001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.as; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 030import com.nimbusds.oauth2.sdk.util.OrderedJSONObject; 031 032 033/** 034 * OAuth 2.0 Authorisation Server (AS) metadata for the endpoints. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (RFC 8705) 042 * <li>OAuth 2.0 Pushed Authorization Requests (draft-ietf-oauth-par-02) 043 * <li>OAuth 2.0 Device Flow for Browserless and Input Constrained Devices 044 * (draft-ietf-oauth-device-flow-14) 045 * </ul> 046 */ 047public class AuthorizationServerEndpointMetadata { 048 049 /** 050 * The registered parameter names. 051 */ 052 private static final Set<String> REGISTERED_PARAMETER_NAMES; 053 054 055 static { 056 Set<String> p = new HashSet<>(); 057 p.add("authorization_endpoint"); 058 p.add("token_endpoint"); 059 p.add("registration_endpoint"); 060 p.add("introspection_endpoint"); 061 p.add("revocation_endpoint"); 062 p.add("device_authorization_endpoint"); 063 p.add("request_object_endpoint"); 064 p.add("pushed_authorization_request_endpoint"); 065 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 066 } 067 068 069 /** 070 * Gets the registered provider metadata parameter names for endpoints. 071 * 072 * @return The registered provider metadata parameter names for endpoints, 073 * as an unmodifiable set. 074 */ 075 public static Set<String> getRegisteredParameterNames() { 076 077 return REGISTERED_PARAMETER_NAMES; 078 } 079 080 081 /** 082 * The authorisation endpoint. 083 */ 084 private URI authzEndpoint; 085 086 087 /** 088 * The token endpoint. 089 */ 090 private URI tokenEndpoint; 091 092 093 /** 094 * The registration endpoint. 095 */ 096 private URI regEndpoint; 097 098 099 /** 100 * The token introspection endpoint. 101 */ 102 private URI introspectionEndpoint; 103 104 105 /** 106 * The token revocation endpoint. 107 */ 108 private URI revocationEndpoint; 109 110 111 /** 112 * The request object endpoint. 113 */ 114 private URI requestObjectEndpoint; 115 116 117 /** 118 * The pushed request object endpoint. 119 */ 120 private URI parEndpoint; 121 122 123 /** 124 * The device authorization endpoint. 125 */ 126 private URI deviceAuthzEndpoint; 127 128 129 /** 130 * Creates a new OAuth 2.0 Authorisation Server (AS) endpoint metadata instance. 131 */ 132 public AuthorizationServerEndpointMetadata() { 133 } 134 135 136 /** 137 * Gets the authorisation endpoint URI. Corresponds the 138 * {@code authorization_endpoint} metadata field. 139 * 140 * @return The authorisation endpoint URI, {@code null} if not 141 * specified. 142 */ 143 public URI getAuthorizationEndpointURI() { 144 145 return authzEndpoint; 146 } 147 148 149 /** 150 * Sets the authorisation endpoint URI. Corresponds the 151 * {@code authorization_endpoint} metadata field. 152 * 153 * @param authzEndpoint The authorisation endpoint URI, {@code null} if 154 * not specified. 155 */ 156 public void setAuthorizationEndpointURI(final URI authzEndpoint) { 157 158 this.authzEndpoint = authzEndpoint; 159 } 160 161 162 /** 163 * Gets the token endpoint URI. Corresponds the {@code token_endpoint} 164 * metadata field. 165 * 166 * @return The token endpoint URI, {@code null} if not specified. 167 */ 168 public URI getTokenEndpointURI() { 169 170 return tokenEndpoint; 171 } 172 173 174 /** 175 * Sts the token endpoint URI. Corresponds the {@code token_endpoint} 176 * metadata field. 177 * 178 * @param tokenEndpoint The token endpoint URI, {@code null} if not 179 * specified. 