Package com.nimbusds.oauth2.sdk.client
Class ClientMetadata
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.client.ClientMetadata
-
- Direct Known Subclasses:
OIDCClientMetadata
public class ClientMetadata extends Object
Client metadata.Example client metadata, serialised to a JSON object:
{ "redirect_uris" : ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name" : "My Example Client", "client_name#ja-Jpan-JP" : "クライアント名", "token_endpoint_auth_method" : "client_secret_basic", "scope" : "read write dolphin", "logo_uri" : "https://client.example.org/logo.png", "jwks_uri" : "https://client.example.org/my_public_keys.jwks" }
Related specifications:
- OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591), section 2.
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), sections 2.1.2 and 3.4.
- Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).
- OAuth 2.0 Pushed Authorization Requests (draft-ietf-oauth-par-02)
- OpenID Connect Federation 1.0 (draft 11)
-
-
Constructor Summary
Constructors Constructor Description ClientMetadata()
Creates a new OAuth 2.0 client metadata instance.ClientMetadata(ClientMetadata metadata)
Creates a shallow copy of the specified OAuth 2.0 client metadata instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
applyDefaults()
Applies the client metadata defaults where no values have been specified.com.nimbusds.jose.JWEAlgorithm
getAuthorizationJWEAlg()
Gets the JWE algorithm for JWT-encoded authorisation responses.com.nimbusds.jose.EncryptionMethod
getAuthorizationJWEEnc()
Sets the encryption method for JWT-encoded authorisation responses.com.nimbusds.jose.JWSAlgorithm
getAuthorizationJWSAlg()
Gets the JWS algorithm for JWT-encoded authorisation responses.List<ClientRegistrationType>
getClientRegistrationTypes()
Gets the supported OpenID Connect Federation 1.0 client registration types.Object
getCustomField(String name)
Gets the specified custom metadata field.net.minidev.json.JSONObject
getCustomFields()
Gets the custom metadata fields.List<String>
getEmailContacts()
Gets the administrator email contacts for the client.Set<GrantType>
getGrantTypes()
Gets the expected OAuth 2.0 grant types.com.nimbusds.jose.jwk.JWKSet
getJWKSet()
Gets this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses.URI
getJWKSetURI()
Gets the URI for this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses.URI
getLogoURI()
Gets the client application logo.URI
getLogoURI(com.nimbusds.langtag.LangTag langTag)
Gets the client application logo.Map<com.nimbusds.langtag.LangTag,URI>
getLogoURIEntries()
Gets the client application logo entries.boolean
getMutualTLSSenderConstrainedAccessTokens()
Deprecated.String
getName()
Gets the client name.String
getName(com.nimbusds.langtag.LangTag langTag)
Gets the client name.Map<com.nimbusds.langtag.LangTag,String>
getNameEntries()
Gets the client name entries.String
getOrganizationName()
Gets the organisation name in OpenID Connect Federation 1.0.URI
getPolicyURI()
Gets the client policy for use of end-user data.URI
getPolicyURI(com.nimbusds.langtag.LangTag langTag)
Gets the client policy for use of end-user data.Map<com.nimbusds.langtag.LangTag,URI>
getPolicyURIEntries()
Gets the client policy entries for use of end-user data.URI
getRedirectionURI()
Gets one of the redirection URIs for this client.Set<URI>
getRedirectionURIs()
Gets the redirection URIs for this client.Set<String>
getRedirectionURIStrings()
Gets the redirection URIs for this client as strings.static Set<String>
getRegisteredParameterNames()
Gets the registered (standard) OAuth 2.0 client metadata parameter names.com.nimbusds.jose.JWEAlgorithm
getRequestObjectJWEAlg()
Gets the JSON Web Encryption (JWE) algorithm required for request objects sent by this client.com.nimbusds.jose.EncryptionMethod
getRequestObjectJWEEnc()
Gets the JSON Web Encryption (JWE) method required for request objects sent by this client.com.nimbusds.jose.JWSAlgorithm
getRequestObjectJWSAlg()
Gets the JSON Web Signature (JWS) algorithm required for request objects sent by this client.Set<URI>
getRequestObjectURIs()
Gets the pre-registered request object URIs.Set<ResponseType>
getResponseTypes()
Gets the expected OAuth 2.0 response types.Scope
getScope()
Gets the scope values that the client can use when requesting access tokens.SoftwareID
getSoftwareID()
Gets the identifier for the OAuth 2.0 client software.SoftwareVersion
getSoftwareVersion()
Gets the version identifier for the OAuth 2.0 client software.URI
getTermsOfServiceURI()
Gets the client's terms of service.URI
getTermsOfServiceURI(com.nimbusds.langtag.LangTag langTag)
Gets the client's terms of service.Map<com.nimbusds.langtag.LangTag,URI>
getTermsOfServiceURIEntries()
Gets the client's terms of service entries.String
getTLSClientAuthSanDNS()
Gets the expected dNSName SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication.String
