Package com.nimbusds.oauth2.sdk.ciba
Class CIBARequest
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.AbstractRequest
-
- com.nimbusds.oauth2.sdk.AbstractAuthenticatedRequest
-
- com.nimbusds.oauth2.sdk.ciba.CIBARequest
-
@Immutable public class CIBARequest extends AbstractAuthenticatedRequest
CIBA request to an OpenID provider / OAuth 2.0 authorisation server backend authentication endpoint. Supports plan as well as signed (JWT) requests.
Example HTTP request:
POST /bc-authorize HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded scope=openid%20email%20example-scope& client_notification_token=8d67dc78-7faa-4d41-aabd-67707b374255& binding_message=W4SCT& login_hint_token=eyJraWQiOiJsdGFjZXNidyIsImFsZyI6IkVTMjU2In0.eyJ zdWJfaWQiOnsic3ViamVjdF90eXBlIjoicGhvbmUiLCJwaG9uZSI6IisxMzMwMjg xODAwNCJ9fQ.Kk8jcUbHjJAQkRSHyDuFQr3NMEOSJEZc85VfER74tX6J9CuUllr8 9WKUHUR7MA0-mWlptMRRhdgW1ZDt7g1uwQ& client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3A client-assertion-type%3Ajwt-bearer& client_assertion=eyJraWQiOiJsdGFjZXNidyIsImFsZyI6IkVTMjU2In0.eyJ pc3MiOiJzNkJoZFJrcXQzIiwic3ViIjoiczZCaGRSa3F0MyIsImF1ZCI6Imh0dHB zOi8vc2VydmVyLmV4YW1wbGUuY29tIiwianRpIjoiYmRjLVhzX3NmLTNZTW80RlN 6SUoyUSIsImlhdCI6MTUzNzgxOTQ4NiwiZXhwIjoxNTM3ODE5Nzc3fQ.Ybr8mg_3 E2OptOSsA8rnelYO_y1L-yFaF_j1iemM3ntB61_GN3APe5cl_-5a6cvGlP154XAK 7fL-GaZSdnd9kg
Related specifications:
- OpenID Connect CIBA Flow - Core 1.0, section 7.1.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
CIBARequest.Builder
Builder for constructing CIBA requests.
-
Field Summary
Fields Modifier and Type Field Description static int
CLIENT_NOTIFICATION_TOKEN_MAX_LENGTH
The maximum allowed length of a client notification token.
-
Constructor Summary
Constructors Constructor Description CIBARequest(URI uri, ClientAuthentication clientAuth, com.nimbusds.jwt.SignedJWT signedRequest)
Creates a new CIBA signed request.CIBARequest(URI uri, ClientAuthentication clientAuth, Scope scope, BearerAccessToken clientNotificationToken, List<ACR> acrValues, String loginHintTokenString, com.nimbusds.jwt.JWT idTokenHint, String loginHint, String bindingMessage, Secret userCode, Integer requestedExpiry, OIDCClaimsRequest claims, Map<String,List<String>> customParams)
Creates a new CIBA request.CIBARequest(URI uri, ClientAuthentication clientAuth, Scope scope, BearerAccessToken clientNotificationToken, List<ACR> acrValues, String loginHintTokenString, com.nimbusds.jwt.JWT idTokenHint, String loginHint, String bindingMessage, Secret userCode, Integer requestedExpiry, Map<String,List<String>> customParams)
Deprecated.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description List<ACR>
getACRValues()
Returns the requested Authentication Context Class Reference values.String
getBindingMessage()
Returns the human-readable binding message for the display at the consumption and authentication devices.BearerAccessToken
getClientNotificationToken()
Returns the client notification token, required for the CIBA ping and push token delivery modes.List<String>
getCustomParameter(String name)
Returns the specified custom parameter.Map<String,List<String>>
getCustomParameters()
Returns the additional custom parameters.com.nimbusds.jwt.JWT
getIDTokenHint()
Returns the ID Token hint, passed as a hint to identify the end-user for whom authentication is being requested.String
getLoginHint()
Returns the login hint (email address, phone number, etc), about the end-user for whom authentication is being requested.String
getLoginHintTokenString()
Returns the login hint token string, containing information identifying the end-user for whom authentication is being requested.OIDCClaimsRequest
getOIDCClaims()
Returns the individual OpenID claims to be returned.static Set<String>
getRegisteredParameterNames()
Returns the registered (standard) CIBA request parameter names.Integer
getRequestedExpiry()
