth

Class ClientAuthenticationMethod

java.lang.Object

com.nimbusds.oauth2.sdk.id.Identifier

com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod

All Implemented Interfaces:

Serializable, Comparable<Identifier>, net.minidev.json.JSONAware

@Immutable
public final class ClientAuthenticationMethod
extends Identifier

Client authentication method at the Token endpoint.

Constants are provided for four client authentication methods:

• client_secret_basic (default)
• client_secret_post
• client_secret_jwt
• private_key_jwt
• tls_client_auth
• self_signed_tls_client_auth
• none

Use the constructor to define a custom client authentication method.

Related specifications:

• OAuth 2.0 (RFC 6749), section 2.3.
• OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591), section 2.
• Mutual TLS Profile for OAuth 2.0 (draft-ietf-oauth-mtls-04), section 2.2.

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static ClientAuthenticationMethod	CLIENT_SECRET_BASIC Clients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 using HTTP Basic authentication.
static ClientAuthenticationMethod	CLIENT_SECRET_JWT Clients that have received a client secret from the authorisation server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256.
static ClientAuthenticationMethod	CLIENT_SECRET_POST Clients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 by including the client credentials in the request body.
static ClientAuthenticationMethod	NONE The client is a public client as defined in OAuth 2.0 and does not have a client secret.
static ClientAuthenticationMethod	PRIVATE_KEY_JWT Clients that have registered a public key sign a JWT using the RSA algorithm if a RSA key was registered or the ECDSA algorithm if an Elliptic Curve key was registered (see JWA for the algorithm identifiers).
static ClientAuthenticationMethod	SELF_SIGNED_TLS_CLIENT_AUTH Self-signed client TLS / X.509 certificate authentication.
static ClientAuthenticationMethod	TLS_CLIENT_AUTH Client TLS / X.509 certificate authentication using PKI.

Fields inherited from class com.nimbusds.oauth2.sdk.id.Identifier

DEFAULT_BYTE_LENGTH

Constructor Summary

Constructors

Constructor and Description
ClientAuthenticationMethod(String value) Creates a new client authentication method with the specified value.

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object object)
static ClientAuthenticationMethod	getDefault() Gets the default client authentication method.
static ClientAuthenticationMethod	parse(String value) Parses a client authentication method from the specified value.

Methods inherited from class com.nimbusds.oauth2.sdk.id.Identifier

compareTo, getValue, hashCode, toJSONString, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

CLIENT_SECRET_BASIC

public static final ClientAuthenticationMethod CLIENT_SECRET_BASIC

Clients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 using HTTP Basic authentication. This is the default if no method has been registered for the client.

CLIENT_SECRET_POST

public static final ClientAuthenticationMethod CLIENT_SECRET_POST

Clients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 by including the client credentials in the request body.

CLIENT_SECRET_JWT

public static final ClientAuthenticationMethod CLIENT_SECRET_JWT

Clients that have received a client secret from the authorisation server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the value of client secret as the shared key. The client authenticates in accordance with section 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile.

PRIVATE_KEY_JWT

public static final ClientAuthenticationMethod PRIVATE_KEY_JWT

Clients that have registered a public key sign a JWT using the RSA algorithm if a RSA key was registered or the ECDSA algorithm if an Elliptic Curve key was registered (see JWA for the algorithm identifiers). The client authenticates in accordance with section 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile.

TLS_CLIENT_AUTH

public static final ClientAuthenticationMethod TLS_CLIENT_AUTH

Client TLS / X.509 certificate authentication using PKI. See Mutual TLS Profile for OAuth 2.0, section 2.1.

SELF_SIGNED_TLS_CLIENT_AUTH

public static final ClientAuthenticationMethod SELF_SIGNED_TLS_CLIENT_AUTH

Self-signed client TLS / X.509 certificate authentication. See Mutual TLS Profile for OAuth 2.0, section 2.2.

NONE

public static final ClientAuthenticationMethod NONE

The client is a public client as defined in OAuth 2.0 and does not have a client secret.

Constructor Detail

ClientAuthenticationMethod

public ClientAuthenticationMethod(String value)

Creates a new client authentication method with the specified value.

Parameters:

value - The authentication method value. Must not be null or empty string.

Method Detail

getDefault

public static ClientAuthenticationMethod getDefault()

Gets the default client authentication method.

Returns:

CLIENT_SECRET_BASIC

parse

public static ClientAuthenticationMethod parse(String value)

Parses a client authentication method from the specified value.

Parameters:

value - The authentication method value. Must not be null or empty string.

Returns:

The client authentication method.

equals

public boolean equals(Object object)

Overrides:

equals in class Identifier