Class ClientMetadata

  • Direct Known Subclasses:
    OIDCClientMetadata

    public class ClientMetadata
    extends Object
    Client metadata.

    Example client metadata, serialised to a JSON object:

     {
      "redirect_uris"              : ["https://client.example.org/callback",
                                      "https://client.example.org/callback2"],
      "client_name"                : "My Example Client",
      "client_name#ja-Jpan-JP"     : "クライアント名",
      "token_endpoint_auth_method" : "client_secret_basic",
      "scope"                      : "read write dolphin",
      "logo_uri"                   : "https://client.example.org/logo.png",
      "jwks_uri"                   : "https://client.example.org/my_public_keys.jwks"
     }
     

    Related specifications:

    • OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591), section 2.
    • OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), sections 2.1.2 and 3.4.
    • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).
    • OAuth 2.0 Pushed Authorization Requests (draft-ietf-oauth-par-02)
    • OpenID Connect Federation 1.0 (draft 11)
    • Constructor Detail

      • ClientMetadata

        public ClientMetadata()
        Creates a new OAuth 2.0 client metadata instance.
      • ClientMetadata

        public ClientMetadata​(ClientMetadata metadata)
        Creates a shallow copy of the specified OAuth 2.0 client metadata instance.
        Parameters:
        metadata - The client metadata to copy. Must not be null.
    • Method Detail

      • getRegisteredParameterNames

        public static Set<StringgetRegisteredParameterNames()
        Gets the registered (standard) OAuth 2.0 client metadata parameter names.
        Returns:
        The registered parameter names, as an unmodifiable set.
      • getRedirectionURIs

        public Set<URIgetRedirectionURIs()
        Gets the redirection URIs for this client. Corresponds to the redirect_uris client metadata field.
        Returns:
        The redirection URIs, null if not specified.
      • getRedirectionURI

        public URI getRedirectionURI()
        Gets one of the redirection URIs for this client. Corresponds to the redirect_uris client metadata field.
        Returns:
        The redirection URI, null if not specified.
      • getRedirectionURIStrings

        public Set<StringgetRedirectionURIStrings()
        Gets the redirection URIs for this client as strings. Corresponds to the redirect_uris client metadata field.

        This short-hand method is intended to enable string-based URI comparison.

        Returns:
        The redirection URIs as strings, null if not specified.
      • setRedirectionURIs

        public void setRedirectionURIs​(Set<URI> redirectURIs)
        Sets the redirection URIs for this client. Corresponds to the redirect_uris client metadata field.
        Parameters:
        redirectURIs - The redirection URIs, null if not specified. Valid redirection URIs must not contain a fragment.
      • setRedirectionURI

        public void setRedirectionURI​(URI redirectURI)
        Sets a single redirection URI for this client. Corresponds to the redirect_uris client metadata field.
        Parameters:
        redirectURI - The redirection URIs, null if not specified. A valid redirection URI must not contain a fragment.
      • getScope

        public Scope getScope()
        Gets the scope values that the client can use when requesting access tokens. Corresponds to the scope client metadata field.
        Returns:
        The scope, null if not specified.
      • hasScopeValue

        public boolean hasScopeValue​(Scope.Value scopeValue)
        Checks if the scope matadata field is set and contains the specified scope value.
        Parameters:
        scopeValue - The scope value. Must not be null.
        Returns:
        true if the scope value is contained, else false.
      • setScope

        public void setScope​(Scope scope)
        Sets the scope values that the client can use when requesting access tokens. Corresponds to the scope client metadata field.
        Parameters:
        scope - The scope, null if not specified.
      • getResponseTypes

        public Set<ResponseTypegetResponseTypes()
        Gets the expected OAuth 2.0 response types. Corresponds to the response_types client metadata field.
        Returns:
        The response types, null if not specified.
      • setResponseTypes

        public void setResponseTypes​(Set<ResponseType> responseTypes)
        Sets the expected OAuth 2.0 response types. Corresponds to the response_types client metadata field.
        Parameters:
        responseTypes - The response types, null if not specified.
      • getGrantTypes