getTLSClientAuthSanEmail()
Gets the expected rfc822Name SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication.String
getTLSClientAuthSanIP()
Gets the expected iPAddress SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication.String
getTLSClientAuthSanURI()
Gets the expected uniformResourceIdentifier SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication.String
getTLSClientAuthSubjectDN()
Gets the expected subject distinguished name (DN) of the client X.509 certificate in mutual TLS authentication.boolean
getTLSClientCertificateBoundAccessTokens()
Sets the preference for TLS client certificate bound access tokens.com.nimbusds.jose.JWSAlgorithm
getTokenEndpointAuthJWSAlg()
Gets the JSON Web Signature (JWS) algorithm required forprivate_key_jwt
andclient_secret_jwt
authentication at the Token endpoint.ClientAuthenticationMethod
getTokenEndpointAuthMethod()
Gets the Token endpoint authentication method.EntityID
getTrustAnchorID()
Gets the used trust anchor in a explicit client registration in OpenID Connect Federation 1.0.URI
getURI()
Gets the client home page.URI
getURI(com.nimbusds.langtag.LangTag langTag)
Gets the client home page.Map<com.nimbusds.langtag.LangTag,URI>
getURIEntries()
Gets the client home page entries.boolean
hasScopeValue(Scope.Value scopeValue)
Checks if the scope matadata field is set and contains the specified scope value.static ClientMetadata
parse(net.minidev.json.JSONObject jsonObject)
Parses an client metadata instance from the specified JSON object.boolean
requiresPushedAuthorizationRequests()
Gets the requirement for pushed authorisation requests (PAR).void
requiresPushedAuthorizationRequests(boolean requirePAR)
Sets the requirement for pushed authorisation requests (PAR).void
setAuthorizationJWEAlg(com.nimbusds.jose.JWEAlgorithm authzJWEAlg)
Sets the JWE algorithm for JWT-encoded authorisation responses.void
setAuthorizationJWEEnc(com.nimbusds.jose.EncryptionMethod authzJWEEnc)
Sets the encryption method for JWT-encoded authorisation responses.void
setAuthorizationJWSAlg(com.nimbusds.jose.JWSAlgorithm authzJWSAlg)
Sets the JWS algorithm for JWT-encoded authorisation responses.void
setClientRegistrationTypes(List<ClientRegistrationType> regTypes)
Sets the supported OpenID Connect Federation 1.0 client registration types.void
setCustomField(String name, Object value)
Sets the specified custom metadata field.void
setCustomFields(net.minidev.json.JSONObject customFields)
Sets the custom metadata fields.void
setEmailContacts(List<String> contacts)
Sets the administrator email contacts for the client.void
setGrantTypes(Set<GrantType> grantTypes)
Sets the expected OAuth 2.0 grant types.void
setJWKSet(com.nimbusds.jose.jwk.JWKSet jwkSet)
Sets this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses.void
setJWKSetURI(URI jwkSetURI)
Sets the URI for this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses.void
setLogoURI(URI logoURI)
Sets the client application logo.void
setLogoURI(URI logoURI, com.nimbusds.langtag.LangTag langTag)
Sets the client application logo.void
setMutualTLSSenderConstrainedAccessTokens(boolean tlsSenderAccessTokens)
Deprecated.void
setName(String name)
Sets the client name.void
setName(String name, com.nimbusds.langtag.LangTag langTag)
Sets the client name.void
setOrganizationName(String organizationName)
Sets the organisation name in OpenID Connect Federation 1.0.void
setPolicyURI(URI policyURI)
Sets the client policy for use of end-user data.void
setPolicyURI(URI policyURI, com.nimbusds.langtag.LangTag langTag)
Sets the client policy for use of end-user data.void
setRedirectionURI(URI redirectURI)
Sets a single redirection URI for this client.void
setRedirectionURIs(Set<URI> redirectURIs)
Sets the redirection URIs for this client.void
setRequestObjectJWEAlg(com.nimbusds.jose.JWEAlgorithm requestObjectJWEAlg)
Sets the JSON Web Encryption (JWE) algorithm required for request objects sent by this client.void
setRequestObjectJWEEnc(com.nimbusds.jose.EncryptionMethod requestObjectJWEEnc)
Sets the JSON Web Encryption (JWE) method required for request objects sent by this client.void
setRequestObjectJWSAlg(com.nimbusds.jose.JWSAlgorithm requestObjectJWSAlg)
Sets the JSON Web Signature (JWS) algorithm required for request objects sent by this client.void
setRequestObjectURIs(Set<URI> requestObjectURIs)
Sets the pre-registered request object URIs.void
setResponseTypes(Set<ResponseType> responseTypes)
Sets the expected OAuth 2.0 response types.void
setScope(Scope scope)
Sets the scope values that the client can use when requesting access tokens.void
setSoftwareID(SoftwareID softwareID)
Sets the identifier for the OAuth 2.0 client software.void
setSoftwareVersion(SoftwareVersion softwareVersion)
Sets the version identifier for the OAuth 2.0 client software.void
setTermsOfServiceURI(URI tosURI)
Sets the client's terms of service.void
