Package com.nimbusds.oauth2.sdk.ciba
Class CIBARequest
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.AbstractRequest
-
- com.nimbusds.oauth2.sdk.AbstractAuthenticatedRequest
-
- com.nimbusds.oauth2.sdk.ciba.CIBARequest
-
@Immutable public class CIBARequest extends AbstractAuthenticatedRequest
CIBA request to an OpenID provider / OAuth 2.0 authorisation server backend authentication endpoint. Supports plan as well as signed (JWT) requests.
Example HTTP request:
POST /bc-authorize HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded scope=openid%20email%20example-scope& client_notification_token=8d67dc78-7faa-4d41-aabd-67707b374255& binding_message=W4SCT& login_hint_token=eyJraWQiOiJsdGFjZXNidyIsImFsZyI6IkVTMjU2In0.eyJ zdWJfaWQiOnsic3ViamVjdF90eXBlIjoicGhvbmUiLCJwaG9uZSI6IisxMzMwMjg xODAwNCJ9fQ.Kk8jcUbHjJAQkRSHyDuFQr3NMEOSJEZc85VfER74tX6J9CuUllr8 9WKUHUR7MA0-mWlptMRRhdgW1ZDt7g1uwQ& client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3A client-assertion-type%3Ajwt-bearer& client_assertion=eyJraWQiOiJsdGFjZXNidyIsImFsZyI6IkVTMjU2In0.eyJ pc3MiOiJzNkJoZFJrcXQzIiwic3ViIjoiczZCaGRSa3F0MyIsImF1ZCI6Imh0dHB zOi8vc2VydmVyLmV4YW1wbGUuY29tIiwianRpIjoiYmRjLVhzX3NmLTNZTW80RlN 6SUoyUSIsImlhdCI6MTUzNzgxOTQ4NiwiZXhwIjoxNTM3ODE5Nzc3fQ.Ybr8mg_3 E2OptOSsA8rnelYO_y1L-yFaF_j1iemM3ntB61_GN3APe5cl_-5a6cvGlP154XAK 7fL-GaZSdnd9kg
Related specifications:
- OpenID Connect CIBA Flow - Core 1.0, section 7.1.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
CIBARequest.Builder
Builder for constructing CIBA requests.
-
Field Summary
Fields Modifier and Type Field Description static int
CLIENT_NOTIFICATION_TOKEN_MAX_LENGTH
The maximum allowed length of a client notification token.
-
Constructor Summary
Constructors Constructor Description CIBARequest(URI uri, ClientAuthentication clientAuth, com.nimbusds.jwt.SignedJWT signedRequest)
Creates a new CIBA signed request.CIBARequest(URI uri, ClientAuthentication clientAuth, Scope scope, BearerAccessToken clientNotificationToken, List<ACR> acrValues, String loginHintTokenString, com.nimbusds.jwt.JWT idTokenHint, String loginHint, String bindingMessage, Secret userCode, Integer requestedExpiry, Map<String,List<String>> customParams)
Creates a new CIBA request.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description List<ACR>
getACRValues()
Gets the requested Authentication Context Class Reference values.String
getBindingMessage()
Gets the human readable binding message for the display at the consumption and authentication devices.BearerAccessToken
getClientNotificationToken()
Gets the client notification token, required for the CIBA ping and push token delivery modes.List<String>
getCustomParameter(String name)
Returns the specified custom parameter.Map<String,List<String>>
getCustomParameters()
Returns the additional custom parameters.com.nimbusds.jwt.JWT
getIDTokenHint()
Gets the ID Token hint, passed as a hint to identify the end-user for whom authentication is being requested.String
getLoginHint()
Gets the login hint (email address, phone number, etc), about the end-user for whom authentication is being requested.String
getLoginHintTokenString()
Gets the login hint token string, containing information identifying the end-user for whom authentication is being requested.static Set<String>
getRegisteredParameterNames()
Returns the registered (standard) CIBA request parameter names.Integer
getRequestedExpiry()
Gets the requested expiration for theauth_req_id
.com.nimbusds.jwt.SignedJWT
getRequestJWT()
Returns the JWT for a signed request.Scope
getScope()
Gets the scope.Secret
getUserCode()
Gets the user secret code (password, PIN, etc) to authorise the CIBA request with the authentication device.boolean
isSigned()
Returnstrue
if this request is signed.static CIBARequest
parse(HTTPRequest httpRequest)
Parses a CIBA request from the specified HTTP request.HTTPRequest
toHTTPRequest()
Returns the matching HTTP request.com.nimbusds.jwt.JWTClaimsSet
toJWTClaimsSet()
Returns the parameters for this CIBA request as a JSON Web Token (JWT) claims set.Map<String,List<String>>
toParameters()
Returns the for parameters for this CIBA request.-
Methods inherited from class com.nimbusds.oauth2.sdk.AbstractAuthenticatedRequest
getClientAuthentication
-
Methods inherited from class com.nimbusds.oauth2.sdk.AbstractRequest
getEndpointURI
-
-
-
-
Field Detail
-
CLIENT_NOTIFICATION_TOKEN_MAX_LENGTH
public static final int CLIENT_NOTIFICATION_TOKEN_MAX_LENGTH
The maximum allowed length of a client notification token.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CIBARequest
public CIBARequest(URI uri, ClientAuthentication clientAuth, Scope scope, BearerAccessToken clientNotificationToken, List<ACR> acrValues, String loginHintTokenString, com.nimbusds.jwt.JWT idTokenHint, String loginHint, String bindingMessage, Secret userCode, Integer requestedExpiry, Map<String,List<String>> customParams)
Creates a new CIBA request.- Parameters:
uri
- The endpoint URI,null
if not specified.clientAuth
- The client authentication. Must not benull
.scope
- The requested scope. Must not be empty ornull
.clientNotificationToken
- The client notification token,null
if not specified.acrValues
- The requested ACR values,null
if not specified.loginHintTokenString
- The login hint token string,null
if not specified.idTokenHint
- The ID Token hint,null
if not specified.loginHint
- The login hint,null
if not specified.bindingMessage
- The binding message,null
if not specified.userCode
- The user code,null
if not specified.requestedExpiry
- The required expiry (as positive integer),null
if not specified.customParams
- Custom parameters, empty ornull
if not specified.
