001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.as; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 030import com.nimbusds.oauth2.sdk.util.OrderedJSONObject; 031 032 033/** 034 * OAuth 2.0 Authorisation Server (AS) metadata for the endpoints. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (RFC 8705) 042 * <li>OAuth 2.0 Pushed Authorization Requests 043 * (draft-lodderstedt-oauth-par-01) 044 * <li>OAuth 2.0 Device Flow for Browserless and Input Constrained Devices 045 * (draft-ietf-oauth-device-flow-14) 046 * </ul> 047 */ 048public class AuthorizationServerEndpointMetadata { 049 050 /** 051 * The registered parameter names. 052 */ 053 private static final Set<String> REGISTERED_PARAMETER_NAMES; 054 055 056 static { 057 Set<String> p = new HashSet<>(); 058 p.add("authorization_endpoint"); 059 p.add("token_endpoint"); 060 p.add("registration_endpoint"); 061 p.add("introspection_endpoint"); 062 p.add("revocation_endpoint"); 063 p.add("device_authorization_endpoint"); 064 p.add("request_object_endpoint"); 065 p.add("pushed_authorization_request_endpoint"); 066 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 067 } 068 069 070 /** 071 * Gets the registered provider metadata parameter names for endpoints. 072 * 073 * @return The registered provider metadata parameter names for endpoints, 074 * as an unmodifiable set. 075 */ 076 public static Set<String> getRegisteredParameterNames() { 077 078 return REGISTERED_PARAMETER_NAMES; 079 } 080 081 082 /** 083 * The authorisation endpoint. 084 */ 085 private URI authzEndpoint; 086 087 088 /** 089 * The token endpoint. 090 */ 091 private URI tokenEndpoint; 092 093 094 /** 095 * The registration endpoint. 096 */ 097 private URI regEndpoint; 098 099 100 /** 101 * The token introspection endpoint. 102 */ 103 private URI introspectionEndpoint; 104 105 106 /** 107 * The token revocation endpoint. 108 */ 109 private URI revocationEndpoint; 110 111 112 /** 113 * The request object endpoint. 114 */ 115 private URI requestObjectEndpoint; 116 117 118 /** 119 * The pushed request object endpoint. 120 */ 121 private URI parEndpoint; 122 123 124 /** 125 * The device authorization endpoint. 126 */ 127 private URI deviceAuthzEndpoint; 128 129 130 /** 131 * Creates a new OAuth 2.0 Authorisation Server (AS) endpoint metadata instance. 132 */ 133 public AuthorizationServerEndpointMetadata() { 134 } 135 136 137 /** 138 * Gets the authorisation endpoint URI. Corresponds the 139 * {@code authorization_endpoint} metadata field. 140 * 141 * @return The authorisation endpoint URI, {@code null} if not 142 * specified. 143 */ 144 public URI getAuthorizationEndpointURI() { 145 146 return authzEndpoint; 147 } 148 149 150 /** 151 * Sets the authorisation endpoint URI. Corresponds the 152 * {@code authorization_endpoint} metadata field. 153 * 154 * @param authzEndpoint The authorisation endpoint URI, {@code null} if 155 * not specified. 156 */ 157 public void setAuthorizationEndpointURI(final URI authzEndpoint) { 158 159 this.authzEndpoint = authzEndpoint; 160 } 161 162 163 /** 164 * Gets the token endpoint URI. Corresponds the {@code token_endpoint} 165 * metadata field. 166 * 167 * @return The token endpoint URI, {@code null} if not specified. 168 */ 169 public URI getTokenEndpointURI() { 170 171 return tokenEndpoint; 172 } 173 174 175 /** 176 * Sts the token endpoint URI. Corresponds the {@code token_endpoint} 177 * metadata field. 178 * 179 * @param tokenEndpoint The token endpoint URI, {@code null} if not 180 * specified. 