setTermsOfServiceURI(URI tosURI, com.nimbusds.langtag.LangTag langTag)
Sets the client's terms of service.void
setTLSClientAuthSanDNS(String dns)
Sets the expected dNSName SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication.void
setTLSClientAuthSanEmail(String email)
Sets the expected rfc822Name SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication.void
setTLSClientAuthSanIP(String ip)
Sets the expected iPAddress SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication.void
setTLSClientAuthSanURI(String uri)
Sets the expected uniformResourceIdentifier SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication.void
setTLSClientAuthSubjectDN(String subjectDN)
Sets the expected subject distinguished name (DN) of the client X.509 certificate in mutual TLS authentication.void
setTLSClientCertificateBoundAccessTokens(boolean tlsClientCertBoundTokens)
Gets the preference for TLS client certificate bound access tokens.void
setTokenEndpointAuthJWSAlg(com.nimbusds.jose.JWSAlgorithm authJWSAlg)
Sets the JSON Web Signature (JWS) algorithm required forprivate_key_jwt
andclient_secret_jwt
authentication at the Token endpoint.void
setTokenEndpointAuthMethod(ClientAuthenticationMethod authMethod)
Sets the Token endpoint authentication method.void
setTrustAnchorID(EntityID trustAnchorID)
Sets the used trust anchor in a explicit client registration in OpenID Connect Federation 1.0.void
setURI(URI uri)
Sets the client home page.void
setURI(URI uri, com.nimbusds.langtag.LangTag langTag)
Sets the client home page.net.minidev.json.JSONObject
toJSONObject()
Returns the JSON object representation of this client metadata, including any custom fields.net.minidev.json.JSONObject
toJSONObject(boolean includeCustomFields)
Returns the JSON object representation of this client metadata.String
toString()
-
-
-
Constructor Detail
-
ClientMetadata
public ClientMetadata()
Creates a new OAuth 2.0 client metadata instance.
-
ClientMetadata
public ClientMetadata(ClientMetadata metadata)
Creates a shallow copy of the specified OAuth 2.0 client metadata instance.- Parameters:
metadata
- The client metadata to copy. Must not benull
.
-
-
Method Detail
-
getRegisteredParameterNames
public static Set<String> getRegisteredParameterNames()
Gets the registered (standard) OAuth 2.0 client metadata parameter names.- Returns:
- The registered parameter names, as an unmodifiable set.
-
getRedirectionURIs
public Set<URI> getRedirectionURIs()
Gets the redirection URIs for this client. Corresponds to theredirect_uris
client metadata field.- Returns:
- The redirection URIs,
null
if not specified.
-
getRedirectionURI
public URI getRedirectionURI()
Gets one of the redirection URIs for this client. Corresponds to theredirect_uris
client metadata field.- Returns:
- The redirection URI,
null
if not specified.
-
getRedirectionURIStrings
public Set<String> getRedirectionURIStrings()
Gets the redirection URIs for this client as strings. Corresponds to theredirect_uris
client metadata field.This short-hand method is intended to enable string-based URI comparison.
- Returns:
- The redirection URIs as strings,
null
if not specified.
-
setRedirectionURIs
public void setRedirectionURIs(Set<URI> redirectURIs)
Sets the redirection URIs for this client. Corresponds to theredirect_uris
client metadata field.- Parameters:
redirectURIs
- The redirection URIs,null
if not specified. Valid redirection URIs must not contain a fragment.
-
setRedirectionURI
public void setRedirectionURI(URI redirectURI)
Sets a single redirection URI for this client. Corresponds to theredirect_uris
client metadata field.- Parameters:
redirectURI
- The redirection URIs,null
if not specified. A valid redirection URI must not contain a fragment.
-
getScope
public Scope getScope()
Gets the scope values that the client can use when requesting access tokens. Corresponds to thescope
client metadata field.- Returns:
- The scope,
null
if not specified.
-
hasScopeValue
public boolean hasScopeValue(Scope.Value scopeValue)
Checks if the scope matadata field is set and contains the specified scope value.- Parameters:
scopeValue
- The scope value. Must not benull
.- Returns:
true
if the scope value is contained, elsefalse
.
-
setScope
public void setScope(Scope scope)
Sets the scope values that the client can use when requesting access tokens. Corresponds to thescope
client metadata field.- Parameters:
scope
- The scope,null
if not specified.
-
getResponseTypes
public Set<ResponseType> getResponseTypes()
Gets the expected OAuth 2.0 response types. Corresponds to theresponse_types
client metadata field.- Returns:
- The response types,
null
if not specified.
-
setResponseTypes
public void setResponseTypes(Set<ResponseType> responseTypes)
Sets the expected OAuth 2.0 response types. Corresponds to theresponse_types
client metadata field.- Parameters:
responseTypes
- The response types,null
if not specified.