-
CIBARequest
public CIBARequest(URI uri, ClientAuthentication clientAuth, com.nimbusds.jwt.SignedJWT signedRequest)
Creates a new CIBA signed request.- Parameters:
uri
- The endpoint URI,null
if not specified.clientAuth
- The client authentication. Must not benull
.signedRequest
- The signed request JWT. Must not benull
.
-
-
Method Detail
-
getRegisteredParameterNames
public static Set<String> getRegisteredParameterNames()
Returns the registered (standard) CIBA request parameter names.- Returns:
- The registered CIBA request parameter names, as a unmodifiable set.
-
getScope
public Scope getScope()
Gets the scope. Corresponds to the optionalscope
parameter.- Returns:
- The scope,
null
for asigned request
.
-
getClientNotificationToken
public BearerAccessToken getClientNotificationToken()
Gets the client notification token, required for the CIBA ping and push token delivery modes. Corresponds to theclient_notification_token
parameter.- Returns:
- The client notification token,
null
if not specified.
-
getACRValues
public List<ACR> getACRValues()
Gets the requested Authentication Context Class Reference values. Corresponds to the optionalacr_values
parameter.- Returns:
- The requested ACR values,
null
if not specified.
-
getLoginHintTokenString
public String getLoginHintTokenString()
Gets the login hint token string, containing information identifying the end-user for whom authentication is being requested. Corresponds to thelogin_hint_token
parameter.- Returns:
- The login hint token string,
null
if not specified.
-
getIDTokenHint
public com.nimbusds.jwt.JWT getIDTokenHint()
Gets the ID Token hint, passed as a hint to identify the end-user for whom authentication is being requested. Corresponds to theid_token_hint
parameter.- Returns:
- The ID Token hint,
null
if not specified.
-
getLoginHint
public String getLoginHint()
Gets the login hint (email address, phone number, etc), about the end-user for whom authentication is being requested. Corresponds to thelogin_hint
parameter.- Returns:
- The login hint,
null
if not specified.
-
getBindingMessage
public String getBindingMessage()
Gets the human readable binding message for the display at the consumption and authentication devices. Corresponds to thebinding_message
parameter.- Returns:
- The binding message,
null
if not specified.
-
getUserCode
public Secret getUserCode()
Gets the user secret code (password, PIN, etc) to authorise the CIBA request with the authentication device. Corresponds to theuser_code
parameter.- Returns:
- The user code,
null
if not specified.
-
getRequestedExpiry
public Integer getRequestedExpiry()
Gets the requested expiration for theauth_req_id
. Corresponds to therequested_expiry
parameter.- Returns:
- The required expiry (as positive integer),
null
if not specified.
-
getCustomParameters
public Map<String,List<String>> getCustomParameters()
Returns the additional custom parameters.- Returns:
- The additional custom parameters as a unmodifiable map, empty map if none.
-
getCustomParameter
public List<String> getCustomParameter(String name)
Returns the specified custom parameter.- Parameters:
name
- The parameter name. Must not benull
.- Returns:
- The parameter value(s),
null
if not specified.
-
isSigned
public boolean isSigned()
Returnstrue
if this request is signed.- Returns:
true
for a signed request,false
for a plain request.
-
getRequestJWT
public com.nimbusds.jwt.SignedJWT getRequestJWT()
Returns the JWT for a signed request.- Returns:
- The request JWT.
-
toParameters
public Map<String,List<String>> toParameters()
Returns the for parameters for this CIBA request. Parameters which are part of the client authentication are not included.- Returns:
- The parameters.
-
toJWTClaimsSet
public com.nimbusds.jwt.JWTClaimsSet toJWTClaimsSet()
Returns the parameters for this CIBA request as a JSON Web Token (JWT) claims set. Intended for creating a signed CIBA request.- Returns:
- The parameters as JWT claim set.
-
toHTTPRequest
public HTTPRequest toHTTPRequest()
Returns the matching HTTP request.- Returns:
- The HTTP request.
-
parse
public static CIBARequest parse(HTTPRequest httpRequest) throws ParseException
Parses a CIBA request from the specified HTTP request.- Parameters:
httpRequest
- The HTTP request. Must not benull
.- Returns:
- The CIBA request.
- Throws:
ParseException
- If parsing failed.
-
-