        public Set<GrantTypegetGrantTypes()
        Gets the expected OAuth 2.0 grant types. Corresponds to the grant_types client metadata field.
        Returns:
        The grant types, null if not specified.
      • setGrantTypes

        public void setGrantTypes​(Set<GrantType> grantTypes)
        Sets the expected OAuth 2.0 grant types. Corresponds to the grant_types client metadata field.
        Parameters:
        grantTypes - The grant types, null if not specified.
      • getEmailContacts

        public List<StringgetEmailContacts()
        Gets the administrator email contacts for the client. Corresponds to the contacts client metadata field.
        Returns:
        The administrator email contacts, null if not specified.
      • setEmailContacts

        public void setEmailContacts​(List<String> contacts)
        Sets the administrator email contacts for the client. Corresponds to the contacts client metadata field.
        Parameters:
        contacts - The administrator email contacts, null if not specified.
      • getName

        public String getName()
        Gets the client name. Corresponds to the client_name client metadata field, with no language tag.
        Returns:
        The client name, null if not specified.
      • getName

        public String getName​(com.nimbusds.langtag.LangTag langTag)
        Gets the client name. Corresponds to the client_name client metadata field, with an optional language tag.
        Parameters:
        langTag - The language tag of the entry, null to get the non-tagged entry.
        Returns:
        The client name, null if not specified.
      • getNameEntries

        public Map<com.nimbusds.langtag.LangTag,​StringgetNameEntries()
        Gets the client name entries. Corresponds to the client_name client metadata field.
        Returns:
        The client name entries, empty map if none.
      • setName

        public void setName​(String name)
        Sets the client name. Corresponds to the client_name client metadata field, with no language tag.
        Parameters:
        name - The client name, null if not specified.
      • setName

        public void setName​(String name,
                            com.nimbusds.langtag.LangTag langTag)
        Sets the client name. Corresponds to the client_name client metadata field, with an optional language tag.
        Parameters:
        name - The client name. Must not be null.
        langTag - The language tag, null if not specified.
      • getLogoURI

        public URI getLogoURI()
        Gets the client application logo. Corresponds to the logo_uri client metadata field, with no language tag.
        Returns:
        The logo URI, null if not specified.
      • getLogoURI

        public URI getLogoURI​(com.nimbusds.langtag.LangTag langTag)
        Gets the client application logo. Corresponds to the logo_uri client metadata field, with an optional language tag.
        Parameters:
        langTag - The language tag, null if not specified.
        Returns:
        The logo URI, null if not specified.
      • getLogoURIEntries

        public Map<com.nimbusds.langtag.LangTag,​URIgetLogoURIEntries()
        Gets the client application logo entries. Corresponds to the logo_uri client metadata field.
        Returns:
        The logo URI entries, empty map if none.
      • setLogoURI

        public void setLogoURI​(URI logoURI)
        Sets the client application logo. Corresponds to the logo_uri client metadata field, with no language tag.
        Parameters:
        logoURI - The logo URI, null if not specified.
      • setLogoURI

        public void setLogoURI​(URI logoURI,
                               com.nimbusds.langtag.LangTag langTag)
        Sets the client application logo. Corresponds to the logo_uri client metadata field, with an optional language tag.
        Parameters:
        logoURI - The logo URI. Must not be null.
        langTag - The language tag, null if not specified.
      • getURI

        public URI getURI()
        Gets the client home page. Corresponds to the client_uri client metadata field, with no language tag.
        Returns:
        The client URI, null if not specified.
      • getURI

        public URI getURI​(com.nimbusds.langtag.LangTag langTag)
        Gets the client home page. Corresponds to the client_uri client metadata field, with an optional language tag.
        Parameters:
        langTag - The language tag, null if not specified.
        Returns:
        The client URI, null if not specified.
      • getURIEntries

        public Map<com.nimbusds.langtag.LangTag,​URIgetURIEntries()
        Gets the client home page entries. Corresponds to the client_uri client metadata field.
        Returns:
        The client URI entries, empty map if none.
      • setURI

