Class IDTokenClaimsSet
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.claims.ClaimsSet
-
- com.nimbusds.openid.connect.sdk.claims.CommonClaimsSet
-
- com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet
-
- All Implemented Interfaces:
net.minidev.json.JSONAware
public class IDTokenClaimsSet extends CommonClaimsSet
ID token claims set, serialisable to a JSON object.Example ID token claims set:
{ "iss" : "https://server.example.com", "sub" : "24400320", "aud" : "s6BhdRkqt3", "nonce" : "n-0S6_WzA2Mj", "exp" : 1311281970, "iat" : 1311280970, "auth_time" : 1311280969, "acr" : "urn:mace:incommon:iap:silver", "at_hash" : "MTIzNDU2Nzg5MDEyMzQ1Ng" }
Related specifications:
- OpenID Connect Core 1.0, section 2.
- OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02).
- Financial Services – Financial API - Part 2: Read and Write API Security Profile, section 5.1.
-
-
Field Summary
Fields Modifier and Type Field Description static String
ACR_CLAIM_NAME
The ACR claim name.static String
AMR_CLAIM_NAME
The AMRs claim name.static String
AT_HASH_CLAIM_NAME
The access token hash claim name.static String
AUTH_TIME_CLAIM_NAME
The subject authentication time claim name.static String
AZP_CLAIM_NAME
The authorised party claim name.static String
C_HASH_CLAIM_NAME
The authorisation code hash claim name.static String
EXP_CLAIM_NAME
The expiration time claim name.static String
NONCE_CLAIM_NAME
The nonce claim name.static String
S_HASH_CLAIM_NAME
The state hash claim name.static String
SID_CLAIM_NAME
The session identifier claim name.static String
SUB_JWK_CLAIM_NAME
The subject JWK claim name.-
Fields inherited from class com.nimbusds.openid.connect.sdk.claims.CommonClaimsSet
IAT_CLAIM_NAME, SUB_CLAIM_NAME
-
Fields inherited from class com.nimbusds.openid.connect.sdk.claims.ClaimsSet
AUD_CLAIM_NAME, claims, ISS_CLAIM_NAME
-
-
Constructor Summary
Constructors Constructor Description IDTokenClaimsSet(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet)
Creates a new ID token claims set from the specified JSON Web Token (JWT) claims set.IDTokenClaimsSet(Issuer iss, Subject sub, List<Audience> aud, Date exp, Date iat)
Creates a new minimal ID token claims set.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description AccessTokenHash
getAccessTokenHash()
Gets the access token hash.ACR
getACR()
Gets the Authentication Context Class Reference (ACR).List<AMR>
getAMR()
Gets the Authentication Methods References (AMRs).Date
getAuthenticationTime()
Gets the subject authentication time.AuthorizedParty
getAuthorizedParty()
Gets the authorised party for the ID token.CodeHash
getCodeHash()
Gets the authorisation code hash.Date
getExpirationTime()
Gets the ID token expiration time.Nonce
getNonce()
Gets the ID token nonce.SessionID
getSessionID()
Gets the session ID.static Set<String>
getStandardClaimNames()
Gets the names of the standard top-level ID token claims.StateHash
getStateHash()
Gets the state hash.com.nimbusds.jose.jwk.JWK
getSubjectJWK()
Gets the subject's JSON Web Key (JWK) for a self-issued OpenID Connect provider.boolean
hasRequiredClaims(ResponseType responseType)
Deprecated.boolean
hasRequiredClaims(ResponseType responseType, boolean iatAuthzEndpoint)
Checks if this ID token claims set contains all required claims for the specified OpenID Connect response type.static IDTokenClaimsSet
parse(String json)
Parses an ID token claims set from the specified JSON object string.static IDTokenClaimsSet
parse(net.minidev.json.JSONObject jsonObject)
Parses an ID token claims set from the specified JSON object.void
setAccessTokenHash(AccessTokenHash atHash)
Sets the access token hash.void
setACR(ACR acr)
Sets the Authentication Context Class Reference (ACR).void
setAMR(List<AMR> amr)
Sets the Authentication Methods References (AMRs).void
setAuthenticationTime(Date authTime)
Sets the subject authentication time.void
setAuthorizedParty(AuthorizedParty azp)
Sets the authorised party for the ID token.void
setCodeHash(CodeHash cHash)
Sets the authorisation code hash.void
setNonce(Nonce nonce)
Sets the ID token nonce.void
setSessionID(SessionID sid)
Sets the session ID.void
setStateHash(StateHash sHash)
Sets the state hash.void
setSubjectJWK(com.nimbusds.jose.jwk.JWK subJWK)
Sets the subject's JSON Web Key (JWK) for a self-issued OpenID Connect provider.-