180 */ 181 public void setTokenEndpointURI(final URI tokenEndpoint) { 182 183 this.tokenEndpoint = tokenEndpoint; 184 } 185 186 187 /** 188 * Gets the client registration endpoint URI. Corresponds to the 189 * {@code registration_endpoint} metadata field. 190 * 191 * @return The client registration endpoint URI, {@code null} if not 192 * specified. 193 */ 194 public URI getRegistrationEndpointURI() { 195 196 return regEndpoint; 197 } 198 199 200 /** 201 * Sets the client registration endpoint URI. Corresponds to the 202 * {@code registration_endpoint} metadata field. 203 * 204 * @param regEndpoint The client registration endpoint URI, 205 * {@code null} if not specified. 206 */ 207 public void setRegistrationEndpointURI(final URI regEndpoint) { 208 209 this.regEndpoint = regEndpoint; 210 } 211 212 213 /** 214 * Gets the token introspection endpoint URI. Corresponds to the 215 * {@code introspection_endpoint} metadata field. 216 * 217 * @return The token introspection endpoint URI, {@code null} if not 218 * specified. 219 */ 220 public URI getIntrospectionEndpointURI() { 221 222 return introspectionEndpoint; 223 } 224 225 226 /** 227 * Sets the token introspection endpoint URI. Corresponds to the 228 * {@code introspection_endpoint} metadata field. 229 * 230 * @param introspectionEndpoint The token introspection endpoint URI, 231 * {@code null} if not specified. 232 */ 233 public void setIntrospectionEndpointURI(final URI introspectionEndpoint) { 234 235 this.introspectionEndpoint = introspectionEndpoint; 236 } 237 238 239 /** 240 * Gets the token revocation endpoint URI. Corresponds to the 241 * {@code revocation_endpoint} metadata field. 242 * 243 * @return The token revocation endpoint URI, {@code null} if not 244 * specified. 245 */ 246 public URI getRevocationEndpointURI() { 247 248 return revocationEndpoint; 249 } 250 251 252 /** 253 * Sets the token revocation endpoint URI. Corresponds to the 254 * {@code revocation_endpoint} metadata field. 255 * 256 * @param revocationEndpoint The token revocation endpoint URI, 257 * {@code null} if not specified. 258 */ 259 public void setRevocationEndpointURI(final URI revocationEndpoint) { 260 261 this.revocationEndpoint = revocationEndpoint; 262 } 263 264 265 /** 266 * Gets the request object endpoint. Corresponds to the 267 * {@code request_object_endpoint} metadata field. 268 * 269 * @return The request object endpoint, {@code null} if not specified. 270 */ 271 @Deprecated 272 public URI getRequestObjectEndpoint() { 273 274 return requestObjectEndpoint; 275 } 276 277 278 /** 279 * Sets the request object endpoint. Corresponds to the 280 * {@code request_object_endpoint} metadata field. 281 * 282 * @param requestObjectEndpoint The request object endpoint, 283 * {@code null} if not specified. 284 */ 285 @Deprecated 286 public void setRequestObjectEndpoint(final URI requestObjectEndpoint) { 287 288 this.requestObjectEndpoint = requestObjectEndpoint; 289 } 290 291 292 /** 293 * Gets the pushed authorisation request endpoint. Corresponds to the 294 * {@code pushed_authorization_request_endpoint} metadata field. 295 * 296 * @return The pushed authorisation request endpoint, {@code null} if 297 * not specified. 298 */ 299 public URI getPushedAuthorizationRequestEndpointURI() { 300 301 return parEndpoint; 302 } 303 304 305 /** 306 * Gets the pushed authorisation request endpoint. Corresponds to the 307 * {@code pushed_authorization_request_endpoint} metadata field. 308 * 309 * @param parEndpoint The pushed authorisation request endpoint, 310 * {@code null} if not specified. 