OAuth 2.0 client / server SDK for Java with OpenID Connect 1.0 extensions
About OAuth 2.0
OAuth 2.0 is an authorisation framework for a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner (the user), or by allowing the third-party application to obtain access on its own behalf.
OAuth 2.0 is specified in RFC 6749 and its companion specifications.
About OpenID Connect 1.0
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 framework. It allows clients to verify the identity of the user based on the authentication performed by an authorisation server, as well as to obtain basic profile information about the user in an interoperable and REST-like manner.
OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing optional encryption of identity data, discovery of OpenID Providers, and session management.
Go to the OpenID Connect specifications for more details.
About this SDK
This open source SDK is your starting point for developing OAuth 2.0 and OpenID Connect based applications in Java.
This SDK version implements the following standards and drafts:
- The OAuth 2.0 Authorization Framework (RFC 6749)
- The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750)
- OAuth 2.0 Token Introspection (RFC 7662)
- OAuth 2.0 Token Revocation (RFC 7009)
- OAuth 2.0 Authorization Server Metadata (draft-ietf-oauth-amr-values-01)
- OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591)
- OAuth 2.0 Dynamic Client Registration Management Protocol (RFC 7592)
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521)
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523)
- SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7522)
- Proof Key for Code Exchange by OAuth Public Clients (RFC 7636)
- Authentication Method Reference Values (RFC 8176)
- OAuth 2.0 Authorization Server Metadata (RFC 8414)
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705)
- OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (draft-ietf-oauth-dpop-02)
- Resource Indicators for OAuth 2.0 (RFC 8707)
- OAuth 2.0 Device Authorization Grant (RFC 8628)
- OAuth 2.0 Incremental Authorization (draft-ietf-oauth-incremental-authz-04)
- The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR) (draft-ietf-oauth-jwsreq-29)
- OAuth 2.0 Pushed Authorization Requests (draft-lodderstedt-oauth-par-02)
- OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response (draft-meyerzuselhausen-oauth-iss-auth-resp-01)
- OpenID Connect Core 1.0 (2014-02-25)
- OpenID Connect Core Unmet Authentication Requirements 1.0 (2019-05-08)
- OpenID Connect Discovery 1.0 (2014-02-25)
- OpenID Connect Dynamic Registration 1.0 (2014-02-25)
- OpenID Connect Session Management 1.0 (2014-11-08)
- OpenID Connect Extended Authentication Profile (EAP) ACR Values 1.0 - draft 00
- OpenID Connect for Identity Assurance 1.0 - draft 11
- OpenID Connect Federation 1.0 - draft 12
- Initiating User Registration via OpenID Connect (draft 03)
- OAuth 2.0 Multiple Response Type Encoding Practices 1.0 (2014-02-25)
- Financial Services – Financial API - Part 1: Read Only API Security Profile (2018-10-17)
- Financial Services – Financial API - Part 2: Read and Write API Security Profile (2018-10-17)
- Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) (2018-10-17)
- OpenID Connect Client Initiated Backchannel Authentication (CIBA) Flow - Core 1.0 (draft 03)
| Package | Description |
|---|---|
| com.nimbusds.oauth2.sdk |
Classes for representing, serialising and parsing core OAuth 2.0 concepts.
|
| com.nimbusds.oauth2.sdk.as |
OAuth 2.0 Authorisation Server (AS) classes.
|
| com.nimbusds.oauth2.sdk.assertions |
Common SAML 2.0 and JWT bearer assertion classes.
|
| com.nimbusds.oauth2.sdk.assertions.jwt |
JWT bearer assertions.
|
| com.nimbusds.oauth2.sdk.assertions.saml2 |
SAML 2.0 bearer assertions.
|
| com.nimbusds.oauth2.sdk.auth |
Implementations of OAuth 2.0 client authentication methods at the Token
endpoint.
|
| com.nimbusds.oauth2.sdk.auth.verifier |
Client authentication verifier framework.
|
| com.nimbusds.oauth2.sdk.ciba |
OpenID Connect Client Initiated Backchannel Authentication (CIBA) Flow -
Core 1.0 classes.