Methods inherited from class com.nimbusds.openid.connect.sdk.claims.CommonClaimsSet
getIssueTime, getSubject
-
Methods inherited from class com.nimbusds.openid.connect.sdk.claims.ClaimsSet
getAudience, getBooleanClaim, getClaim, getClaim, getDateClaim, getIssuer, getJSONObjectClaim, getLangTaggedClaim, getNumberClaim, getStringClaim, getStringClaim, getStringListClaim, getURIClaim, getURLClaim, putAll, putAll, setAudience, setAudience, setClaim, setClaim, setDateClaim, setIssuer, setURIClaim, setURLClaim, toJSONObject, toJSONString, toJWTClaimsSet
-
-
-
-
Field Detail
-
EXP_CLAIM_NAME
public static final String EXP_CLAIM_NAME
The expiration time claim name.- See Also:
- Constant Field Values
-
AUTH_TIME_CLAIM_NAME
public static final String AUTH_TIME_CLAIM_NAME
The subject authentication time claim name.- See Also:
- Constant Field Values
-
NONCE_CLAIM_NAME
public static final String NONCE_CLAIM_NAME
The nonce claim name.- See Also:
- Constant Field Values
-
AT_HASH_CLAIM_NAME
public static final String AT_HASH_CLAIM_NAME
The access token hash claim name.- See Also:
- Constant Field Values
-
C_HASH_CLAIM_NAME
public static final String C_HASH_CLAIM_NAME
The authorisation code hash claim name.- See Also:
- Constant Field Values
-
S_HASH_CLAIM_NAME
public static final String S_HASH_CLAIM_NAME
The state hash claim name.- See Also:
- Constant Field Values
-
ACR_CLAIM_NAME
public static final String ACR_CLAIM_NAME
The ACR claim name.- See Also:
- Constant Field Values
-
AMR_CLAIM_NAME
public static final String AMR_CLAIM_NAME
The AMRs claim name.- See Also:
- Constant Field Values
-
AZP_CLAIM_NAME
public static final String AZP_CLAIM_NAME
The authorised party claim name.- See Also:
- Constant Field Values
-
SUB_JWK_CLAIM_NAME
public static final String SUB_JWK_CLAIM_NAME
The subject JWK claim name.- See Also:
- Constant Field Values
-
SID_CLAIM_NAME
public static final String SID_CLAIM_NAME
The session identifier claim name.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
IDTokenClaimsSet
public IDTokenClaimsSet(Issuer iss, Subject sub, List<Audience> aud, Date exp, Date iat)
Creates a new minimal ID token claims set. Note that the ID token may require additional claims to be present depending on the original OpenID Connect authorisation request.- Parameters:
iss
- The issuer. Must not benull
.sub
- The subject. Must not benull
.aud
- The audience. Must not benull
.exp
- The expiration time. Must not benull
.iat
- The issue time. Must not benull
.
-
IDTokenClaimsSet
public IDTokenClaimsSet(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet) throws ParseException
Creates a new ID token claims set from the specified JSON Web Token (JWT) claims set.- Parameters:
jwtClaimsSet
- The JWT claims set. Must not benull
.- Throws:
ParseException
- If the JWT claims set doesn't represent a valid ID token claims set.
-
-
Method Detail
-
getStandardClaimNames
public static Set<String> getStandardClaimNames()
Gets the names of the standard top-level ID token claims.- Returns:
- The names of the standard top-level ID token claims (read-only set).
-
hasRequiredClaims
public boolean hasRequiredClaims(ResponseType responseType, boolean iatAuthzEndpoint)
Checks if this ID token claims set contains all required claims for the specified OpenID Connect response type.- Parameters:
responseType
- The OpenID Connect response type. Must not benull
.iatAuthzEndpoint
- Specifies the endpoint where the ID token was issued (required for hybrid flow).true
if the ID token was issued at the authorisation endpoint,false
if the ID token was issued at the token endpoint.- Returns:
true
if the required claims are contained, elsefalse
.
-
hasRequiredClaims
@Deprecated public boolean hasRequiredClaims(ResponseType responseType)
Deprecated.UsehasRequiredClaims(ResponseType, boolean)
instead.- Parameters:
responseType
- The OpenID Connect response type. Must not benull
.- Returns:
true
if the required claims are contained, elsefalse
.
-
getExpirationTime
public Date getExpirationTime()
Gets the ID token expiration time. Corresponds to theexp
claim.- Returns:
- The expiration time.
-
getAuthenticationTime
public Date getAuthenticationTime()
Gets the subject authentication time. Corresponds to theauth_time
claim.- Returns:
- The authentication time,
null
if not specified or parsing failed.
