Class ClientAuthenticationMethod

    • Field Detail

      • CLIENT_SECRET_BASIC

        public static final ClientAuthenticationMethod CLIENT_SECRET_BASIC
        Clients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 using HTTP Basic authentication. This is the default if no method has been registered for the client.
      • CLIENT_SECRET_POST

        public static final ClientAuthenticationMethod CLIENT_SECRET_POST
        Clients that have received a client secret from the authorisation server authenticate with the authorisation server in accordance with section 3.2.1 of OAuth 2.0 by including the client credentials in the request body.
      • CLIENT_SECRET_JWT

        public static final ClientAuthenticationMethod CLIENT_SECRET_JWT
        Clients that have received a client secret from the authorisation server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the value of client secret as the shared key. The client authenticates in accordance with section 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile.
      • PRIVATE_KEY_JWT

        public static final ClientAuthenticationMethod PRIVATE_KEY_JWT
        Clients that have registered a public key sign a JWT using the RSA algorithm if a RSA key was registered or the ECDSA algorithm if an Elliptic Curve key was registered (see JWA for the algorithm identifiers). The client authenticates in accordance with section 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile.
      • TLS_CLIENT_AUTH

        public static final ClientAuthenticationMethod TLS_CLIENT_AUTH
        PKI mutual TLS OAuth client authentication. See OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 2.1.
      • SELF_SIGNED_TLS_CLIENT_AUTH

        public static final ClientAuthenticationMethod SELF_SIGNED_TLS_CLIENT_AUTH
        Self-signed certificate mutual TLS OAuth client authentication. See OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 2.2.
      • REQUEST_OBJECT

        public static final ClientAuthenticationMethod REQUEST_OBJECT
        Client authentication by means of a request object at the authorisation or PAR endpoints. Intended for OpenID Connect Federation 1.0 clients undertaking automatic registration. See OpenID Connect Federation 1.0.
    • Constructor Detail

      • ClientAuthenticationMethod

        public ClientAuthenticationMethod​(String value)
        Creates a new client authentication method with the specified value.
        Parameters:
        value - The authentication method value. Must not be null or empty string.