-
getGrantTypes
public Set<GrantType> getGrantTypes()
Gets the expected OAuth 2.0 grant types. Corresponds to thegrant_types
client metadata field.- Returns:
- The grant types,
null
if not specified.
-
setGrantTypes
public void setGrantTypes(Set<GrantType> grantTypes)
Sets the expected OAuth 2.0 grant types. Corresponds to thegrant_types
client metadata field.- Parameters:
grantTypes
- The grant types,null
if not specified.
-
getEmailContacts
public List<String> getEmailContacts()
Gets the administrator email contacts for the client. Corresponds to thecontacts
client metadata field.- Returns:
- The administrator email contacts,
null
if not specified.
-
setEmailContacts
public void setEmailContacts(List<String> contacts)
Sets the administrator email contacts for the client. Corresponds to thecontacts
client metadata field.- Parameters:
contacts
- The administrator email contacts,null
if not specified.
-
getName
public String getName()
Gets the client name. Corresponds to theclient_name
client metadata field, with no language tag.- Returns:
- The client name,
null
if not specified.
-
getName
public String getName(com.nimbusds.langtag.LangTag langTag)
Gets the client name. Corresponds to theclient_name
client metadata field, with an optional language tag.- Parameters:
langTag
- The language tag of the entry,null
to get the non-tagged entry.- Returns:
- The client name,
null
if not specified.
-
getNameEntries
public Map<com.nimbusds.langtag.LangTag,String> getNameEntries()
Gets the client name entries. Corresponds to theclient_name
client metadata field.- Returns:
- The client name entries, empty map if none.
-
setName
public void setName(String name)
Sets the client name. Corresponds to theclient_name
client metadata field, with no language tag.- Parameters:
name
- The client name,null
if not specified.
-
setName
public void setName(String name, com.nimbusds.langtag.LangTag langTag)
Sets the client name. Corresponds to theclient_name
client metadata field, with an optional language tag.- Parameters:
name
- The client name. Must not benull
.langTag
- The language tag,null
if not specified.
-
getLogoURI
public URI getLogoURI()
Gets the client application logo. Corresponds to thelogo_uri
client metadata field, with no language tag.- Returns:
- The logo URI,
null
if not specified.
-
getLogoURI
public URI getLogoURI(com.nimbusds.langtag.LangTag langTag)
Gets the client application logo. Corresponds to thelogo_uri
client metadata field, with an optional language tag.- Parameters:
langTag
- The language tag,null
if not specified.- Returns:
- The logo URI,
null
if not specified.
-
getLogoURIEntries
public Map<com.nimbusds.langtag.LangTag,URI> getLogoURIEntries()
Gets the client application logo entries. Corresponds to thelogo_uri
client metadata field.- Returns:
- The logo URI entries, empty map if none.
-
setLogoURI
public void setLogoURI(URI logoURI)
Sets the client application logo. Corresponds to thelogo_uri
client metadata field, with no language tag.- Parameters:
logoURI
- The logo URI,null
if not specified.
-
setLogoURI
public void setLogoURI(URI logoURI, com.nimbusds.langtag.LangTag langTag)
Sets the client application logo. Corresponds to thelogo_uri
client metadata field, with an optional language tag.- Parameters:
logoURI
- The logo URI. Must not benull
.langTag
- The language tag,null
if not specified.
-
getURI
public URI getURI()
Gets the client home page. Corresponds to theclient_uri
client metadata field, with no language tag.- Returns:
- The client URI,
null
if not specified.
-
getURI
public URI getURI(com.nimbusds.langtag.LangTag langTag)
Gets the client home page. Corresponds to theclient_uri
client metadata field, with an optional language tag.- Parameters:
langTag
- The language tag,null
if not specified.- Returns:
- The client URI,
null
if not specified.
-
getURIEntries
public Map<com.nimbusds.langtag.LangTag,URI> getURIEntries()
Gets the client home page entries. Corresponds to theclient_uri
client metadata field.- Returns:
- The client URI entries, empty map if none.
-
setURI
public void setURI(URI uri)
Sets the client home page. Corresponds to theclient_uri
client metadata field, with no language tag.- Parameters:
uri
- The client URI,null
if not specified.
-
setURI
public void setURI(URI uri, com.nimbusds.langtag.LangTag langTag)
Sets the client home page. Corresponds to theclient_uri
client metadata field, with an optional language tag.- Parameters:
uri
- The URI. Must not benull
.langTag
- The language tag,null
if not specified.
-
getPolicyURI
public URI getPolicyURI()
Gets the client policy for use of end-user data. Corresponds to thepolicy_uri
client metadata field, with no language tag.- Returns:
- The policy URI,
null
if not specified.
