Package com.nimbusds.oauth2.sdk.as

Class AuthorizationServerMetadata

java.lang.Object

com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata

Direct Known Subclasses:

OIDCProviderMetadata

public class AuthorizationServerMetadata
extends Object

OAuth 2.0 Authorisation Server (AS) metadata.

Related specifications:

• OAuth 2.0 Authorization Server Metadata (RFC 8414)
• OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound * Access Tokens (draft-ietf-oauth-mtls-08)

Constructor Summary

Constructors

Constructor	Description
AuthorizationServerMetadata(Issuer issuer)	Creates a new OAuth 2.0 Authorisation Server (AS) metadata instance.

Method Summary

Modifier and Type	Method	Description
void	applyDefaults()	Applies the OAuth 2.0 Authorisation Server metadata defaults where no values have been specified.
URI	getAuthorizationEndpointURI()	Gets the authorisation endpoint URI.
List<CodeChallengeMethod>	getCodeChallengeMethods()	Gets the supported authorisation code challenge methods for PKCE.
Object	getCustomParameter(String name)	Gets the specified custom (not registered) parameter.
net.minidev.json.JSONObject	getCustomParameters()	Gets the custom (not registered) parameters.
URI	getCustomURIParameter(String name)	Gets the specified custom (not registered) URI parameter.
List<GrantType>	getGrantTypes()	Gets the supported OAuth 2.0 grant types.
List<ClientAuthenticationMethod>	getIntrospectionEndpointAuthMethods()	Gets the supported introspection endpoint authentication methods.
List<com.nimbusds.jose.JWSAlgorithm>	getIntrospectionEndpointJWSAlgs()	Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt introspection endpoint authentication methods.
URI	getIntrospectionEndpointURI()	Gets the token introspection endpoint URI.
Issuer	getIssuer()	Gets the issuer identifier.
URI	getJWKSetURI()	Gets the JSON Web Key (JWK) set URI.
URI	getPolicyURI()	Gets the provider's policy regarding relying party use of data.
static Set<String>	getRegisteredParameterNames()	Gets the registered OpenID Connect provider metadata parameter names.
URI	getRegistrationEndpointURI()	Gets the client registration endpoint URI.
List<com.nimbusds.jose.JWEAlgorithm>	getRequestObjectJWEAlgs()	Gets the supported JWE algorithms for request objects.
List<com.nimbusds.jose.EncryptionMethod>	getRequestObjectJWEEncs()	Gets the supported encryption methods for request objects.
List<com.nimbusds.jose.JWSAlgorithm>	getRequestObjectJWSAlgs()	Gets the supported JWS algorithms for request objects.
List<ResponseMode>	getResponseModes()	Gets the supported response mode values.
List<ResponseType>	getResponseTypes()	Gets the supported response type values.
List<ClientAuthenticationMethod>	getRevocationEndpointAuthMethods()	Gets the supported revocation endpoint authentication methods.
List<com.nimbusds.jose.JWSAlgorithm>	getRevocationEndpointJWSAlgs()	Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt revocation endpoint authentication methods.
URI	getRevocationEndpointURI()	Gets the token revocation endpoint URI.
Scope	getScopes()	Gets the supported scope values.
URI	getServiceDocsURI()	Gets the service documentation URI.
URI	getTermsOfServiceURI()	Gets the provider's terms of service.
List<ClientAuthenticationMethod>	getTokenEndpointAuthMethods()	Gets the supported token endpoint authentication methods.
List<com.nimbusds.jose.JWSAlgorithm>	getTokenEndpointJWSAlgs()	Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt token endpoint authentication methods.
URI	getTokenEndpointURI()	Gets the token endpoint URI.
List<com.nimbusds.langtag.LangTag>	getUILocales()	Gets the supported UI locales.
static AuthorizationServerMetadata	parse(String s)	Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object string.
static AuthorizationServerMetadata	parse(net.minidev.json.JSONObject jsonObject)	Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object.
boolean	requiresRequestURIRegistration()	Gets the requirement for the request_uri parameter pre-registration.
static AuthorizationServerMetadata	resolve(Issuer issuer)	Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier.
static AuthorizationServerMetadata	resolve(Issuer issuer, int connectTimeout, int readTimeout)	Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier.