Returns the requested expiration for theauth_req_id
.com.nimbusds.jwt.SignedJWT
getRequestJWT()
Returns the JWT for a signed request.Scope
getScope()
Returns the scope.Secret
getUserCode()
Returns the user secret code (password, PIN, etc) to authorise the CIBA request with the authentication device.boolean
isSigned()
Returnstrue
if this request is signed.static CIBARequest
parse(HTTPRequest httpRequest)
Parses a CIBA request from the specified HTTP request.HTTPRequest
toHTTPRequest()
Returns the matching HTTP request.com.nimbusds.jwt.JWTClaimsSet
toJWTClaimsSet()
Returns the parameters for this CIBA request as a JSON Web Token (JWT) claims set.Map<String,List<String>>
toParameters()
Returns the for parameters for this CIBA request.-
Methods inherited from class com.nimbusds.oauth2.sdk.AbstractAuthenticatedRequest
getClientAuthentication
-
Methods inherited from class com.nimbusds.oauth2.sdk.AbstractRequest
getEndpointURI
-
-
-
-
Field Detail
-
CLIENT_NOTIFICATION_TOKEN_MAX_LENGTH
public static final int CLIENT_NOTIFICATION_TOKEN_MAX_LENGTH
The maximum allowed length of a client notification token.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CIBARequest
@Deprecated public CIBARequest(URI uri, ClientAuthentication clientAuth, Scope scope, BearerAccessToken clientNotificationToken, List<ACR> acrValues, String loginHintTokenString, com.nimbusds.jwt.JWT idTokenHint, String loginHint, String bindingMessage, Secret userCode, Integer requestedExpiry, Map<String,List<String>> customParams)
Deprecated.Creates a new CIBA request.- Parameters:
uri
- The endpoint URI,null
if not specified.clientAuth
- The client authentication. Must not benull
.scope
- The requested scope. Must not be empty ornull
.clientNotificationToken
- The client notification token,null
if not specified.acrValues
- The requested ACR values,null
if not specified.loginHintTokenString
- The login hint token string,null
if not specified.idTokenHint
- The ID Token hint,null
if not specified.loginHint
- The login hint,null
if not specified.bindingMessage
- The binding message,null
if not specified.userCode
- The user code,null
if not specified.requestedExpiry
- The required expiry (as positive integer),null
if not specified.customParams
- Custom parameters, empty ornull
if not specified.
-
CIBARequest
public CIBARequest(URI uri, ClientAuthentication clientAuth, Scope scope, BearerAccessToken clientNotificationToken, List<ACR> acrValues, String loginHintTokenString, com.nimbusds.jwt.JWT idTokenHint, String loginHint, String bindingMessage, Secret userCode, Integer requestedExpiry, OIDCClaimsRequest claims, Map<String,List<String>> customParams)
Creates a new CIBA request.- Parameters:
uri
- The endpoint URI,null
if not specified.clientAuth
- The client authentication. Must not benull
.scope
- The requested scope. Must not be empty ornull
.clientNotificationToken
- The client notification token,null
if not specified.acrValues
- The requested ACR values,null
if not specified.loginHintTokenString
- The login hint token string,null
if not specified.idTokenHint
- The ID Token hint,null
if not specified.loginHint
- The login hint,null
if not specified.bindingMessage
- The binding message,null
if not specified.userCode
- The user code,null
if not specified.requestedExpiry
- The required expiry (as positive integer),null
if not specified.claims
- The individual OpenID claims to be returned. Corresponds to the optionalclaims
parameter.null
if not specified.customParams
- Custom parameters, empty ornull
if not specified.
-
CIBARequest
public CIBARequest(URI uri, ClientAuthentication clientAuth, com.nimbusds.jwt.SignedJWT signedRequest)
Creates a new CIBA signed request.- Parameters:
uri
- The endpoint URI,null
if not specified.clientAuth
- The client authentication. Must not benull
.signedRequest
- The signed request JWT. Must not benull
.