-
getPolicyURI
public URI getPolicyURI(com.nimbusds.langtag.LangTag langTag)
Gets the client policy for use of end-user data. Corresponds to thepolicy_uri
client metadata field, with an optional language tag.- Parameters:
langTag
- The language tag,null
if not specified.- Returns:
- The policy URI,
null
if not specified.
-
getPolicyURIEntries
public Map<com.nimbusds.langtag.LangTag,URI> getPolicyURIEntries()
Gets the client policy entries for use of end-user data. Corresponds to thepolicy_uri
client metadata field.- Returns:
- The policy URI entries, empty map if none.
-
setPolicyURI
public void setPolicyURI(URI policyURI)
Sets the client policy for use of end-user data. Corresponds to thepolicy_uri
client metadata field, with no language tag.- Parameters:
policyURI
- The policy URI,null
if not specified.
-
setPolicyURI
public void setPolicyURI(URI policyURI, com.nimbusds.langtag.LangTag langTag)
Sets the client policy for use of end-user data. Corresponds to thepolicy_uri
client metadata field, with an optional language tag.- Parameters:
policyURI
- The policy URI. Must not benull
.langTag
- The language tag,null
if not specified.
-
getTermsOfServiceURI
public URI getTermsOfServiceURI()
Gets the client's terms of service. Corresponds to thetos_uri
client metadata field, with no language tag.- Returns:
- The terms of service URI,
null
if not specified.
-
getTermsOfServiceURI
public URI getTermsOfServiceURI(com.nimbusds.langtag.LangTag langTag)
Gets the client's terms of service. Corresponds to thetos_uri
client metadata field, with an optional language tag.- Parameters:
langTag
- The language tag,null
if not specified.- Returns:
- The terms of service URI,
null
if not specified.
-
getTermsOfServiceURIEntries
public Map<com.nimbusds.langtag.LangTag,URI> getTermsOfServiceURIEntries()
Gets the client's terms of service entries. Corresponds to thetos_uri
client metadata field.- Returns:
- The terms of service URI entries, empty map if none.
-
setTermsOfServiceURI
public void setTermsOfServiceURI(URI tosURI)
Sets the client's terms of service. Corresponds to thetos_uri
client metadata field, with no language tag.- Parameters:
tosURI
- The terms of service URI,null
if not specified.
-
setTermsOfServiceURI
public void setTermsOfServiceURI(URI tosURI, com.nimbusds.langtag.LangTag langTag)
Sets the client's terms of service. Corresponds to thetos_uri
client metadata field, with an optional language tag.- Parameters:
tosURI
- The terms of service URI. Must not benull
.langTag
- The language tag,null
if not specified.
-
getTokenEndpointAuthMethod
public ClientAuthenticationMethod getTokenEndpointAuthMethod()
Gets the Token endpoint authentication method. Corresponds to thetoken_endpoint_auth_method
client metadata field.- Returns:
- The Token endpoint authentication method,
null
if not specified.
-
setTokenEndpointAuthMethod
public void setTokenEndpointAuthMethod(ClientAuthenticationMethod authMethod)
Sets the Token endpoint authentication method. Corresponds to thetoken_endpoint_auth_method
client metadata field.- Parameters:
authMethod
- The Token endpoint authentication method,null
if not specified.
-
getTokenEndpointAuthJWSAlg
public com.nimbusds.jose.JWSAlgorithm getTokenEndpointAuthJWSAlg()
Gets the JSON Web Signature (JWS) algorithm required forprivate_key_jwt
andclient_secret_jwt
authentication at the Token endpoint. Corresponds to thetoken_endpoint_auth_signing_alg
client metadata field.- Returns:
- The JWS algorithm,
null
if not specified.
-
setTokenEndpointAuthJWSAlg
public void setTokenEndpointAuthJWSAlg(com.nimbusds.jose.JWSAlgorithm authJWSAlg)
Sets the JSON Web Signature (JWS) algorithm required forprivate_key_jwt
andclient_secret_jwt
authentication at the Token endpoint. Corresponds to thetoken_endpoint_auth_signing_alg
client metadata field.- Parameters:
authJWSAlg
- The JWS algorithm,null
if not specified.
-
getJWKSetURI
public URI getJWKSetURI()
Gets the URI for this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses. Corresponds to thejwks_uri
client metadata field.- Returns:
- The JWK set URI,
null
if not specified.
-
setJWKSetURI
public void setJWKSetURI(URI jwkSetURI)
Sets the URI for this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses. Corresponds to thejwks_uri
client metadata field.- Parameters:
jwkSetURI
- The JWK set URI,null
if not specified.
-
getJWKSet
public com.nimbusds.jose.jwk.JWKSet getJWKSet()
Gets this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses. Intended as an alternative togetJWKSetURI()
for native clients. Corresponds to thejwks
client metadata field.- Returns:
- The JWK set,
null
if not specified.
-
setJWKSet
public void setJWKSet(com.nimbusds.jose.jwk.JWKSet jwkSet)
Sets this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses. Intended as an alternative togetJWKSetURI()
for native clients. Corresponds to thejwks
client metadata field.- Parameters:
jwkSet
- The JWK set,null
if not specified.
