Package com.nimbusds.openid.connect.sdk.claims

Class IDTokenClaimsSet

  • All Implemented Interfaces:
    net.minidev.json.JSONAware
    public class IDTokenClaimsSet
extends ClaimsSet
    ID token claims set, serialisable to a JSON object.

    Example ID token claims set: 

     {
   "iss"       : "https://server.example.com",
   "sub"       : "24400320",
   "aud"       : "s6BhdRkqt3",
   "nonce"     : "n-0S6_WzA2Mj",
   "exp"       : 1311281970,
   "iat"       : 1311280970,
   "auth_time" : 1311280969,
   "acr"       : "urn:mace:incommon:iap:silver",
   "at_hash"   : "MTIzNDU2Nzg5MDEyMzQ1Ng"
 }

    Related specifications:

    • OpenID Connect Core 1.0, section 2.
    • OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02).
    • Financial Services – Financial API - Part 2: Read and Write API Security Profile, section 5.1.

    • Constructor Detail

      • IDTokenClaimsSet

        public IDTokenClaimsSet​(Issuer iss,
                        Subject sub,
                        List<Audience> aud,
                        Date exp,
                        Date iat)
        Creates a new minimal ID token claims set. Note that the ID token may require additional claims to be present depending on the original OpenID Connect authorisation request.
        Parameters:
        iss - The issuer. Must not be null.
        sub - The subject. Must not be null.
        aud - The audience. Must not be null.
        exp - The expiration time. Must not be null.
        iat - The issue time. Must not be null.

      • IDTokenClaimsSet

        public IDTokenClaimsSet​(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet)
                 throws ParseException
        Creates a new ID token claims set from the specified JSON Web Token (JWT) claims set.
        Parameters:
        jwtClaimsSet - The JWT claims set. Must not be null.
        Throws:
        ParseException - If the JWT claims set doesn't represent a valid ID token claims set.

    • Method Detail

      • getStandardClaimNames

        public static Set<StringgetStandardClaimNames()
        Gets the names of the standard top-level ID token claims.
        Returns:
        The names of the standard top-level ID token claims (read-only set).

      • hasRequiredClaims

        public boolean hasRequiredClaims​(ResponseType responseType,
                                 boolean iatAuthzEndpoint)
        Checks if this ID token claims set contains all required claims for the specified OpenID Connect response type.
        Parameters:
        responseType - The OpenID Connect response type. Must not be null.
        iatAuthzEndpoint - Specifies the endpoint where the ID token was issued (required for hybrid flow). true if the ID token was issued at the authorisation endpoint, false if the ID token was issued at the token endpoint.
        Returns:
        true if the required claims are contained, else false.

      • getExpirationTime

        public Date getExpirationTime()
        Gets the ID token expiration time. Corresponds to the exp claim.
        Returns:
        The expiration time.

      • getAuthenticationTime

        public Date getAuthenticationTime()
        Gets the subject authentication time. Corresponds to the auth_time claim.
        Returns:
        The authentication time, null if not specified or parsing failed.

      • setAuthenticationTime

        public void setAuthenticationTime​(Date authTime)
        Sets the subject authentication time. Corresponds to the auth_time claim.
        Parameters:
        authTime - The authentication time, null if not specified.

      • getNonce

        public Nonce getNonce()
        Gets the ID token nonce. Corresponds to the nonce claim.
        Returns:
        The nonce, null if not specified or parsing failed.

      • setNonce

        public void setNonce​(Nonce nonce)
        Sets the ID token nonce. Corresponds to the nonce claim.
        Parameters:
        nonce - The nonce, null if not specified.

      • getAccessTokenHash

        public AccessTokenHash getAccessTokenHash()
        Gets the access token hash. Corresponds to the at_hash claim.
        Returns:
        The access token hash, null if not specified or parsing failed.

      • setAccessTokenHash

        public void setAccessTokenHash​(AccessTokenHash atHash)
        Sets the access token hash. Corresponds to the at_hash claim.
        Parameters:
        atHash - The access token hash, null if not specified.

      • getCodeHash

        public CodeHash getCodeHash()
        Gets the authorisation code hash. Corresponds to the c_hash claim.
        Returns:
        The authorisation code hash, null if not specified or parsing failed.

