Package com.nimbusds.oauth2.sdk.auth
Class ClientAuthenticationMethod
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.id.Identifier
-
- com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod
-
- All Implemented Interfaces:
Serializable,Comparable<Identifier>,net.minidev.json.JSONAware
@Immutable public final class ClientAuthenticationMethod extends Identifier
Client authentication method at the Token endpoint.Constants are provided for four client authentication methods:
client_secret_basic(default)client_secret_postclient_secret_jwtprivate_key_jwttls_client_authself_signed_tls_client_authnone
Use the constructor to define a custom client authentication method.
Related specifications:
- OAuth 2.0 (RFC 6749), section 2.3.
- OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591), section 2.
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 2.
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static ClientAuthenticationMethodCLIENT_SECRET_BASICClients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 using HTTP Basic authentication.static ClientAuthenticationMethodCLIENT_SECRET_JWTClients that have received a client secret from the authorisation server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256.static ClientAuthenticationMethodCLIENT_SECRET_POSTClients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 by including the client credentials in the request body.static ClientAuthenticationMethodNONEThe client is a public client as defined in OAuth 2.0 and does not have a client secret.static ClientAuthenticationMethodPRIVATE_KEY_JWTClients that have registered a public key sign a JWT using the RSA algorithm if a RSA key was registered or the ECDSA algorithm if an Elliptic Curve key was registered (see JWA for the algorithm identifiers).static ClientAuthenticationMethodSELF_SIGNED_TLS_CLIENT_AUTHSelf-signed certificate mutual TLS OAuth client authentication.static ClientAuthenticationMethodTLS_CLIENT_AUTHPKI mutual TLS OAuth client authentication.-
Fields inherited from class com.nimbusds.oauth2.sdk.id.Identifier
DEFAULT_BYTE_LENGTH, secureRandom
-
-
Constructor Summary
Constructors Constructor Description ClientAuthenticationMethod(String value)Creates a new client authentication method with the specified value.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanequals(Object object)static ClientAuthenticationMethodgetDefault()Gets the default client authentication method.static ClientAuthenticationMethodparse(String value)Parses a client authentication method from the specified value.-
Methods inherited from class com.nimbusds.oauth2.sdk.id.Identifier
compareTo, getValue, hashCode, toJSONString, toString, toStringList
-
-
-
-
Field Detail
-
CLIENT_SECRET_BASIC
public static final ClientAuthenticationMethod CLIENT_SECRET_BASIC
Clients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 using HTTP Basic authentication. This is the default if no method has been registered for the client.
-
CLIENT_SECRET_POST
public static final ClientAuthenticationMethod CLIENT_SECRET_POST
Clients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 by including the client credentials in the request body.
-
CLIENT_SECRET_JWT
public static final ClientAuthenticationMethod CLIENT_SECRET_JWT
Clients that have received a client secret from the authorisation server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the value of client secret as the shared key. The client authenticates in accordance with section 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile.
-
PRIVATE_KEY_JWT
public static final ClientAuthenticationMethod PRIVATE_KEY_JWT
Clients that have registered a public key sign a JWT using the RSA algorithm if a RSA key was registered or the ECDSA algorithm if an Elliptic Curve key was registered (see JWA for the algorithm identifiers). The client authenticates in accordance with section 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile.
-
TLS_CLIENT_AUTH
public static final ClientAuthenticationMethod TLS_CLIENT_AUTH
PKI mutual TLS OAuth client authentication. See OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 2.1.
-
SELF_SIGNED_TLS_CLIENT_AUTH
public static final ClientAuthenticationMethod SELF_SIGNED_TLS_CLIENT_AUTH
Self-signed certificate mutual TLS OAuth client authentication. See OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 2.2.
-
NONE
public static final ClientAuthenticationMethod NONE
The client is a public client as defined in OAuth 2.0 and does not have a client secret.
-
-
Constructor Detail
-
ClientAuthenticationMethod
public ClientAuthenticationMethod(String value)
Creates a new client authentication method with the specified value.- Parameters:
value- The authentication method value. Must not benullor empty string.
-
-
Method Detail
-
getDefault
public static ClientAuthenticationMethod getDefault()
Gets the default client authentication method.- Returns:
CLIENT_SECRET_BASIC
-
parse
public static ClientAuthenticationMethod parse(String value)
Parses a client authentication method from the specified value.- Parameters:
value- The authentication method value. Must not benullor empty string.- Returns:
- The client authentication method.
-
equals
public boolean equals(Object object)
- Overrides:
equalsin classIdentifier
-
-