        public void setURI​(URI uri)
        Sets the client home page. Corresponds to the client_uri client metadata field, with no language tag.
        Parameters:
        uri - The client URI, null if not specified.
      • setURI

        public void setURI​(URI uri,
                           com.nimbusds.langtag.LangTag langTag)
        Sets the client home page. Corresponds to the client_uri client metadata field, with an optional language tag.
        Parameters:
        uri - The URI. Must not be null.
        langTag - The language tag, null if not specified.
      • getPolicyURI

        public URI getPolicyURI()
        Gets the client policy for use of end-user data. Corresponds to the policy_uri client metadata field, with no language tag.
        Returns:
        The policy URI, null if not specified.
      • getPolicyURI

        public URI getPolicyURI​(com.nimbusds.langtag.LangTag langTag)
        Gets the client policy for use of end-user data. Corresponds to the policy_uri client metadata field, with an optional language tag.
        Parameters:
        langTag - The language tag, null if not specified.
        Returns:
        The policy URI, null if not specified.
      • getPolicyURIEntries

        public Map<com.nimbusds.langtag.LangTag,​URIgetPolicyURIEntries()
        Gets the client policy entries for use of end-user data. Corresponds to the policy_uri client metadata field.
        Returns:
        The policy URI entries, empty map if none.
      • setPolicyURI

        public void setPolicyURI​(URI policyURI)
        Sets the client policy for use of end-user data. Corresponds to the policy_uri client metadata field, with no language tag.
        Parameters:
        policyURI - The policy URI, null if not specified.
      • setPolicyURI

        public void setPolicyURI​(URI policyURI,
                                 com.nimbusds.langtag.LangTag langTag)
        Sets the client policy for use of end-user data. Corresponds to the policy_uri client metadata field, with an optional language tag.
        Parameters:
        policyURI - The policy URI. Must not be null.
        langTag - The language tag, null if not specified.
      • getTermsOfServiceURI

        public URI getTermsOfServiceURI()
        Gets the client's terms of service. Corresponds to the tos_uri client metadata field, with no language tag.
        Returns:
        The terms of service URI, null if not specified.
      • getTermsOfServiceURI

        public URI getTermsOfServiceURI​(com.nimbusds.langtag.LangTag langTag)
        Gets the client's terms of service. Corresponds to the tos_uri client metadata field, with an optional language tag.
        Parameters:
        langTag - The language tag, null if not specified.
        Returns:
        The terms of service URI, null if not specified.
      • getTermsOfServiceURIEntries

        public Map<com.nimbusds.langtag.LangTag,​URIgetTermsOfServiceURIEntries()
        Gets the client's terms of service entries. Corresponds to the tos_uri client metadata field.
        Returns:
        The terms of service URI entries, empty map if none.
      • setTermsOfServiceURI

        public void setTermsOfServiceURI​(URI tosURI)
        Sets the client's terms of service. Corresponds to the tos_uri client metadata field, with no language tag.
        Parameters:
        tosURI - The terms of service URI, null if not specified.
      • setTermsOfServiceURI

        public void setTermsOfServiceURI​(URI tosURI,
                                         com.nimbusds.langtag.LangTag langTag)
        Sets the client's terms of service. Corresponds to the tos_uri client metadata field, with an optional language tag.
        Parameters:
        tosURI - The terms of service URI. Must not be null.
        langTag - The language tag, null if not specified.
      • getTokenEndpointAuthMethod

        public ClientAuthenticationMethod getTokenEndpointAuthMethod()
        Gets the Token endpoint authentication method. Corresponds to the token_endpoint_auth_method client metadata field.
        Returns:
        The Token endpoint authentication method, null if not specified.
      • setTokenEndpointAuthMethod

        public void setTokenEndpointAuthMethod​(ClientAuthenticationMethod authMethod)
        Sets the Token endpoint authentication method. Corresponds to the token_endpoint_auth_method client metadata field.
        Parameters:
        authMethod - The Token endpoint authentication method, null if not specified.
      • getTokenEndpointAuthJWSAlg