      • setCodeHash

        public void setCodeHash​(CodeHash cHash)
        Sets the authorisation code hash. Corresponds to the c_hash claim.
        Parameters:
        cHash - The authorisation code hash, null if not specified.

      • getStateHash

        public StateHash getStateHash()
        Gets the state hash. Corresponds to the s_hash claim.
        Returns:
        The state hash, null if not specified or parsing failed.

      • setStateHash

        public void setStateHash​(StateHash sHash)
        Sets the state hash. Corresponds to the s_hash claim.
        Parameters:
        sHash - The state hash, null if not specified.

      • getACR

        public ACR getACR()
        Gets the Authentication Context Class Reference (ACR). Corresponds to the acr claim.
        Returns:
        The Authentication Context Class Reference (ACR), null if not specified or parsing failed.

      • setACR

        public void setACR​(ACR acr)
        Sets the Authentication Context Class Reference (ACR). Corresponds to the acr claim.
        Parameters:
        acr - The Authentication Context Class Reference (ACR), null if not specified.

      • getAMR

        public List<AMRgetAMR()
        Gets the Authentication Methods References (AMRs). Corresponds to the amr claim.
        Returns:
        The Authentication Methods Reference (AMR) list, null if not specified or parsing failed.

      • setAMR

        public void setAMR​(List<AMR> amr)
        Sets the Authentication Methods References (AMRs). Corresponds to the amr claim.
        Parameters:
        amr - The Authentication Methods Reference (AMR) list, null if not specified.

      • getAuthorizedParty

        public AuthorizedParty getAuthorizedParty()
        Gets the authorised party for the ID token. Corresponds to the azp claim.
        Returns:
        The authorised party, null if not specified or parsing failed.

      • setAuthorizedParty

        public void setAuthorizedParty​(AuthorizedParty azp)
        Sets the authorised party for the ID token. Corresponds to the azp claim.
        Parameters:
        azp - The authorised party, null if not specified.

      • getSubjectJWK

        public com.nimbusds.jose.jwk.JWK getSubjectJWK()
        Gets the subject's JSON Web Key (JWK) for a self-issued OpenID Connect provider. Corresponds to the sub_jwk claim.
        Returns:
        The subject's JWK, null if not specified or parsing failed.

      • setSubjectJWK

        public void setSubjectJWK​(com.nimbusds.jose.jwk.JWK subJWK)
        Sets the subject's JSON Web Key (JWK) for a self-issued OpenID Connect provider. Corresponds to the sub_jwk claim.
        Parameters:
        subJWK - The subject's JWK (must be public), null if not specified.

      • parse

        public static IDTokenClaimsSet parse​(net.minidev.json.JSONObject jsonObject)
                              throws ParseException
        Parses an ID token claims set from the specified JSON object.
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        Returns:
        The ID token claims set.
        Throws:
        ParseException - If parsing failed.

      • parse

        public static IDTokenClaimsSet parse​(String json)
                              throws ParseException
        Parses an ID token claims set from the specified JSON object string.
        Parameters:
        json - The JSON object string to parse. Must not be null.
        Returns:
        The ID token claims set.
        Throws:
        ParseException - If parsing failed.

      • getIssuer

        public Issuer getIssuer()
        Gets the issuer. Corresponds to the iss claim.
        Overrides:
        getIssuer in class ClaimsSet
        Returns:
        The issuer, null if not specified.

      • getSubject

        public Subject getSubject()
        Gets the subject. Corresponds to the sub claim.
        Returns:
        The subject.

      • getAudience

        public List<Audience> getAudience()
        Gets the audience. Corresponds to the aud claim.
        Overrides:
        getAudience in class ClaimsSet
        Returns:
        The audience, null if not specified.

      • getIssueTime

        public Date getIssueTime()
        Gets the issue time. Corresponds to the iss claim.
        Returns:
        The issue time, null if not specified.

      • getSessionID

        public SessionID getSessionID()
        Gets the session ID. Corresponds to the sid claim.
        Returns:
        The session ID, null if not specified.

      • setSessionID

        public void setSessionID​(SessionID sid)
        Sets the session ID. Corresponds to the sid claim.
        Parameters:
        sid - The session ID, null if not specified.