|
| com.nimbusds.oauth2.sdk.client |
OAuth 2.0 dynamic client registration.
|
| com.nimbusds.oauth2.sdk.device |
OAuth 2.0 device authorisation grant classes.
|
| com.nimbusds.oauth2.sdk.dpop |
OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)
utilities.
|
| com.nimbusds.oauth2.sdk.http |
HTTP message and utility classes.
|
| com.nimbusds.oauth2.sdk.id |
Common OAuth 2.0 identifier and identity classes.
|
| com.nimbusds.oauth2.sdk.jarm |
JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) utilities.
|
| com.nimbusds.oauth2.sdk.jose |
JavaScript Object Signing and Encryption (JOSE) utilities.
|
| com.nimbusds.oauth2.sdk.pkce |
Proof Key for Code Exchange (PKCE) classes.
|
| com.nimbusds.oauth2.sdk.token |
OAuth 2.0 access and refresh token implementations.
|
| com.nimbusds.oauth2.sdk.util |
Common utility classes.
|
| com.nimbusds.oauth2.sdk.util.date |
Date / time utilities.
|
| com.nimbusds.oauth2.sdk.util.tls |
TLS / SSL utilities.
|
| com.nimbusds.openid.connect.sdk |
Classes for representing, serialising and parsing core OpenID Connect
concepts.
|
| com.nimbusds.openid.connect.sdk.assurance |
OpenID Connect for Identity Assurance 1.0 classes.
|
| com.nimbusds.openid.connect.sdk.assurance.claims |
Identity assurance claims.
|
| com.nimbusds.openid.connect.sdk.assurance.evidences |
Identity evidence classes.
|
| com.nimbusds.openid.connect.sdk.claims |
Claims and claim sets used in OpenID Connect.
|
| com.nimbusds.openid.connect.sdk.federation |
OpenID Connect Federation 1.0 classes.
|
| com.nimbusds.openid.connect.sdk.federation.api |
OpenID Connect Federation 1.0 API classes.
|
| com.nimbusds.openid.connect.sdk.federation.config |
OpenID Connect Federation 1.0 entity configuration request and response
classes.
|
| com.nimbusds.openid.connect.sdk.federation.entities |
OpenID Connect Federation 1.0 entity classes.
|
| com.nimbusds.openid.connect.sdk.federation.policy |
OpenID Connect Federation 1.0 policy.
|
| com.nimbusds.openid.connect.sdk.federation.policy.factories |
OpenID Connect Federation 1.0 metadata policy factories.
|
| com.nimbusds.openid.connect.sdk.federation.policy.language |
Interfaces and classes for the OpenID Connect Federation 1.0 policy
language.
|
| com.nimbusds.openid.connect.sdk.federation.policy.operations |
OpenID Connect Federation 1.0 policy operations.
|
| com.nimbusds.openid.connect.sdk.federation.registration |
OpenID Connect Federation 1.0 explicit client registration.
|
| com.nimbusds.openid.connect.sdk.federation.trust |
OpenID Connect Federation 1.0 trust chains and resolution.
|
| com.nimbusds.openid.connect.sdk.federation.trust.constraints |
OpenID Connect Federation 1.0 trust chain constraints.
|
| com.nimbusds.openid.connect.sdk.federation.trust.marks |
Federation trust marks.
|
| com.nimbusds.openid.connect.sdk.id |
Common OpenID Connect identifier and identity classes.
|
| com.nimbusds.openid.connect.sdk.op |
OpenID Connect Provider (OP) classes.
|
| com.nimbusds.openid.connect.sdk.rp |
OpenID Connect Relying Party (RP) classes.
|
| com.nimbusds.openid.connect.sdk.rp.statement |
Software statement processing.
|
| com.nimbusds.openid.connect.sdk.token |
OpenID Connect token extensions.
|
| com.nimbusds.openid.connect.sdk.validators |
Client-side OpenID Connect ID token, access token and authorisation code
validators.
|
| com.nimbusds.secevent.sdk.claims |
Security event claims.
|