311 */ 312 public void setPushedAuthorizationRequestEndpointURI(final URI parEndpoint) { 313 314 this.parEndpoint = parEndpoint; 315 } 316 317 318 /** 319 * Gets the device authorization endpoint URI. Corresponds the 320 * {@code device_authorization_endpoint} metadata field. 321 * 322 * @return The device authorization endpoint URI, {@code null} if not 323 * specified. 324 */ 325 public URI getDeviceAuthorizationEndpointURI() { 326 327 return deviceAuthzEndpoint; 328 } 329 330 331 /** 332 * Sets the device authorization endpoint URI. Corresponds the 333 * {@code device_authorization_endpoint} metadata field. 334 * 335 * @param deviceAuthzEndpoint The device authorization endpoint URI, 336 * {@code null} if not specified. 337 */ 338 public void setDeviceAuthorizationEndpointURI(final URI deviceAuthzEndpoint) { 339 340 this.deviceAuthzEndpoint = deviceAuthzEndpoint; 341 } 342 343 344 /** 345 * Returns the JSON object representation of this OpenID Connect 346 * provider metadata. 347 * 348 * @return The JSON object representation. 349 */ 350 public JSONObject toJSONObject() { 351 352 JSONObject o = new OrderedJSONObject(); 353 354 if (authzEndpoint != null) 355 o.put("authorization_endpoint", authzEndpoint.toString()); 356 357 if (tokenEndpoint != null) 358 o.put("token_endpoint", tokenEndpoint.toString()); 359 360 if (regEndpoint != null) 361 o.put("registration_endpoint", regEndpoint.toString()); 362 363 if (introspectionEndpoint != null) 364 o.put("introspection_endpoint", introspectionEndpoint.toString()); 365 366 if (revocationEndpoint != null) 367 o.put("revocation_endpoint", revocationEndpoint.toString()); 368 369 if (requestObjectEndpoint != null) 370 o.put("request_object_endpoint", requestObjectEndpoint.toString()); 371 372 if (parEndpoint != null) 373 o.put("pushed_authorization_request_endpoint", parEndpoint.toString()); 374 375 if (deviceAuthzEndpoint != null) 376 o.put("device_authorization_endpoint", deviceAuthzEndpoint.toString()); 377 378 return o; 379 } 380 381 382 @Override 383 public String toString() { 384 return toJSONObject().toJSONString(); 385 } 386 387 388 /** 389 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 390 * JSON object. 391 * 392 * @param jsonObject The JSON object to parse. Must not be 393 * {@code null}. 394 * 395 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 396 * 397 * @throws ParseException If the JSON object couldn't be parsed to an 398 * OAuth 2.0 Authorisation Server endpoint metadata. 399 */ 400 public static AuthorizationServerEndpointMetadata parse(final JSONObject jsonObject) 401 throws ParseException { 402 403 // Parse issuer and subject_types_supported first 404 405 AuthorizationServerEndpointMetadata as = new AuthorizationServerEndpointMetadata(); 406 407 as.authzEndpoint = JSONObjectUtils.getURI(jsonObject, "authorization_endpoint", null); 408 as.tokenEndpoint = JSONObjectUtils.getURI(jsonObject, "token_endpoint", null); 409 as.regEndpoint = JSONObjectUtils.getURI(jsonObject, "registration_endpoint", null); 410 as.introspectionEndpoint = JSONObjectUtils.getURI(jsonObject, "introspection_endpoint", null); 411 as.revocationEndpoint = JSONObjectUtils.getURI(jsonObject, "revocation_endpoint", null); 412 as.deviceAuthzEndpoint = JSONObjectUtils.getURI(jsonObject, "device_authorization_endpoint", null); 413 as.requestObjectEndpoint = JSONObjectUtils.getURI(jsonObject, "request_object_endpoint", null); 414 as.parEndpoint = JSONObjectUtils.getURI(jsonObject, "pushed_authorization_request_endpoint", null); 415 return as; 416 } 417}