-
getRequestObjectURIs
public Set<URI> getRequestObjectURIs()
Gets the pre-registered request object URIs. Corresponds to therequest_uris
client metadata field.- Returns:
- The request object URIs,
null
if not specified.
-
setRequestObjectURIs
public void setRequestObjectURIs(Set<URI> requestObjectURIs)
Sets the pre-registered request object URIs. Corresponds to therequest_uris
client metadata field.- Parameters:
requestObjectURIs
- The request object URIs,null
if not specified.
-
getRequestObjectJWSAlg
public com.nimbusds.jose.JWSAlgorithm getRequestObjectJWSAlg()
Gets the JSON Web Signature (JWS) algorithm required for request objects sent by this client. Corresponds to therequest_object_signing_alg
client metadata field.- Returns:
- The JWS algorithm,
null
if not specified.
-
setRequestObjectJWSAlg
public void setRequestObjectJWSAlg(com.nimbusds.jose.JWSAlgorithm requestObjectJWSAlg)
Sets the JSON Web Signature (JWS) algorithm required for request objects sent by this client. Corresponds to therequest_object_signing_alg
client metadata field.- Parameters:
requestObjectJWSAlg
- The JWS algorithm,null
if not specified.
-
getRequestObjectJWEAlg
public com.nimbusds.jose.JWEAlgorithm getRequestObjectJWEAlg()
Gets the JSON Web Encryption (JWE) algorithm required for request objects sent by this client. Corresponds to therequest_object_encryption_alg
client metadata field.- Returns:
- The JWE algorithm,
null
if not specified.
-
setRequestObjectJWEAlg
public void setRequestObjectJWEAlg(com.nimbusds.jose.JWEAlgorithm requestObjectJWEAlg)
Sets the JSON Web Encryption (JWE) algorithm required for request objects sent by this client. Corresponds to therequest_object_encryption_alg
client metadata field.- Parameters:
requestObjectJWEAlg
- The JWE algorithm,null
if not specified.
-
getRequestObjectJWEEnc
public com.nimbusds.jose.EncryptionMethod getRequestObjectJWEEnc()
Gets the JSON Web Encryption (JWE) method required for request objects sent by this client. Corresponds to therequest_object_encryption_enc
client metadata field.- Returns:
- The JWE method,
null
if not specified.
-
setRequestObjectJWEEnc
public void setRequestObjectJWEEnc(com.nimbusds.jose.EncryptionMethod requestObjectJWEEnc)
Sets the JSON Web Encryption (JWE) method required for request objects sent by this client. Corresponds to therequest_object_encryption_enc
client metadata field.- Parameters:
requestObjectJWEEnc
- The JWE method,null
if not specified.
-
getSoftwareID
public SoftwareID getSoftwareID()
Gets the identifier for the OAuth 2.0 client software. Corresponds to thesoftware_id
client metadata field.- Returns:
- The software identifier,
null
if not specified.
-
setSoftwareID
public void setSoftwareID(SoftwareID softwareID)
Sets the identifier for the OAuth 2.0 client software. Corresponds to thesoftware_id
client metadata field.- Parameters:
softwareID
- The software identifier,null
if not specified.
-
getSoftwareVersion
public SoftwareVersion getSoftwareVersion()
Gets the version identifier for the OAuth 2.0 client software. Corresponds to thesoftware_version
client metadata field.- Returns:
- The version identifier,
null
if not specified.
-
setSoftwareVersion
public void setSoftwareVersion(SoftwareVersion softwareVersion)
Sets the version identifier for the OAuth 2.0 client software. Corresponds to thesoftware_version
client metadata field.- Parameters:
softwareVersion
- The version identifier,null
if not specified.
-
getTLSClientCertificateBoundAccessTokens
public boolean getTLSClientCertificateBoundAccessTokens()
Sets the preference for TLS client certificate bound access tokens. Corresponds to thetls_client_certificate_bound_access_tokens
client metadata field.- Returns:
true
indicates a preference for TLS client certificate bound access tokens,false
if none.
-
setTLSClientCertificateBoundAccessTokens
public void setTLSClientCertificateBoundAccessTokens(boolean tlsClientCertBoundTokens)
Gets the preference for TLS client certificate bound access tokens. Corresponds to thetls_client_certificate_bound_access_tokens
client metadata field.- Parameters:
tlsClientCertBoundTokens
-true
indicates a preference for TLS client certificate bound access tokens,false
if none.
-
getMutualTLSSenderConstrainedAccessTokens
@Deprecated public boolean getMutualTLSSenderConstrainedAccessTokens()
Deprecated.Sets the preference for TLS client certificate bound access tokens. Corresponds to thetls_client_certificate_bound_access_tokens
client metadata field.- Returns:
true
indicates a preference for TLS client certificate bound access tokens,false
if none.