        public com.nimbusds.jose.JWSAlgorithm getTokenEndpointAuthJWSAlg()
        Gets the JSON Web Signature (JWS) algorithm required for private_key_jwt and client_secret_jwt authentication at the Token endpoint. Corresponds to the token_endpoint_auth_signing_alg client metadata field.
        Returns:
        The JWS algorithm, null if not specified.
      • setTokenEndpointAuthJWSAlg

        public void setTokenEndpointAuthJWSAlg​(com.nimbusds.jose.JWSAlgorithm authJWSAlg)
        Sets the JSON Web Signature (JWS) algorithm required for private_key_jwt and client_secret_jwt authentication at the Token endpoint. Corresponds to the token_endpoint_auth_signing_alg client metadata field.
        Parameters:
        authJWSAlg - The JWS algorithm, null if not specified.
      • getJWKSetURI

        public URI getJWKSetURI()
        Gets the URI for this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses. Corresponds to the jwks_uri client metadata field.
        Returns:
        The JWK set URI, null if not specified.
      • setJWKSetURI

        public void setJWKSetURI​(URI jwkSetURI)
        Sets the URI for this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses. Corresponds to the jwks_uri client metadata field.
        Parameters:
        jwkSetURI - The JWK set URI, null if not specified.
      • getJWKSet

        public com.nimbusds.jose.jwk.JWKSet getJWKSet()
        Gets this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses. Intended as an alternative to getJWKSetURI() for native clients. Corresponds to the jwks client metadata field.
        Returns:
        The JWK set, null if not specified.
      • setJWKSet

        public void setJWKSet​(com.nimbusds.jose.jwk.JWKSet jwkSet)
        Sets this client's JSON Web Key (JWK) set containing key(s) that are used in signing requests to the server and key(s) for encrypting responses. Intended as an alternative to getJWKSetURI() for native clients. Corresponds to the jwks client metadata field.
        Parameters:
        jwkSet - The JWK set, null if not specified.
      • getRequestObjectURIs

        public Set<URIgetRequestObjectURIs()
        Gets the pre-registered request object URIs. Corresponds to the request_uris client metadata field.
        Returns:
        The request object URIs, null if not specified.
      • setRequestObjectURIs

        public void setRequestObjectURIs​(Set<URI> requestObjectURIs)
        Sets the pre-registered request object URIs. Corresponds to the request_uris client metadata field.
        Parameters:
        requestObjectURIs - The request object URIs, null if not specified.
      • getRequestObjectJWSAlg

        public com.nimbusds.jose.JWSAlgorithm getRequestObjectJWSAlg()
        Gets the JSON Web Signature (JWS) algorithm required for request objects sent by this client. Corresponds to the request_object_signing_alg client metadata field.
        Returns:
        The JWS algorithm, null if not specified.
      • setRequestObjectJWSAlg

        public void setRequestObjectJWSAlg​(com.nimbusds.jose.JWSAlgorithm requestObjectJWSAlg)
        Sets the JSON Web Signature (JWS) algorithm required for request objects sent by this client. Corresponds to the request_object_signing_alg client metadata field.
        Parameters:
        requestObjectJWSAlg - The JWS algorithm, null if not specified.
      • getRequestObjectJWEAlg

        public com.nimbusds.jose.JWEAlgorithm getRequestObjectJWEAlg()
        Gets the JSON Web Encryption (JWE) algorithm required for request objects sent by this client. Corresponds to the request_object_encryption_alg client metadata field.
        Returns:
        The JWE algorithm, null if not specified.
      • setRequestObjectJWEAlg

        public void setRequestObjectJWEAlg​(com.nimbusds.jose.JWEAlgorithm requestObjectJWEAlg)
        Sets the JSON Web Encryption (JWE) algorithm required for request objects sent by this client. Corresponds to the request_object_encryption_alg client metadata field.
        Parameters:
        requestObjectJWEAlg - The JWE algorithm, null if not specified.
      • getRequestObjectJWEEnc

        public com.nimbusds.jose.EncryptionMethod getRequestObjectJWEEnc()
        Gets the JSON Web Encryption (JWE) method required for request objects sent by this client. Corresponds to the request_object_encryption_enc client metadata field.
        Returns:
        The JWE method, null if not specified.
      • setRequestObjectJWEEnc