void	setAuthorizationEndpointURI(URI authzEndpoint)	Sets the authorisation endpoint URI.
void	setCodeChallengeMethods(List<CodeChallengeMethod> codeChallengeMethods)	Gets the supported authorisation code challenge methods for PKCE.
void	setCustomParameter(String name, Object value)	Sets the specified custom (not registered) parameter.
void	setGrantTypes(List<GrantType> gts)	Sets the supported OAuth 2.0 grant types.
void	setIntrospectionEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)	Sets the supported introspection endpoint authentication methods.
void	setIntrospectionEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)	Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt introspection endpoint authentication methods.
void	setIntrospectionEndpointURI(URI introspectionEndpoint)	Sets the token introspection endpoint URI.
void	setJWKSetURI(URI jwkSetURI)	Sets the JSON Web Key (JWT) set URI.
void	setPolicyURI(URI policyURI)	Sets the provider's policy regarding relying party use of data.
void	setRegistrationEndpointURI(URI regEndpoint)	Sets the client registration endpoint URI.
void	setRequestObjectJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> requestObjectJWEAlgs)	Sets the supported JWE algorithms for request objects.
void	setRequestObjectJWEEncs(List<com.nimbusds.jose.EncryptionMethod> requestObjectJWEEncs)	Sets the supported encryption methods for request objects.
void	setRequestObjectJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> requestObjectJWSAlgs)	Sets the supported JWS algorithms for request objects.
void	setRequiresRequestURIRegistration(boolean requireRequestURIReg)	Sets the requirement for the request_uri parameter pre-registration.
void	setResponseModes(List<ResponseMode> rms)	Sets the supported response mode values.
void	setResponseTypes(List<ResponseType> rts)	Sets the supported response type values.
void	setRevocationEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)	Sets the supported revocation endpoint authentication methods.
void	setRevocationEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)	Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt revocation endpoint authentication methods.
void	setRevocationEndpointURI(URI revocationEndpoint)	Sets the token revocation endpoint URI.
void	setScopes(Scope scope)	Sets the supported scope values.
void	setServiceDocsURI(URI serviceDocsURI)	Sets the service documentation URI.
void	setSupportsMutualTLSSenderConstrainedAccessTokens(boolean mutualTLSSenderConstrainedAccessTokens)	Deprecated.
void	setSupportsRequestParam(boolean requestParamSupported)	Sets the support for the request authorisation request parameter.
void	setSupportsRequestURIParam(boolean requestURIParamSupported)	Sets the support for the request_uri authorisation request parameter.
void	setSupportsTLSClientCertificateBoundAccessTokens(boolean tlsClientCertBoundTokens)	Sets the support for TLS client certificate bound access tokens.
void	setTermsOfServiceURI(URI tosURI)	Sets the provider's terms of service.
void	setTokenEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)	Sets the supported token endpoint authentication methods.
void	setTokenEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)	Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt token endpoint authentication methods.
void	setTokenEndpointURI(URI tokenEndpoint)	Sts the token endpoint URI.
void	setUILocales(List<com.nimbusds.langtag.LangTag> uiLocales)	Sets the supported UI locales.
boolean	supportsMutualTLSSenderConstrainedAccessTokens()	Deprecated.
boolean	supportsRequestParam()	Gets the support for the request authorisation request parameter.
boolean	supportsRequestURIParam()	Gets the support for the request_uri authorisation request parameter.
boolean	supportsTLSClientCertificateBoundAccessTokens()	Gets the support for TLS client certificate bound access tokens.
net.minidev.json.JSONObject	toJSONObject()	Returns the JSON object representation of this OpenID Connect provider metadata.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

AuthorizationServerMetadata

public AuthorizationServerMetadata(Issuer issuer)

Creates a new OAuth 2.0 Authorisation Server (AS) metadata instance.

