Package com.nimbusds.openid.connect.sdk

Class AuthenticationResponseParser

  • public class AuthenticationResponseParser
extends Object
    Parser of OpenID Connect authentication response messages.

    Related specifications:

    • OpenID Connect Core 1.0, sections 3.1.2.5. and 3.1.2.6.
    • OAuth 2.0 (RFC 6749), section 3.1.
    • OAuth 2.0 Multiple Response Type Encoding Practices 1.0.
    • OAuth 2.0 Form Post Response Mode 1.0.
    • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

    • Method Detail

      • parse

        public static AuthenticationResponse parse​(URI redirectURI,
                                           Map<String,​List<String>> params)
                                    throws ParseException
        Parses an OpenID Connect authentication response.
        Parameters:
        redirectURI - The base redirection URI. Must not be null.
        params - The response parameters to parse. Must not be null.
        Returns:
        The OpenID Connect authentication success or error response.
        Throws:
        ParseException - If the parameters couldn't be parsed to an OpenID Connect authentication response.

      • parse

        public static AuthenticationResponse parse​(URI redirectURI,
                                           Map<String,​List<String>> params,
                                           JARMValidator jarmValidator)
                                    throws ParseException
        Parses an OpenID Connect authentication response which may be JSON Web Token (JWT) secured.
        Parameters:
        redirectURI - The base redirection URI. Must not be null.
        params - The response parameters to parse. Must not be null.
        jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM), null if a plain response is expected.
        Returns:
        The OpenID Connect authentication success or error response.
        Throws:
        ParseException - If the parameters couldn't be parsed to an OpenID Connect authentication response, or if validation of the JWT response failed.

      • parse

        public static AuthenticationResponse parse​(URI uri)
                                    throws ParseException
        Parses an OpenID Connect authentication response.

        Use a relative URI if the host, port and path details are not known: 

         URI relUrl = new URI("https:///?code=Qcb0Orv1...&state=af0ifjsldkj");

        Example URI: 

         https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
        Parameters:
        uri - The URI to parse. Can be absolute or relative, with a fragment or query string containing the authentication response parameters. Must not be null.
        Returns:
        The OpenID Connect authentication success or error response.
        Throws:
        ParseException - If the redirection URI couldn't be parsed to an OpenID Connect authentication response.

      • parse

        public static AuthenticationResponse parse​(URI uri,
                                           JARMValidator jarmValidator)
                                    throws ParseException
        Parses and validates a JSON Web Token (JWT) secured OpenID Connect authentication response.

        Use a relative URI if the host, port and path details are not known: 

         URI relUrl = new URI("https:///?response=eyJhbGciOiJSUzI1NiIsI...");
        Parameters:
        uri - The URI to parse. Can be absolute or relative, with a fragment or query string containing the authentication response parameters. Must not be null.
        jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM). Must not be null.
        Returns:
        The OpenID Connect authentication success or error response.
        Throws:
        ParseException - If the redirection URI couldn't be parsed to an OpenID Connect authentication response or if validation of the JWT response failed.

      • parse

        public static AuthenticationResponse parse​(HTTPResponse httpResponse)
                                    throws ParseException
        Parses an OpenID Connect authentication response from the specified initial HTTP 302 redirect response output at the authorisation endpoint.

        Example HTTP response (authorisation success): 

         HTTP/1.1 302 Found
 Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
        Parameters:
        httpResponse - The HTTP response to parse. Must not be null.
        Returns:
        The OpenID Connect authentication response.
        Throws:
        ParseException - If the HTTP response couldn't be parsed to an OpenID Connect authentication response.

      • parse

        public static AuthenticationResponse parse​(HTTPResponse httpResponse,
                                           JARMValidator jarmValidator)
                                    throws ParseException
        Parses and validates a JSON Web Token (JWT) secured OpenID Connect authentication response from the specified initial HTTP 302 redirect response output at the authorisation endpoint.

        Example HTTP response (authorisation success): 

         HTTP/1.1 302 Found
 Location: https://client.example.com/cb?response=eyJhbGciOiJSUzI1...
        Parameters:
        httpResponse - The HTTP response to parse. Must not be null.
        jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM). Must not be null.
        Returns:
        The OpenID Connect authentication response.
        Throws:
        ParseException - If the HTTP response couldn't be parsed to an OpenID Connect authentication response or if validation of the JWT response failed.

      • parse

        public static AuthenticationResponse parse​(HTTPRequest httpRequest)
                                    throws ParseException
        Parses an OpenID Connect authentication response from the specified HTTP request at the client redirection (callback) URI. Applies to the query, fragment and form_post response modes.

        Example HTTP request (authorisation success): 

         GET /cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz HTTP/1.1
 Host: client.example.com
        Parameters:
        httpRequest - The HTTP request to parse. Must not be null.
        Returns:
        The OpenID Connect authentication response.
        Throws:
        ParseException - If the HTTP request couldn't be parsed to an OpenID Connect authentication response.
        See Also:
        parse(HTTPResponse)

      • parse

        public static AuthenticationResponse parse​(HTTPRequest httpRequest,
                                           JARMValidator jarmValidator)
                                    throws ParseException
        Parses and validates a JSON Web Token (JWT) secured OpenID Connect authentication response from the specified HTTP request at the client redirection (callback) URI. Applies to the query.jwt, fragment.jwt and form_post.jwt response modes.

        Example HTTP request (authorisation success): 

         GET /cb?response=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9... HTTP/1.1
 Host: client.example.com
        Parameters:
        httpRequest - The HTTP request to parse. Must not be null.
        jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM). Must not be null.
        Returns:
        The OpenID Connect authentication response.
        Throws:
        ParseException - If the HTTP request couldn't be parsed to an OpenID Connect authentication response or if validation of the JWT response failed.
        See Also:
        parse(HTTPResponse)