181 */ 182 public void setTokenEndpointURI(final URI tokenEndpoint) { 183 184 this.tokenEndpoint = tokenEndpoint; 185 } 186 187 188 /** 189 * Gets the client registration endpoint URI. Corresponds to the 190 * {@code registration_endpoint} metadata field. 191 * 192 * @return The client registration endpoint URI, {@code null} if not 193 * specified. 194 */ 195 public URI getRegistrationEndpointURI() { 196 197 return regEndpoint; 198 } 199 200 201 /** 202 * Sets the client registration endpoint URI. Corresponds to the 203 * {@code registration_endpoint} metadata field. 204 * 205 * @param regEndpoint The client registration endpoint URI, 206 * {@code null} if not specified. 207 */ 208 public void setRegistrationEndpointURI(final URI regEndpoint) { 209 210 this.regEndpoint = regEndpoint; 211 } 212 213 214 /** 215 * Gets the token introspection endpoint URI. Corresponds to the 216 * {@code introspection_endpoint} metadata field. 217 * 218 * @return The token introspection endpoint URI, {@code null} if not 219 * specified. 220 */ 221 public URI getIntrospectionEndpointURI() { 222 223 return introspectionEndpoint; 224 } 225 226 227 /** 228 * Sets the token introspection endpoint URI. Corresponds to the 229 * {@code introspection_endpoint} metadata field. 230 * 231 * @param introspectionEndpoint The token introspection endpoint URI, 232 * {@code null} if not specified. 233 */ 234 public void setIntrospectionEndpointURI(final URI introspectionEndpoint) { 235 236 this.introspectionEndpoint = introspectionEndpoint; 237 } 238 239 240 /** 241 * Gets the token revocation endpoint URI. Corresponds to the 242 * {@code revocation_endpoint} metadata field. 243 * 244 * @return The token revocation endpoint URI, {@code null} if not 245 * specified. 246 */ 247 public URI getRevocationEndpointURI() { 248 249 return revocationEndpoint; 250 } 251 252 253 /** 254 * Sets the token revocation endpoint URI. Corresponds to the 255 * {@code revocation_endpoint} metadata field. 256 * 257 * @param revocationEndpoint The token revocation endpoint URI, 258 * {@code null} if not specified. 259 */ 260 public void setRevocationEndpointURI(final URI revocationEndpoint) { 261 262 this.revocationEndpoint = revocationEndpoint; 263 } 264 265 266 /** 267 * Gets the request object endpoint. Corresponds to the 268 * {@code request_object_endpoint} metadata field. 269 * 270 * @return The request object endpoint, {@code null} if not specified. 271 */ 272 @Deprecated 273 public URI getRequestObjectEndpoint() { 274 275 return requestObjectEndpoint; 276 } 277 278 279 /** 280 * Sets the request object endpoint. Corresponds to the 281 * {@code request_object_endpoint} metadata field. 282 * 283 * @param requestObjectEndpoint The request object endpoint, 284 * {@code null} if not specified. 285 */ 286 @Deprecated 287 public void setRequestObjectEndpoint(final URI requestObjectEndpoint) { 288 289 this.requestObjectEndpoint = requestObjectEndpoint; 290 } 291 292 293 /** 294 * Gets the pushed authorisation request endpoint. Corresponds to the 295 * {@code pushed_authorization_request_endpoint} metadata field. 296 * 297 * @return The pushed authorisation request endpoint, {@code null} if 298 * not specified. 299 */ 300 public URI getPushedAuthorizationRequestEndpointURI() { 301 302 return parEndpoint; 303 } 304 305 306 /** 307 * Gets the pushed authorisation request endpoint. Corresponds to the 308 * {@code pushed_authorization_request_endpoint} metadata field. 309 * 310 * @param parEndpoint The pushed authorisation request endpoint, 311 * {@code null} if not specified. 