Parameters:

issuer - The issuer identifier. Must be an URI using the https scheme with no query or fragment component. Must not be null.

Method Detail

getRegisteredParameterNames

public static Set<String> getRegisteredParameterNames()

Gets the registered OpenID Connect provider metadata parameter names.

Returns:

The registered OpenID Connect provider metadata parameter names, as an unmodifiable set.

getIssuer

public Issuer getIssuer()

Gets the issuer identifier. Corresponds to the issuer metadata field.

Returns:

The issuer identifier.

getAuthorizationEndpointURI

public URI getAuthorizationEndpointURI()

Gets the authorisation endpoint URI. Corresponds the authorization_endpoint metadata field.

Returns:

The authorisation endpoint URI, null if not specified.

setAuthorizationEndpointURI

public void setAuthorizationEndpointURI(URI authzEndpoint)

Sets the authorisation endpoint URI. Corresponds the authorization_endpoint metadata field.

Parameters:

authzEndpoint - The authorisation endpoint URI, null if not specified.

getTokenEndpointURI

public URI getTokenEndpointURI()

Gets the token endpoint URI. Corresponds the token_endpoint metadata field.

Returns:

The token endpoint URI, null if not specified.

setTokenEndpointURI

public void setTokenEndpointURI(URI tokenEndpoint)

Sts the token endpoint URI. Corresponds the token_endpoint metadata field.

Parameters:

tokenEndpoint - The token endpoint URI, null if not specified.

getRegistrationEndpointURI

public URI getRegistrationEndpointURI()

Gets the client registration endpoint URI. Corresponds to the registration_endpoint metadata field.

Returns:

The client registration endpoint URI, null if not specified.

setRegistrationEndpointURI

public void setRegistrationEndpointURI(URI regEndpoint)

Sets the client registration endpoint URI. Corresponds to the registration_endpoint metadata field.

Parameters:

regEndpoint - The client registration endpoint URI, null if not specified.

getIntrospectionEndpointURI

public URI getIntrospectionEndpointURI()

Gets the token introspection endpoint URI. Corresponds to the introspection_endpoint metadata field.

Returns:

The token introspection endpoint URI, null if not specified.

setIntrospectionEndpointURI

public void setIntrospectionEndpointURI(URI introspectionEndpoint)

Sets the token introspection endpoint URI. Corresponds to the introspection_endpoint metadata field.

Parameters:

introspectionEndpoint - The token introspection endpoint URI, null if not specified.

getRevocationEndpointURI

public URI getRevocationEndpointURI()

Gets the token revocation endpoint URI. Corresponds to the revocation_endpoint metadata field.

Returns:

The token revocation endpoint URI, null if not specified.

setRevocationEndpointURI

public void setRevocationEndpointURI(URI revocationEndpoint)

Sets the token revocation endpoint URI. Corresponds to the revocation_endpoint metadata field.

Parameters:

revocationEndpoint - The token revocation endpoint URI, null if not specified.

getJWKSetURI

public URI getJWKSetURI()

Gets the JSON Web Key (JWK) set URI. Corresponds to the jwks_uri metadata field.

Returns:

The JWK set URI, null if not specified.

setJWKSetURI

public void setJWKSetURI(URI jwkSetURI)

Sets the JSON Web Key (JWT) set URI. Corresponds to the jwks_uri metadata field.

Parameters:

jwkSetURI - The JWK set URI, null if not specified.

getScopes

public Scope getScopes()

Gets the supported scope values. Corresponds to the scopes_supported metadata field.

Returns:

The supported scope values, null if not specified.

setScopes

public void setScopes(Scope scope)

Sets the supported scope values. Corresponds to the scopes_supported metadata field.

