Package com.nimbusds.openid.connect.sdk.op

Class AuthenticationRequestResolver<C extends com.nimbusds.jose.proc.SecurityContext>

java.lang.Object

com.nimbusds.openid.connect.sdk.op.AuthenticationRequestResolver<C>

@ThreadSafe
public class AuthenticationRequestResolver<C extends com.nimbusds.jose.proc.SecurityContext>
extends Object

Resolves the final OpenID Connect authentication request by superseding its parameters with those found in the optional OpenID Connect request object. The request object is encoded as a JSON Web Token (JWT) and can be specified directly (inline) using the request parameter, or by URL using the request_uri parameter.

To process signed and optionally encrypted request objects a JWT processor for the expected JWS / JWE algorithms must be provided at construction time.

To fetch OpenID Connect request objects specified by URL a JWT retriever must be provided, otherwise only inlined request objects can be processed.

Related specifications:

• OpenID Connect Core 1.0, section 6.

Constructor Summary

Constructors

Constructor	Description
AuthenticationRequestResolver()	Creates a new minimal OpenID Connect authentication request resolver.
AuthenticationRequestResolver(com.nimbusds.jwt.proc.JWTProcessor<C> jwtProcessor)	Creates a new OpenID Connect authentication request resolver that supports OpenID Connect request objects passed by value (using the authentication request parameter).
AuthenticationRequestResolver(com.nimbusds.jwt.proc.JWTProcessor<C> jwtProcessor, com.nimbusds.jose.util.ResourceRetriever jwtRetriever)	Creates a new OpenID Connect request object resolver that supports OpenID Connect request objects passed by value (using the authentication request parameter) or by reference (using the authentication request_uri parameter).

Method Summary

Modifier and Type	Method	Description
com.nimbusds.jwt.proc.JWTProcessor<C>	getJWTProcessor()	Returns the JWT processor.
com.nimbusds.jose.util.ResourceRetriever	getJWTRetriever()	Returns the JWT retriever.
static Map<String,List<String>>	reformatClaims(com.nimbusds.jwt.JWTClaimsSet claimsSet)	Reformats the specified JWT claims set to a java.util.Map instance.
AuthenticationRequest	resolve(AuthenticationRequest request, C securityContext)	Resolves the specified OpenID Connect authentication request by superseding its parameters with those found in the optional OpenID Connect request object (if any).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationRequestResolver

public AuthenticationRequestResolver()

Creates a new minimal OpenID Connect authentication request resolver. It will not process OpenID Connect request objects and will throw a ResolveException if the authentication request includes a request or request_uri parameter.

AuthenticationRequestResolver

public AuthenticationRequestResolver(com.nimbusds.jwt.proc.JWTProcessor<C> jwtProcessor)

Creates a new OpenID Connect authentication request resolver that supports OpenID Connect request objects passed by value (using the authentication request parameter). It will throw a ResolveException if the authentication request includes a request_uri parameter.

Parameters:

jwtProcessor - A configured JWT processor providing JWS validation and optional JWE decryption of the request objects. Must not be null.

AuthenticationRequestResolver

public AuthenticationRequestResolver(com.nimbusds.jwt.proc.JWTProcessor<C> jwtProcessor,
                                     com.nimbusds.jose.util.ResourceRetriever jwtRetriever)

Creates a new OpenID Connect request object resolver that supports OpenID Connect request objects passed by value (using the authentication request parameter) or by reference (using the authentication request_uri parameter).

Parameters:

jwtProcessor - A configured JWT processor providing JWS validation and optional JWE decryption of the request objects. Must not be null.

jwtRetriever - A configured JWT retriever for OpenID Connect request objects passed by URI. Must not be null.

Method Detail

getJWTProcessor

public com.nimbusds.jwt.proc.JWTProcessor<C> getJWTProcessor()

Returns the JWT processor.

Returns:

The JWT processor, null if not specified.

getJWTRetriever

public com.nimbusds.jose.util.ResourceRetriever getJWTRetriever()

Returns the JWT retriever.

Returns:

The JWT retriever, null if not specified.

reformatClaims

public static Map<String,List<String>> reformatClaims(com.nimbusds.jwt.JWTClaimsSet claimsSet)

Reformats the specified JWT claims set to a java.util.Map instance.

Parameters:

claimsSet - The JWT claims set to reformat. Must not be null.

Returns:

The JWT claims set as an unmodifiable map of string keys / string values.

resolve

public AuthenticationRequest resolve(AuthenticationRequest request,
                                     C securityContext)
                              throws ResolveException,
                                     com.nimbusds.jose.JOSEException

Resolves the specified OpenID Connect authentication request by superseding its parameters with those found in the optional OpenID Connect request object (if any).

Parameters:

request - The OpenID Connect authentication request. Must not be null.

securityContext - Optional security context to pass to the JWT processor, null if not specified.

Returns:

The resolved authentication request, or the original unmodified request if no OpenID Connect request object was specified.

Throws:

ResolveException - If the request couldn't be resolved.

com.nimbusds.jose.JOSEException - If an invalid request JWT is found.