312 */ 313 public void setPushedAuthorizationRequestEndpointURI(final URI parEndpoint) { 314 315 this.parEndpoint = parEndpoint; 316 } 317 318 319 /** 320 * Gets the device authorization endpoint URI. Corresponds the 321 * {@code device_authorization_endpoint} metadata field. 322 * 323 * @return The device authorization endpoint URI, {@code null} if not 324 * specified. 325 */ 326 public URI getDeviceAuthorizationEndpointURI() { 327 328 return deviceAuthzEndpoint; 329 } 330 331 332 /** 333 * Sets the device authorization endpoint URI. Corresponds the 334 * {@code device_authorization_endpoint} metadata field. 335 * 336 * @param deviceAuthzEndpoint The device authorization endpoint URI, 337 * {@code null} if not specified. 338 */ 339 public void setDeviceAuthorizationEndpointURI(final URI deviceAuthzEndpoint) { 340 341 this.deviceAuthzEndpoint = deviceAuthzEndpoint; 342 } 343 344 345 /** 346 * Returns the JSON object representation of this OpenID Connect 347 * provider metadata. 348 * 349 * @return The JSON object representation. 350 */ 351 public JSONObject toJSONObject() { 352 353 JSONObject o = new OrderedJSONObject(); 354 355 if (authzEndpoint != null) 356 o.put("authorization_endpoint", authzEndpoint.toString()); 357 358 if (tokenEndpoint != null) 359 o.put("token_endpoint", tokenEndpoint.toString()); 360 361 if (regEndpoint != null) 362 o.put("registration_endpoint", regEndpoint.toString()); 363 364 if (introspectionEndpoint != null) 365 o.put("introspection_endpoint", introspectionEndpoint.toString()); 366 367 if (revocationEndpoint != null) 368 o.put("revocation_endpoint", revocationEndpoint.toString()); 369 370 if (requestObjectEndpoint != null) 371 o.put("request_object_endpoint", requestObjectEndpoint.toString()); 372 373 if (parEndpoint != null) 374 o.put("pushed_authorization_request_endpoint", parEndpoint.toString()); 375 376 if (deviceAuthzEndpoint != null) 377 o.put("device_authorization_endpoint", deviceAuthzEndpoint.toString()); 378 379 return o; 380 } 381 382 383 @Override 384 public String toString() { 385 return toJSONObject().toJSONString(); 386 } 387 388 389 /** 390 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 391 * JSON object. 392 * 393 * @param jsonObject The JSON object to parse. Must not be 394 * {@code null}. 395 * 396 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 397 * 398 * @throws ParseException If the JSON object couldn't be parsed to an 399 * OAuth 2.0 Authorisation Server endpoint metadata. 400 */ 401 public static AuthorizationServerEndpointMetadata parse(final JSONObject jsonObject) 402 throws ParseException { 403 404 // Parse issuer and subject_types_supported first 405 406 AuthorizationServerEndpointMetadata as = new AuthorizationServerEndpointMetadata(); 407 408 as.authzEndpoint = JSONObjectUtils.getURI(jsonObject, "authorization_endpoint", null); 409 as.tokenEndpoint = JSONObjectUtils.getURI(jsonObject, "token_endpoint", null); 410 as.regEndpoint = JSONObjectUtils.getURI(jsonObject, "registration_endpoint", null); 411 as.introspectionEndpoint = JSONObjectUtils.getURI(jsonObject, "introspection_endpoint", null); 412 as.revocationEndpoint = JSONObjectUtils.getURI(jsonObject, "revocation_endpoint", null); 413 as.deviceAuthzEndpoint = JSONObjectUtils.getURI(jsonObject, "device_authorization_endpoint", null); 414 as.requestObjectEndpoint = JSONObjectUtils.getURI(jsonObject, "request_object_endpoint", null); 415 as.parEndpoint = JSONObjectUtils.getURI(jsonObject, "pushed_authorization_request_endpoint", null); 416 return as; 417 } 418}