Class AuthenticationRequestResolver<C extends com.nimbusds.jose.proc.SecurityContext>
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.op.AuthenticationRequestResolver<C>
-
@ThreadSafe public class AuthenticationRequestResolver<C extends com.nimbusds.jose.proc.SecurityContext> extends Object
Resolves the final OpenID Connect authentication request by superseding its parameters with those found in the optional OpenID Connect request object. The request object is encoded as a JSON Web Token (JWT) and can be specified directly (inline) using therequest
parameter, or by URL using therequest_uri
parameter.To process signed and optionally encrypted request objects a
JWT processor
for the expected JWS / JWE algorithms must be provided at construction time.To fetch OpenID Connect request objects specified by URL a
JWT retriever
must be provided, otherwise only inlined request objects can be processed.Related specifications:
- OpenID Connect Core 1.0, section 6.
-
-
Constructor Summary
Constructors Constructor Description AuthenticationRequestResolver()
Creates a new minimal OpenID Connect authentication request resolver.AuthenticationRequestResolver(com.nimbusds.jwt.proc.JWTProcessor<C> jwtProcessor)
Creates a new OpenID Connect authentication request resolver that supports OpenID Connect request objects passed by value (using the authenticationrequest
parameter).AuthenticationRequestResolver(com.nimbusds.jwt.proc.JWTProcessor<C> jwtProcessor, com.nimbusds.jose.util.ResourceRetriever jwtRetriever)
Creates a new OpenID Connect request object resolver that supports OpenID Connect request objects passed by value (using the authenticationrequest
parameter) or by reference (using the authenticationrequest_uri
parameter).
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description com.nimbusds.jwt.proc.JWTProcessor<C>
getJWTProcessor()
Returns the JWT processor.com.nimbusds.jose.util.ResourceRetriever
getJWTRetriever()
Returns the JWT retriever.static Map<String,List<String>>
reformatClaims(com.nimbusds.jwt.JWTClaimsSet claimsSet)
Reformats the specified JWT claims set to a java.util.Map instance.AuthenticationRequest
resolve(AuthenticationRequest request, C securityContext)
Resolves the specified OpenID Connect authentication request by superseding its parameters with those found in the optional OpenID Connect request object (if any).
-
-
-
Constructor Detail
-
AuthenticationRequestResolver
public AuthenticationRequestResolver()
Creates a new minimal OpenID Connect authentication request resolver. It will not process OpenID Connect request objects and will throw aResolveException
if the authentication request includes arequest
orrequest_uri
parameter.
-
AuthenticationRequestResolver
public AuthenticationRequestResolver(com.nimbusds.jwt.proc.JWTProcessor<C> jwtProcessor)
Creates a new OpenID Connect authentication request resolver that supports OpenID Connect request objects passed by value (using the authenticationrequest
parameter). It will throw aResolveException
if the authentication request includes arequest_uri
parameter.- Parameters:
jwtProcessor
- A configured JWT processor providing JWS validation and optional JWE decryption of the request objects. Must not benull
.
-
AuthenticationRequestResolver
public AuthenticationRequestResolver(com.nimbusds.jwt.proc.JWTProcessor<C> jwtProcessor, com.nimbusds.jose.util.ResourceRetriever jwtRetriever)
Creates a new OpenID Connect request object resolver that supports OpenID Connect request objects passed by value (using the authenticationrequest
parameter) or by reference (using the authenticationrequest_uri
parameter).- Parameters:
jwtProcessor
- A configured JWT processor providing JWS validation and optional JWE decryption of the request objects. Must not benull
.jwtRetriever
- A configured JWT retriever for OpenID Connect request objects passed by URI. Must not benull
.
-
-
Method Detail
-
getJWTProcessor
public com.nimbusds.jwt.proc.JWTProcessor<C> getJWTProcessor()
Returns the JWT processor.- Returns:
- The JWT processor,
null
if not specified.
-
getJWTRetriever
public com.nimbusds.jose.util.ResourceRetriever getJWTRetriever()
Returns the JWT retriever.- Returns:
- The JWT retriever,
null
if not specified.
-
reformatClaims
public static Map<String,List<String>> reformatClaims(com.nimbusds.jwt.JWTClaimsSet claimsSet)
Reformats the specified JWT claims set to a java.util.Map instance.- Parameters:
claimsSet
- The JWT claims set to reformat. Must not benull
.- Returns:
- The JWT claims set as an unmodifiable map of string keys / string values.
-
resolve
public AuthenticationRequest resolve(AuthenticationRequest request, C securityContext) throws ResolveException, com.nimbusds.jose.JOSEException
Resolves the specified OpenID Connect authentication request by superseding its parameters with those found in the optional OpenID Connect request object (if any).- Parameters:
request
- The OpenID Connect authentication request. Must not benull
.securityContext
- Optional security context to pass to the JWT processor,null
if not specified.- Returns:
- The resolved authentication request, or the original unmodified request if no OpenID Connect request object was specified.
- Throws:
ResolveException
- If the request couldn't be resolved.com.nimbusds.jose.JOSEException
- If an invalid request JWT is found.
-
-