Package com.nimbusds.openid.connect.sdk

Class OIDCClaimsRequest

  • All Implemented Interfaces:
    net.minidev.json.JSONAware
    @Immutable
public class OIDCClaimsRequest
extends Object
implements net.minidev.json.JSONAware
    Specifies individual OpenID claims to return from the UserInfo endpoint and / or in the ID Token. Replaces the deprecated ClaimsRequest class.

    Example: 

     {
   "userinfo":
    {
     "given_name": {"essential": true},
     "nickname": null,
     "email": {"essential": true},
     "email_verified": {"essential": true},
     "picture": null,
     "http://example.info/claims/groups": null
    },
   "id_token":
    {
     "auth_time": {"essential": true},
     "acr": {"values": ["urn:mace:incommon:iap:silver"] }
    }
 }

    Related specifications:

    • OpenID Connect Core 1.0, section 5.5.
    • OpenID Connect for Identity Assurance 1.0.

    • Constructor Detail

      • OIDCClaimsRequest

        public OIDCClaimsRequest()
        Creates a new empty OpenID claims request.

    • Method Detail

      • add

        public OIDCClaimsRequest add​(OIDCClaimsRequest other)
        Adds the entries from the specified other OpenID claims request.
        Parameters:
        other - The other OpenID claims request. If null no claims request entries will be added to this claims request.
        Returns:
        The updated OpenID claims request.

      • toJSONObject

        public net.minidev.json.JSONObject toJSONObject()
        Returns the JSON object representation of this OpenID claims request.

        Example: 

         {
   "userinfo":
    {
     "given_name": {"essential": true},
     "nickname": null,
     "email": {"essential": true},
     "email_verified": {"essential": true},
     "picture": null,
     "http://example.info/claims/groups": null
    },
   "id_token":
    {
     "auth_time": {"essential": true},
     "acr": {"values": ["urn:mace:incommon:iap:silver"] }
    }
 }
        Returns:
        The JSON object, empty if no ID token and UserInfo claims are specified.

      • toJSONString

        public String toJSONString()
        Specified by:
        toJSONString in interface net.minidev.json.JSONAware

      • resolve

        public static OIDCClaimsRequest resolve​(ResponseType responseType,
                                        Scope scope)
        Resolves the OpenID claims request for the specified response type and scope. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        Returns:
        The OpenID claims request.

      • resolve

        public static OIDCClaimsRequest resolve​(ResponseType responseType,
                                        Scope scope,
                                        Map<Scope.Value,​Set<String>> customClaims)
        Resolves the OpenID claims request for the specified response type and scope. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are checked in the specified custom claims map and resolved accordingly.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        customClaims - Custom scope value to set of claim names map, null if not specified.
        Returns:
        The OpenID claims request.

      • resolve

        public static OIDCClaimsRequest resolve​(ResponseType responseType,
                                        Scope scope,
                                        OIDCClaimsRequest claimsRequest)
        Resolves the merged OpenID claims request from the specified OpenID authentication request parameters. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        claimsRequest - The OpenID claims request, corresponding to the optional claims OpenID authentication request parameter, null if not specified.
        Returns:
        The merged OpenID claims request.

      • resolve

        public static OIDCClaimsRequest resolve​(ResponseType responseType,
                                        Scope scope,
                                        OIDCClaimsRequest claimsRequest,
                                        Map<Scope.Value,​Set<String>> customClaims)
        Resolves the merged OpenID claims request from the specified OpenID authentication request parameters. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are checked in the specified custom claims map and resolved accordingly.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        claimsRequest - The OpenID claims request, corresponding to the optional claims OpenID authentication request parameter, null if not specified.
        customClaims - Custom scope value to set of claim names map, null if not specified.
        Returns:
        The merged OpenID claims request.

      • resolve

        public static OIDCClaimsRequest resolve​(AuthenticationRequest authRequest)
        Resolves the merged OpenID claims request for the specified OpenID authentication request. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
        Parameters:
        authRequest - The OpenID authentication request. Must not be null.
        Returns:
        The merged OpenID claims request.

      • parse

        public static OIDCClaimsRequest parse​(net.minidev.json.JSONObject jsonObject)
                               throws ParseException
        Parses an OpenID claims request from the specified JSON object representation.

        Example: 

         {
   "userinfo":
    {
     "given_name": {"essential": true},
     "nickname": null,
     "email": {"essential": true},
     "email_verified": {"essential": true},
     "picture": null,
     "http://example.info/claims/groups": null
    },
   "id_token":
    {
     "auth_time": {"essential": true},
     "acr": {"values": ["urn:mace:incommon:iap:silver"] }
    }
 }
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        Returns:
        The OpenID claims request.
        Throws:
        ParseException - If parsing failed.

      • parse

        public static OIDCClaimsRequest parse​(String json)
                               throws ParseException
        Parses an OpenID claims request from the specified JSON object string representation.

        Example: 

         {
   "userinfo":
    {
     "given_name": {"essential": true},
     "nickname": null,
     "email": {"essential": true},
     "email_verified": {"essential": true},
     "picture": null,
     "http://example.info/claims/groups": null
    },
   "id_token":
    {
     "auth_time": {"essential": true},
     "acr": {"values": ["urn:mace:incommon:iap:silver"] }
    }
 }
        Parameters:
        json - The JSON object string to parse. Must not be null.
        Returns:
        The OpenID claims request.
        Throws:
        ParseException - If parsing failed.