Parameters:

scope - The supported scope values, null if not specified.

getResponseTypes

public List<ResponseType> getResponseTypes()

Gets the supported response type values. Corresponds to the response_types_supported metadata field.

Returns:

The supported response type values, null if not specified.

setResponseTypes

public void setResponseTypes(List<ResponseType> rts)

Sets the supported response type values. Corresponds to the response_types_supported metadata field.

Parameters:

rts - The supported response type values, null if not specified.

getResponseModes

public List<ResponseMode> getResponseModes()

Gets the supported response mode values. Corresponds to the response_modes_supported.

Returns:

The supported response mode values, null if not specified.

setResponseModes

public void setResponseModes(List<ResponseMode> rms)

Sets the supported response mode values. Corresponds to the response_modes_supported.

Parameters:

rms - The supported response mode values, null if not specified.

getGrantTypes

public List<GrantType> getGrantTypes()

Gets the supported OAuth 2.0 grant types. Corresponds to the grant_types_supported metadata field.

Returns:

The supported grant types, null if not specified.

setGrantTypes

public void setGrantTypes(List<GrantType> gts)

Sets the supported OAuth 2.0 grant types. Corresponds to the grant_types_supported metadata field.

Parameters:

gts - The supported grant types, null if not specified.

getCodeChallengeMethods

public List<CodeChallengeMethod> getCodeChallengeMethods()

Gets the supported authorisation code challenge methods for PKCE. Corresponds to the code_challenge_methods_supported metadata field.

Returns:

The supported code challenge methods, null if not specified.

setCodeChallengeMethods

public void setCodeChallengeMethods(List<CodeChallengeMethod> codeChallengeMethods)

Gets the supported authorisation code challenge methods for PKCE. Corresponds to the code_challenge_methods_supported metadata field.

Parameters:

codeChallengeMethods - The supported code challenge methods, null if not specified.

getTokenEndpointAuthMethods

public List<ClientAuthenticationMethod> getTokenEndpointAuthMethods()

Gets the supported token endpoint authentication methods. Corresponds to the token_endpoint_auth_methods_supported metadata field.

Returns:

The supported token endpoint authentication methods, null if not specified.

setTokenEndpointAuthMethods

public void setTokenEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)

Sets the supported token endpoint authentication methods. Corresponds to the token_endpoint_auth_methods_supported metadata field.

Parameters:

authMethods - The supported token endpoint authentication methods, null if not specified.

getTokenEndpointJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getTokenEndpointJWSAlgs()

Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt token endpoint authentication methods. Corresponds to the token_endpoint_auth_signing_alg_values_supported metadata field.

Returns:

The supported JWS algorithms, null if not specified.

setTokenEndpointJWSAlgs

public void setTokenEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)

Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt token endpoint authentication methods. Corresponds to the token_endpoint_auth_signing_alg_values_supported metadata field.

Parameters:

jwsAlgs - The supported JWS algorithms, null if not specified. Must not contain the none algorithm.

getIntrospectionEndpointAuthMethods

public List<ClientAuthenticationMethod> getIntrospectionEndpointAuthMethods()

Gets the supported introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_methods_supported metadata field.

Returns:

The supported introspection endpoint authentication methods, null if not specified.

setIntrospectionEndpointAuthMethods

public void setIntrospectionEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)

Sets the supported introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_methods_supported metadata field.

Parameters:

authMethods - The supported introspection endpoint authentication methods, null if not specified.

getIntrospectionEndpointJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getIntrospectionEndpointJWSAlgs()

Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_signing_alg_values_supported metadata field.

Returns:

The supported JWS algorithms, null if not specified.

setIntrospectionEndpointJWSAlgs

public void setIntrospectionEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)

Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_signing_alg_values_supported metadata field.

Parameters:

jwsAlgs - The supported JWS algorithms, null if not specified. Must not contain the none algorithm.

getRevocationEndpointAuthMethods

public List<ClientAuthenticationMethod> getRevocationEndpointAuthMethods()

Gets the supported revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_methods_supported metadata field.