-
setMutualTLSSenderConstrainedAccessTokens
@Deprecated public void setMutualTLSSenderConstrainedAccessTokens(boolean tlsSenderAccessTokens)
Deprecated.Gets the preference for TLS client certificate bound access tokens. Corresponds to thetls_client_certificate_bound_access_tokens
client metadata field.- Parameters:
tlsSenderAccessTokens
-true
indicates a preference for TLS client certificate bound access tokens,false
if none.
-
getTLSClientAuthSubjectDN
public String getTLSClientAuthSubjectDN()
Gets the expected subject distinguished name (DN) of the client X.509 certificate in mutual TLS authentication. Corresponds to thetls_client_auth_subject_dn
client metadata field.- Returns:
- The expected subject distinguished name (DN) of the client
X.509 certificate,
null
if not specified.
-
setTLSClientAuthSubjectDN
public void setTLSClientAuthSubjectDN(String subjectDN)
Sets the expected subject distinguished name (DN) of the client X.509 certificate in mutual TLS authentication. Corresponds to thetls_client_auth_subject_dn
client metadata field.- Parameters:
subjectDN
- The expected subject distinguished name (DN) of the client X.509 certificate,null
if not specified.
-
getTLSClientAuthSanDNS
public String getTLSClientAuthSanDNS()
Gets the expected dNSName SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to thetls_client_auth_san_dns
client metadata field.- Returns:
- The expected dNSName SAN entry in the X.509 certificate,
null
if not specified.
-
setTLSClientAuthSanDNS
public void setTLSClientAuthSanDNS(String dns)
Sets the expected dNSName SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to thetls_client_auth_san_dns
client metadata field.- Parameters:
dns
- The expected dNSName SAN entry in the X.509 certificate,null
if not specified.
-
getTLSClientAuthSanURI
public String getTLSClientAuthSanURI()
Gets the expected uniformResourceIdentifier SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to thetls_client_auth_san_uri
client metadata field.- Returns:
- The expected uniformResourceIdentifier SAN entry in the X.509
certificate,
null
if not specified.
-
setTLSClientAuthSanURI
public void setTLSClientAuthSanURI(String uri)
Sets the expected uniformResourceIdentifier SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to thetls_client_auth_san_uri
client metadata field.- Parameters:
uri
- The expected uniformResourceIdentifier SAN entry in the X.509 certificate,null
if not specified.
-
getTLSClientAuthSanIP
public String getTLSClientAuthSanIP()
Gets the expected iPAddress SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to thetls_client_auth_san_ip
client metadata field.- Returns:
- The expected iPAddress SAN entry in the X.509 certificate,
null
if not specified.
-
setTLSClientAuthSanIP
public void setTLSClientAuthSanIP(String ip)
Sets the expected iPAddress SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to thetls_client_auth_san_ip
client metadata field.- Parameters:
ip
- The expected iPAddress SAN entry in the X.509 certificate,null
if not specified.
-
getTLSClientAuthSanEmail
public String getTLSClientAuthSanEmail()
Gets the expected rfc822Name SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to thetls_client_auth_san_email
client metadata field.- Returns:
- The expected rfc822Name SAN entry in the X.509 certificate,
null
if not specified.
-
setTLSClientAuthSanEmail
public void setTLSClientAuthSanEmail(String email)
Sets the expected rfc822Name SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to thetls_client_auth_san_email
client metadata field.- Parameters:
email
- The expected rfc822Name SAN entry in the X.509 certificate,null
if not specified.
-
getAuthorizationJWSAlg
public com.nimbusds.jose.JWSAlgorithm getAuthorizationJWSAlg()
Gets the JWS algorithm for JWT-encoded authorisation responses. Corresponds to theauthorization_signed_response_alg
client metadata field.- Returns:
- The JWS algorithm,
null
if not specified.
-
setAuthorizationJWSAlg
public void setAuthorizationJWSAlg(com.nimbusds.jose.JWSAlgorithm authzJWSAlg)
Sets the JWS algorithm for JWT-encoded authorisation responses. Corresponds to theauthorization_signed_response_alg
client metadata field.- Parameters:
authzJWSAlg
- The JWS algorithm,null
if not specified. Must not be"none"
.
-
getAuthorizationJWEAlg
public com.nimbusds.jose.JWEAlgorithm getAuthorizationJWEAlg()
Gets the JWE algorithm for JWT-encoded authorisation responses. Corresponds to theauthorization_encrypted_response_alg
client metadata field.- Returns:
- The JWE algorithm,
null
if not specified.
-
setAuthorizationJWEAlg
public void setAuthorizationJWEAlg(com.nimbusds.jose.JWEAlgorithm authzJWEAlg)
Sets the JWE algorithm for JWT-encoded authorisation responses. Corresponds to theauthorization_encrypted_response_alg
client metadata field.- Parameters:
authzJWEAlg
- The JWE algorithm,null
if not specified.