        public void setRequestObjectJWEEnc​(com.nimbusds.jose.EncryptionMethod requestObjectJWEEnc)
        Sets the JSON Web Encryption (JWE) method required for request objects sent by this client. Corresponds to the request_object_encryption_enc client metadata field.
        Parameters:
        requestObjectJWEEnc - The JWE method, null if not specified.
      • getSoftwareID

        public SoftwareID getSoftwareID()
        Gets the identifier for the OAuth 2.0 client software. Corresponds to the software_id client metadata field.
        Returns:
        The software identifier, null if not specified.
      • setSoftwareID

        public void setSoftwareID​(SoftwareID softwareID)
        Sets the identifier for the OAuth 2.0 client software. Corresponds to the software_id client metadata field.
        Parameters:
        softwareID - The software identifier, null if not specified.
      • getSoftwareVersion

        public SoftwareVersion getSoftwareVersion()
        Gets the version identifier for the OAuth 2.0 client software. Corresponds to the software_version client metadata field.
        Returns:
        The version identifier, null if not specified.
      • setSoftwareVersion

        public void setSoftwareVersion​(SoftwareVersion softwareVersion)
        Sets the version identifier for the OAuth 2.0 client software. Corresponds to the software_version client metadata field.
        Parameters:
        softwareVersion - The version identifier, null if not specified.
      • getTLSClientCertificateBoundAccessTokens

        public boolean getTLSClientCertificateBoundAccessTokens()
        Sets the preference for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens client metadata field.
        Returns:
        true indicates a preference for TLS client certificate bound access tokens, false if none.
      • setTLSClientCertificateBoundAccessTokens

        public void setTLSClientCertificateBoundAccessTokens​(boolean tlsClientCertBoundTokens)
        Gets the preference for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens client metadata field.
        Parameters:
        tlsClientCertBoundTokens - true indicates a preference for TLS client certificate bound access tokens, false if none.
      • getMutualTLSSenderConstrainedAccessTokens

        @Deprecated
        public boolean getMutualTLSSenderConstrainedAccessTokens()
        Deprecated.
        Sets the preference for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens client metadata field.
        Returns:
        true indicates a preference for TLS client certificate bound access tokens, false if none.
      • setMutualTLSSenderConstrainedAccessTokens

        @Deprecated
        public void setMutualTLSSenderConstrainedAccessTokens​(boolean tlsSenderAccessTokens)
        Deprecated.
        Gets the preference for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens client metadata field.
        Parameters:
        tlsSenderAccessTokens - true indicates a preference for TLS client certificate bound access tokens, false if none.
      • getTLSClientAuthSubjectDN

        public String getTLSClientAuthSubjectDN()
        Gets the expected subject distinguished name (DN) of the client X.509 certificate in mutual TLS authentication. Corresponds to the tls_client_auth_subject_dn client metadata field.
        Returns:
        The expected subject distinguished name (DN) of the client X.509 certificate, null if not specified.
      • setTLSClientAuthSubjectDN

        public void setTLSClientAuthSubjectDN​(String subjectDN)
        Sets the expected subject distinguished name (DN) of the client X.509 certificate in mutual TLS authentication. Corresponds to the tls_client_auth_subject_dn client metadata field.
        Parameters:
        subjectDN - The expected subject distinguished name (DN) of the client X.509 certificate, null if not specified.
      • getTLSClientAuthSanDNS

        public String getTLSClientAuthSanDNS()
        Gets the expected dNSName SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to the tls_client_auth_san_dns client metadata field.
        Returns:
        The expected dNSName SAN entry in the X.509 certificate, null if not specified.
      • setTLSClientAuthSanDNS

        public void setTLSClientAuthSanDNS​(String dns)
        Sets the expected dNSName SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to the tls_client_auth_san_dns client metadata field.
        Parameters:
        dns - The expected dNSName SAN entry in the X.509 certificate, null if not specified.
      • getTLSClientAuthSanURI