Returns:

The supported revocation endpoint authentication methods, null if not specified.

setRevocationEndpointAuthMethods

public void setRevocationEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)

Sets the supported revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_methods_supported metadata field.

Parameters:

authMethods - The supported revocation endpoint authentication methods, null if not specified.

getRevocationEndpointJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getRevocationEndpointJWSAlgs()

Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_signing_alg_values_supported metadata field.

Returns:

The supported JWS algorithms, null if not specified.

setRevocationEndpointJWSAlgs

public void setRevocationEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)

Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_signing_alg_values_supported metadata field.

Parameters:

jwsAlgs - The supported JWS algorithms, null if not specified. Must not contain the none algorithm.

getRequestObjectJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getRequestObjectJWSAlgs()

Gets the supported JWS algorithms for request objects. Corresponds to the request_object_signing_alg_values_supported metadata field.

Returns:

The supported JWS algorithms, null if not specified.

setRequestObjectJWSAlgs

public void setRequestObjectJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> requestObjectJWSAlgs)

Sets the supported JWS algorithms for request objects. Corresponds to the request_object_signing_alg_values_supported metadata field.

Parameters:

requestObjectJWSAlgs - The supported JWS algorithms, null if not specified.

getRequestObjectJWEAlgs

public List<com.nimbusds.jose.JWEAlgorithm> getRequestObjectJWEAlgs()

Gets the supported JWE algorithms for request objects. Corresponds to the request_object_encryption_alg_values_supported metadata field.

Returns:

The supported JWE algorithms, null if not specified.

setRequestObjectJWEAlgs

public void setRequestObjectJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> requestObjectJWEAlgs)

Sets the supported JWE algorithms for request objects. Corresponds to the request_object_encryption_alg_values_supported metadata field.

Parameters:

requestObjectJWEAlgs - The supported JWE algorithms, null if not specified.

getRequestObjectJWEEncs

public List<com.nimbusds.jose.EncryptionMethod> getRequestObjectJWEEncs()

Gets the supported encryption methods for request objects. Corresponds to the request_object_encryption_enc_values_supported metadata field.

Returns:

The supported encryption methods, null if not specified.

setRequestObjectJWEEncs

public void setRequestObjectJWEEncs(List<com.nimbusds.jose.EncryptionMethod> requestObjectJWEEncs)

Sets the supported encryption methods for request objects. Corresponds to the request_object_encryption_enc_values_supported metadata field.

Parameters:

requestObjectJWEEncs - The supported encryption methods, null if not specified.

supportsRequestParam

public boolean supportsRequestParam()

Gets the support for the request authorisation request parameter. Corresponds to the request_parameter_supported metadata field.

Returns:

true if the reqeust parameter is supported, else false.

setSupportsRequestParam

public void setSupportsRequestParam(boolean requestParamSupported)

Sets the support for the request authorisation request parameter. Corresponds to the request_parameter_supported metadata field.

Parameters:

requestParamSupported - true if the reqeust parameter is supported, else false.

supportsRequestURIParam

public boolean supportsRequestURIParam()

Gets the support for the request_uri authorisation request parameter. Corresponds the request_uri_parameter_supported metadata field.

Returns:

true if the request_uri parameter is supported, else false.

setSupportsRequestURIParam

public void setSupportsRequestURIParam(boolean requestURIParamSupported)

Sets the support for the request_uri authorisation request parameter. Corresponds the request_uri_parameter_supported metadata field.

Parameters:

requestURIParamSupported - true if the request_uri parameter is supported, else false.

requiresRequestURIRegistration

public boolean requiresRequestURIRegistration()

Gets the requirement for the request_uri parameter pre-registration. Corresponds to the require_request_uri_registration metadata field.