-
getAuthorizationJWEEnc
public com.nimbusds.jose.EncryptionMethod getAuthorizationJWEEnc()
Sets the encryption method for JWT-encoded authorisation responses. Corresponds to theauthorization_encrypted_response_enc
client metadata field.- Returns:
- The encryption method,
null
if specified.
-
setAuthorizationJWEEnc
public void setAuthorizationJWEEnc(com.nimbusds.jose.EncryptionMethod authzJWEEnc)
Sets the encryption method for JWT-encoded authorisation responses. Corresponds to theauthorization_encrypted_response_enc
client metadata field.- Parameters:
authzJWEEnc
- The encryption method,null
if specified.
-
requiresPushedAuthorizationRequests
public boolean requiresPushedAuthorizationRequests()
Gets the requirement for pushed authorisation requests (PAR). Corresponds to thepushed_authorization_request_endpoint
client metadata field.- Returns:
true
if PAR is required, elsefalse
.
-
requiresPushedAuthorizationRequests
public void requiresPushedAuthorizationRequests(boolean requirePAR)
Sets the requirement for pushed authorisation requests (PAR). Corresponds to thepushed_authorization_request_endpoint
client metadata field.- Parameters:
requirePAR
-true
if PAR is required, elsefalse
.
-
getClientRegistrationTypes
public List<ClientRegistrationType> getClientRegistrationTypes()
Gets the supported OpenID Connect Federation 1.0 client registration types. Corresponds to theclient_registration_types
metadata field.- Returns:
- The supported registration types,
null
if not specified.
-
setClientRegistrationTypes
public void setClientRegistrationTypes(List<ClientRegistrationType> regTypes)
Sets the supported OpenID Connect Federation 1.0 client registration types. Corresponds to theclient_registration_types
metadata field.- Parameters:
regTypes
- The supported registration types,null
if not specified.
-
getOrganizationName
public String getOrganizationName()
Gets the organisation name in OpenID Connect Federation 1.0. Corresponds to theorganization_name
metadata field.- Returns:
- The organisation name,
null
if not specified.
-
setOrganizationName
public void setOrganizationName(String organizationName)
Sets the organisation name in OpenID Connect Federation 1.0. Corresponds to theorganization_name
metadata field.- Parameters:
organizationName
- The organisation name,null
if not specified.
-
getTrustAnchorID
public EntityID getTrustAnchorID()
Gets the used trust anchor in a explicit client registration in OpenID Connect Federation 1.0. Corresponds to thetrust_anchor_id
client metadata field.- Returns:
- The trust anchor ID,
null
if not specified.
-
setTrustAnchorID
public void setTrustAnchorID(EntityID trustAnchorID)
Sets the used trust anchor in a explicit client registration in OpenID Connect Federation 1.0. Corresponds to thetrust_anchor_id
client metadata field.- Parameters:
trustAnchorID
- The trust anchor ID,null
if not specified.
-
getCustomField
public Object getCustomField(String name)
Gets the specified custom metadata field.- Parameters:
name
- The field name. Must not benull
.- Returns:
- The field value, typically serialisable to a JSON entity,
null
if none.
-
getCustomFields
public net.minidev.json.JSONObject getCustomFields()
Gets the custom metadata fields.- Returns:
- The custom metadata fields, as a JSON object, empty object if none.
-
setCustomField
public void setCustomField(String name, Object value)
Sets the specified custom metadata field.- Parameters:
name
- The field name. Must not benull
.value
- The field value. Should serialise to a JSON entity.
-
setCustomFields
public void setCustomFields(net.minidev.json.JSONObject customFields)
Sets the custom metadata fields.- Parameters:
customFields
- The custom metadata fields, as a JSON object, empty object if none. Must not benull
.
-
applyDefaults
public void applyDefaults()
Applies the client metadata defaults where no values have been specified.- The response types default to
["code"]
. - The grant types default to
["authorization_code"]
. - The client authentication method defaults to "client_secret_basic", unless the grant type is "implicit" only.
- The encryption method for JWT-encoded authorisation
responses defaults to
A128CBC-HS256
if a JWE algorithm is set.
- The response types default to
-
toJSONObject
public net.minidev.json.JSONObject toJSONObject()
Returns the JSON object representation of this client metadata, including any custom fields.- Returns:
- The JSON object.
-
toJSONObject
public net.minidev.json.JSONObject toJSONObject(boolean includeCustomFields)
Returns the JSON object representation of this client metadata.- Parameters:
includeCustomFields
-true
to include any custom metadata fields,false
to omit them.- Returns:
- The JSON object.
-
parse
public static ClientMetadata parse(net.minidev.json.JSONObject jsonObject) throws ParseException
Parses an client metadata instance from the specified JSON object.- Parameters:
jsonObject
- The JSON object to parse. Must not benull
.- Returns:
- The client metadata.
- Throws:
ParseException
- If the JSON object couldn't be parsed to a client metadata instance.
-
-