        public String getTLSClientAuthSanURI()
        Gets the expected uniformResourceIdentifier SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to the tls_client_auth_san_uri client metadata field.
        Returns:
        The expected uniformResourceIdentifier SAN entry in the X.509 certificate, null if not specified.
      • setTLSClientAuthSanURI

        public void setTLSClientAuthSanURI​(String uri)
        Sets the expected uniformResourceIdentifier SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to the tls_client_auth_san_uri client metadata field.
        Parameters:
        uri - The expected uniformResourceIdentifier SAN entry in the X.509 certificate, null if not specified.
      • getTLSClientAuthSanIP

        public String getTLSClientAuthSanIP()
        Gets the expected iPAddress SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to the tls_client_auth_san_ip client metadata field.
        Returns:
        The expected iPAddress SAN entry in the X.509 certificate, null if not specified.
      • setTLSClientAuthSanIP

        public void setTLSClientAuthSanIP​(String ip)
        Sets the expected iPAddress SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to the tls_client_auth_san_ip client metadata field.
        Parameters:
        ip - The expected iPAddress SAN entry in the X.509 certificate, null if not specified.
      • getTLSClientAuthSanEmail

        public String getTLSClientAuthSanEmail()
        Gets the expected rfc822Name SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to the tls_client_auth_san_email client metadata field.
        Returns:
        The expected rfc822Name SAN entry in the X.509 certificate, null if not specified.
      • setTLSClientAuthSanEmail

        public void setTLSClientAuthSanEmail​(String email)
        Sets the expected rfc822Name SAN entry in the X.509 certificate, which the OAuth client will use in mutual TLS authentication. Corresponds to the tls_client_auth_san_email client metadata field.
        Parameters:
        email - The expected rfc822Name SAN entry in the X.509 certificate, null if not specified.
      • getAuthorizationJWSAlg

        public com.nimbusds.jose.JWSAlgorithm getAuthorizationJWSAlg()
        Gets the JWS algorithm for JWT-encoded authorisation responses. Corresponds to the authorization_signed_response_alg client metadata field.
        Returns:
        The JWS algorithm, null if not specified.
      • setAuthorizationJWSAlg

        public void setAuthorizationJWSAlg​(com.nimbusds.jose.JWSAlgorithm authzJWSAlg)
        Sets the JWS algorithm for JWT-encoded authorisation responses. Corresponds to the authorization_signed_response_alg client metadata field.
        Parameters:
        authzJWSAlg - The JWS algorithm, null if not specified. Must not be "none".
      • getAuthorizationJWEAlg

        public com.nimbusds.jose.JWEAlgorithm getAuthorizationJWEAlg()
        Gets the JWE algorithm for JWT-encoded authorisation responses. Corresponds to the authorization_encrypted_response_alg client metadata field.
        Returns:
        The JWE algorithm, null if not specified.
      • setAuthorizationJWEAlg

        public void setAuthorizationJWEAlg​(com.nimbusds.jose.JWEAlgorithm authzJWEAlg)
        Sets the JWE algorithm for JWT-encoded authorisation responses. Corresponds to the authorization_encrypted_response_alg client metadata field.
        Parameters:
        authzJWEAlg - The JWE algorithm, null if not specified.
      • getAuthorizationJWEEnc

        public com.nimbusds.jose.EncryptionMethod getAuthorizationJWEEnc()
        Sets the encryption method for JWT-encoded authorisation responses. Corresponds to the authorization_encrypted_response_enc client metadata field.
        Returns:
        The encryption method, null if specified.
      • setAuthorizationJWEEnc

        public void setAuthorizationJWEEnc​(com.nimbusds.jose.EncryptionMethod authzJWEEnc)
        Sets the encryption method for JWT-encoded authorisation responses. Corresponds to the authorization_encrypted_response_enc client metadata field.
        Parameters:
        authzJWEEnc - The encryption method, null if specified.
      • requiresPushedAuthorizationRequests