-
setAuthenticationTime
public void setAuthenticationTime(Date authTime)
Sets the subject authentication time. Corresponds to theauth_time
claim.- Parameters:
authTime
- The authentication time,null
if not specified.
-
getNonce
public Nonce getNonce()
Gets the ID token nonce. Corresponds to thenonce
claim.- Returns:
- The nonce,
null
if not specified or parsing failed.
-
setNonce
public void setNonce(Nonce nonce)
Sets the ID token nonce. Corresponds to thenonce
claim.- Parameters:
nonce
- The nonce,null
if not specified.
-
getAccessTokenHash
public AccessTokenHash getAccessTokenHash()
Gets the access token hash. Corresponds to theat_hash
claim.- Returns:
- The access token hash,
null
if not specified or parsing failed.
-
setAccessTokenHash
public void setAccessTokenHash(AccessTokenHash atHash)
Sets the access token hash. Corresponds to theat_hash
claim.- Parameters:
atHash
- The access token hash,null
if not specified.
-
getCodeHash
public CodeHash getCodeHash()
Gets the authorisation code hash. Corresponds to thec_hash
claim.- Returns:
- The authorisation code hash,
null
if not specified or parsing failed.
-
setCodeHash
public void setCodeHash(CodeHash cHash)
Sets the authorisation code hash. Corresponds to thec_hash
claim.- Parameters:
cHash
- The authorisation code hash,null
if not specified.
-
getStateHash
public StateHash getStateHash()
Gets the state hash. Corresponds to thes_hash
claim.- Returns:
- The state hash,
null
if not specified or parsing failed.
-
setStateHash
public void setStateHash(StateHash sHash)
Sets the state hash. Corresponds to thes_hash
claim.- Parameters:
sHash
- The state hash,null
if not specified.
-
getACR
public ACR getACR()
Gets the Authentication Context Class Reference (ACR). Corresponds to theacr
claim.- Returns:
- The Authentication Context Class Reference (ACR),
null
if not specified or parsing failed.
-
setACR
public void setACR(ACR acr)
Sets the Authentication Context Class Reference (ACR). Corresponds to theacr
claim.- Parameters:
acr
- The Authentication Context Class Reference (ACR),null
if not specified.
-
getAMR
public List<AMR> getAMR()
Gets the Authentication Methods References (AMRs). Corresponds to theamr
claim.- Returns:
- The Authentication Methods Reference (AMR) list,
null
if not specified or parsing failed.
-
setAMR
public void setAMR(List<AMR> amr)
Sets the Authentication Methods References (AMRs). Corresponds to theamr
claim.- Parameters:
amr
- The Authentication Methods Reference (AMR) list,null
if not specified.
-
getAuthorizedParty
public AuthorizedParty getAuthorizedParty()
Gets the authorised party for the ID token. Corresponds to theazp
claim.- Returns:
- The authorised party,
null
if not specified or parsing failed.
-
setAuthorizedParty
public void setAuthorizedParty(AuthorizedParty azp)
Sets the authorised party for the ID token. Corresponds to theazp
claim.- Parameters:
azp
- The authorised party,null
if not specified.
-
getSubjectJWK
public com.nimbusds.jose.jwk.JWK getSubjectJWK()
Gets the subject's JSON Web Key (JWK) for a self-issued OpenID Connect provider. Corresponds to thesub_jwk
claim.- Returns:
- The subject's JWK,
null
if not specified or parsing failed.
-
setSubjectJWK
public void setSubjectJWK(com.nimbusds.jose.jwk.JWK subJWK)
Sets the subject's JSON Web Key (JWK) for a self-issued OpenID Connect provider. Corresponds to thesub_jwk
claim.- Parameters:
subJWK
- The subject's JWK (must be public),null
if not specified.
-
parse
public static IDTokenClaimsSet parse(net.minidev.json.JSONObject jsonObject) throws ParseException
Parses an ID token claims set from the specified JSON object.- Parameters:
jsonObject
- The JSON object to parse. Must not benull
.- Returns:
- The ID token claims set.
- Throws:
ParseException
- If parsing failed.
-
parse
public static IDTokenClaimsSet parse(String json) throws ParseException
Parses an ID token claims set from the specified JSON object string.- Parameters:
json
- The JSON object string to parse. Must not benull
.- Returns:
- The ID token claims set.
- Throws:
ParseException
- If parsing failed.
-
getSessionID
public SessionID getSessionID()
Gets the session ID. Corresponds to thesid
claim.- Returns:
- The session ID,
null
if not specified.
-
setSessionID
public void setSessionID(SessionID sid)
Sets the session ID. Corresponds to thesid
claim.- Parameters:
sid
- The session ID,null
if not specified.
-
-