Class AuthenticationResponseParser


  • public class AuthenticationResponseParser
    extends Object
    Parser of OpenID Connect authentication response messages.

    Related specifications:

    • OpenID Connect Core 1.0, sections 3.1.2.5. and 3.1.2.6.
    • OAuth 2.0 (RFC 6749), section 3.1.
    • OAuth 2.0 Multiple Response Type Encoding Practices 1.0.
    • OAuth 2.0 Form Post Response Mode 1.0.
    • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).
    • Method Detail

      • parse

        public static AuthenticationResponse parse​(URI redirectURI,
                                                   Map<String,​List<String>> params)
                                            throws ParseException
        Parses an OpenID Connect authentication response.
        Parameters:
        redirectURI - The base redirection URI. Must not be null.
        params - The response parameters to parse. Must not be null.
        Returns:
        The OpenID Connect authentication success or error response.
        Throws:
        ParseException - If the parameters couldn't be parsed to an OpenID Connect authentication response.
      • parse

        public static AuthenticationResponse parse​(URI redirectURI,
                                                   Map<String,​List<String>> params,
                                                   JARMValidator jarmValidator)
                                            throws ParseException
        Parses an OpenID Connect authentication response which may be JSON Web Token (JWT) secured.
        Parameters:
        redirectURI - The base redirection URI. Must not be null.
        params - The response parameters to parse. Must not be null.
        jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM), null if a plain response is expected.
        Returns:
        The OpenID Connect authentication success or error response.
        Throws:
        ParseException - If the parameters couldn't be parsed to an OpenID Connect authentication response, or if validation of the JWT response failed.
      • parse

        public static AuthenticationResponse parse​(URI uri)
                                            throws ParseException
        Parses an OpenID Connect authentication response.

        Use a relative URI if the host, port and path details are not known:

         URI relUrl = new URI("https:///?code=Qcb0Orv1...&state=af0ifjsldkj");
         

        Example URI:

         https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
         
        Parameters:
        uri - The URI to parse. Can be absolute or relative, with a fragment or query string containing the authentication response parameters. Must not be null.
        Returns:
        The OpenID Connect authentication success or error response.
        Throws:
        ParseException - If the redirection URI couldn't be parsed to an OpenID Connect authentication response.
      • parse

        public static AuthenticationResponse parse​(URI uri,
                                                   JARMValidator jarmValidator)
                                            throws ParseException
        Parses and validates a JSON Web Token (JWT) secured OpenID Connect authentication response.

        Use a relative URI if the host, port and path details are not known:

         URI relUrl = new URI("https:///?response=eyJhbGciOiJSUzI1NiIsI...");
         
        Parameters:
        uri - The URI to parse. Can be absolute or relative, with a fragment or query string containing the authentication response parameters. Must not be null.
        jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM). Must not be null.
        Returns:
        The OpenID Connect authentication success or error response.
        Throws:
        ParseException - If the redirection URI couldn't be parsed to an OpenID Connect authentication response or if validation of the JWT response failed.
      • parse

        public static AuthenticationResponse parse​(HTTPResponse httpResponse)
                                            throws ParseException
        Parses an OpenID Connect authentication response from the specified initial HTTP 302 redirect response output at the authorisation endpoint.

        Example HTTP response (authorisation success):

         HTTP/1.1 302 Found
         Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
         
        Parameters:
        httpResponse - The HTTP response to parse. Must not be null.
        Returns:
        The OpenID Connect authentication response.
        Throws:
        ParseException - If the HTTP response couldn't be parsed to an OpenID Connect authentication response.
      • parse

        public static AuthenticationResponse parse​(HTTPResponse httpResponse,
                                                   JARMValidator jarmValidator)
                                            throws ParseException
        Parses and validates a JSON Web Token (JWT) secured OpenID Connect authentication response from the specified initial HTTP 302 redirect response output at the authorisation endpoint.

        Example HTTP response (authorisation success):

         HTTP/1.1 302 Found
         Location: https://client.example.com/cb?response=eyJhbGciOiJSUzI1...
         
        Parameters:
        httpResponse - The HTTP response to parse. Must not be null.
        jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM). Must not be null.
        Returns:
        The OpenID Connect authentication response.
        Throws:
        ParseException - If the HTTP response couldn't be parsed to an OpenID Connect authentication response or if validation of the JWT response failed.
      • parse

        public static AuthenticationResponse parse​(HTTPRequest httpRequest)
                                            throws ParseException
        Parses an OpenID Connect authentication response from the specified HTTP request at the client redirection (callback) URI. Applies to the query, fragment and form_post response modes.

        Example HTTP request (authorisation success):

         GET /cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz HTTP/1.1
         Host: client.example.com
         
        Parameters:
        httpRequest - The HTTP request to parse. Must not be null.
        Returns:
        The OpenID Connect authentication response.
        Throws:
        ParseException - If the HTTP request couldn't be parsed to an OpenID Connect authentication response.
        See Also:
        parse(HTTPResponse)
      • parse

        public static AuthenticationResponse parse​(HTTPRequest httpRequest,
                                                   JARMValidator jarmValidator)
                                            throws ParseException
        Parses and validates a JSON Web Token (JWT) secured OpenID Connect authentication response from the specified HTTP request at the client redirection (callback) URI. Applies to the query.jwt, fragment.jwt and form_post.jwt response modes.

        Example HTTP request (authorisation success):

         GET /cb?response=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9... HTTP/1.1
         Host: client.example.com
         
        Parameters:
        httpRequest - The HTTP request to parse. Must not be null.
        jarmValidator - The validator of JSON Web Token (JWT) secured authorisation responses (JARM). Must not be null.
        Returns:
        The OpenID Connect authentication response.
        Throws:
        ParseException - If the HTTP request couldn't be parsed to an OpenID Connect authentication response or if validation of the JWT response failed.
        See Also:
        parse(HTTPResponse)