-
-
Method Detail
-
getRegisteredParameterNames
public static Set<String> getRegisteredParameterNames()
Returns the registered (standard) CIBA request parameter names.- Returns:
- The registered CIBA request parameter names, as a unmodifiable set.
-
getScope
public Scope getScope()
Returns the scope. Corresponds to the optionalscope
parameter.- Returns:
- The scope,
null
for asigned request
.
-
getClientNotificationToken
public BearerAccessToken getClientNotificationToken()
Returns the client notification token, required for the CIBA ping and push token delivery modes. Corresponds to theclient_notification_token
parameter.- Returns:
- The client notification token,
null
if not specified.
-
getACRValues
public List<ACR> getACRValues()
Returns the requested Authentication Context Class Reference values. Corresponds to the optionalacr_values
parameter.- Returns:
- The requested ACR values,
null
if not specified.
-
getLoginHintTokenString
public String getLoginHintTokenString()
Returns the login hint token string, containing information identifying the end-user for whom authentication is being requested. Corresponds to thelogin_hint_token
parameter.- Returns:
- The login hint token string,
null
if not specified.
-
getIDTokenHint
public com.nimbusds.jwt.JWT getIDTokenHint()
Returns the ID Token hint, passed as a hint to identify the end-user for whom authentication is being requested. Corresponds to theid_token_hint
parameter.- Returns:
- The ID Token hint,
null
if not specified.
-
getLoginHint
public String getLoginHint()
Returns the login hint (email address, phone number, etc), about the end-user for whom authentication is being requested. Corresponds to thelogin_hint
parameter.- Returns:
- The login hint,
null
if not specified.
-
getBindingMessage
public String getBindingMessage()
Returns the human-readable binding message for the display at the consumption and authentication devices. Corresponds to thebinding_message
parameter.- Returns:
- The binding message,
null
if not specified.
-
getUserCode
public Secret getUserCode()
Returns the user secret code (password, PIN, etc) to authorise the CIBA request with the authentication device. Corresponds to theuser_code
parameter.- Returns:
- The user code,
null
if not specified.
-
getRequestedExpiry
public Integer getRequestedExpiry()
Returns the requested expiration for theauth_req_id
. Corresponds to therequested_expiry
parameter.- Returns:
- The required expiry (as positive integer),
null
if not specified.
-
getOIDCClaims
public OIDCClaimsRequest getOIDCClaims()
Returns the individual OpenID claims to be returned. Corresponds to the optionalclaims
parameter.- Returns:
- The individual claims to be returned,
null
if not specified.
-
getCustomParameters
public Map<String,List<String>> getCustomParameters()
Returns the additional custom parameters.- Returns:
- The additional custom parameters as a unmodifiable map, empty map if none.
-
getCustomParameter
public List<String> getCustomParameter(String name)
Returns the specified custom parameter.- Parameters:
name
- The parameter name. Must not benull
.- Returns:
- The parameter value(s),
null
if not specified.
-
isSigned
public boolean isSigned()
Returnstrue
if this request is signed.- Returns:
true
for a signed request,false
for a plain request.
-
getRequestJWT
public com.nimbusds.jwt.SignedJWT getRequestJWT()
Returns the JWT for a signed request.- Returns:
- The request JWT.
-
toParameters
public Map<String,List<String>> toParameters()
Returns the for parameters for this CIBA request. Parameters which are part of the client authentication are not included.- Returns:
- The parameters.
-
toJWTClaimsSet
public com.nimbusds.jwt.JWTClaimsSet toJWTClaimsSet()
Returns the parameters for this CIBA request as a JSON Web Token (JWT) claims set. Intended for creating a signed CIBA request.- Returns:
- The parameters as JWT claim set.
-
toHTTPRequest
public HTTPRequest toHTTPRequest()
Returns the matching HTTP request.- Returns:
- The HTTP request.
-
parse
public static CIBARequest parse(HTTPRequest httpRequest) throws ParseException
Parses a CIBA request from the specified HTTP request.- Parameters:
httpRequest
- The HTTP request. Must not benull
.- Returns:
- The CIBA request.
- Throws:
ParseException
- If parsing failed.
-
-