        public boolean requiresPushedAuthorizationRequests()
        Gets the requirement for pushed authorisation requests (PAR). Corresponds to the pushed_authorization_request_endpoint client metadata field.
        Returns:
        true if PAR is required, else false.
      • requiresPushedAuthorizationRequests

        public void requiresPushedAuthorizationRequests​(boolean requirePAR)
        Sets the requirement for pushed authorisation requests (PAR). Corresponds to the pushed_authorization_request_endpoint client metadata field.
        Parameters:
        requirePAR - true if PAR is required, else false.
      • getClientRegistrationTypes

        public List<ClientRegistrationTypegetClientRegistrationTypes()
        Gets the supported OpenID Connect Federation 1.0 client registration types. Corresponds to the client_registration_types metadata field.
        Returns:
        The supported registration types, null if not specified.
      • setClientRegistrationTypes

        public void setClientRegistrationTypes​(List<ClientRegistrationType> regTypes)
        Sets the supported OpenID Connect Federation 1.0 client registration types. Corresponds to the client_registration_types metadata field.
        Parameters:
        regTypes - The supported registration types, null if not specified.
      • getOrganizationName

        public String getOrganizationName()
        Gets the organisation name in OpenID Connect Federation 1.0. Corresponds to the organization_name metadata field.
        Returns:
        The organisation name, null if not specified.
      • setOrganizationName

        public void setOrganizationName​(String organizationName)
        Sets the organisation name in OpenID Connect Federation 1.0. Corresponds to the organization_name metadata field.
        Parameters:
        organizationName - The organisation name, null if not specified.
      • getTrustAnchorID

        public EntityID getTrustAnchorID()
        Gets the used trust anchor in a explicit client registration in OpenID Connect Federation 1.0. Corresponds to the trust_anchor_id client metadata field.
        Returns:
        The trust anchor ID, null if not specified.
      • setTrustAnchorID

        public void setTrustAnchorID​(EntityID trustAnchorID)
        Sets the used trust anchor in a explicit client registration in OpenID Connect Federation 1.0. Corresponds to the trust_anchor_id client metadata field.
        Parameters:
        trustAnchorID - The trust anchor ID, null if not specified.
      • getCustomField

        public Object getCustomField​(String name)
        Gets the specified custom metadata field.
        Parameters:
        name - The field name. Must not be null.
        Returns:
        The field value, typically serialisable to a JSON entity, null if none.
      • getCustomFields

        public net.minidev.json.JSONObject getCustomFields()
        Gets the custom metadata fields.
        Returns:
        The custom metadata fields, as a JSON object, empty object if none.
      • setCustomField

        public void setCustomField​(String name,
                                   Object value)
        Sets the specified custom metadata field.
        Parameters:
        name - The field name. Must not be null.
        value - The field value. Should serialise to a JSON entity.
      • setCustomFields

        public void setCustomFields​(net.minidev.json.JSONObject customFields)
        Sets the custom metadata fields.
        Parameters:
        customFields - The custom metadata fields, as a JSON object, empty object if none. Must not be null.
      • applyDefaults

        public void applyDefaults()
        Applies the client metadata defaults where no values have been specified.
        • The response types default to ["code"].
        • The grant types default to ["authorization_code"].
        • The client authentication method defaults to "client_secret_basic", unless the grant type is "implicit" only.
        • The encryption method for JWT-encoded authorisation responses defaults to A128CBC-HS256 if a JWE algorithm is set.
      • toJSONObject

        public net.minidev.json.JSONObject toJSONObject()
        Returns the JSON object representation of this client metadata, including any custom fields.
        Returns:
        The JSON object.
      • toJSONObject

        public net.minidev.json.JSONObject toJSONObject​(boolean includeCustomFields)
        Returns the JSON object representation of this client metadata.
        Parameters:
        includeCustomFields - true to include any custom metadata fields, false to omit them.
        Returns:
        The JSON object.
      • parse

        public static ClientMetadata parse​(net.minidev.json.JSONObject jsonObject)
                                    throws ParseException
        Parses an client metadata instance from the specified JSON object.
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        Returns:
        The client metadata.
        Throws:
        ParseException - If the JSON object couldn't be parsed to a client metadata instance.