Returns:

true if the request_uri parameter values must be pre-registered, else false.

setRequiresRequestURIRegistration

public void setRequiresRequestURIRegistration(boolean requireRequestURIReg)

Sets the requirement for the request_uri parameter pre-registration. Corresponds to the require_request_uri_registration metadata field.

Parameters:

requireRequestURIReg - true if the request_uri parameter values must be pre-registered, else false.

getUILocales

public List<com.nimbusds.langtag.LangTag> getUILocales()

Gets the supported UI locales. Corresponds to the ui_locales_supported metadata field.

Returns:

The supported UI locales, null if not specified.

setUILocales

public void setUILocales(List<com.nimbusds.langtag.LangTag> uiLocales)

Sets the supported UI locales. Corresponds to the ui_locales_supported metadata field.

Parameters:

uiLocales - The supported UI locales, null if not specified.

getServiceDocsURI

public URI getServiceDocsURI()

Gets the service documentation URI. Corresponds to the service_documentation metadata field.

Returns:

The service documentation URI, null if not specified.

setServiceDocsURI

public void setServiceDocsURI(URI serviceDocsURI)

Sets the service documentation URI. Corresponds to the service_documentation metadata field.

Parameters:

serviceDocsURI - The service documentation URI, null if not specified.

getPolicyURI

public URI getPolicyURI()

Gets the provider's policy regarding relying party use of data. Corresponds to the op_policy_uri metadata field.

Returns:

The policy URI, null if not specified.

setPolicyURI

public void setPolicyURI(URI policyURI)

Sets the provider's policy regarding relying party use of data. Corresponds to the op_policy_uri metadata field.

Parameters:

policyURI - The policy URI, null if not specified.

getTermsOfServiceURI

public URI getTermsOfServiceURI()

Gets the provider's terms of service. Corresponds to the op_tos_uri metadata field.

Returns:

The terms of service URI, null if not specified.

setTermsOfServiceURI

public void setTermsOfServiceURI(URI tosURI)

Sets the provider's terms of service. Corresponds to the op_tos_uri metadata field.

Parameters:

tosURI - The terms of service URI, null if not specified.

supportsTLSClientCertificateBoundAccessTokens

public boolean supportsTLSClientCertificateBoundAccessTokens()

Gets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.

Returns:

true if TLS client certificate bound access tokens are supported, else false.

setSupportsTLSClientCertificateBoundAccessTokens

public void setSupportsTLSClientCertificateBoundAccessTokens(boolean tlsClientCertBoundTokens)

Sets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.

Parameters:

tlsClientCertBoundTokens - true if TLS client certificate bound access tokens are supported, else false.

supportsMutualTLSSenderConstrainedAccessTokens

@Deprecated
public boolean supportsMutualTLSSenderConstrainedAccessTokens()

Deprecated.

Gets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.

Returns:

true if TLS client certificate bound access tokens are supported, else false.

setSupportsMutualTLSSenderConstrainedAccessTokens

@Deprecated
public void setSupportsMutualTLSSenderConstrainedAccessTokens(boolean mutualTLSSenderConstrainedAccessTokens)

Deprecated.

Sets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.

Parameters:

mutualTLSSenderConstrainedAccessTokens - true if TLS client certificate bound access tokens are supported, else false.

getCustomParameter

public Object getCustomParameter(String name)

Gets the specified custom (not registered) parameter.

Parameters:

name - The parameter name. Must not be null.

Returns:

The parameter value, null if not specified.

getCustomURIParameter

public URI getCustomURIParameter(String name)

Gets the specified custom (not registered) URI parameter.

Parameters:

name - The parameter name. Must not be null.

Returns:

The parameter URI value, null if not specified.

setCustomParameter

public void setCustomParameter(String name,
                               Object value)

Sets the specified custom (not registered) parameter.

Parameters:

name - The parameter name. Must not be null.

value - The parameter value, null if not specified.

getCustomParameters

public net.minidev.json.JSONObject getCustomParameters()

Gets the custom (not registered) parameters.

Returns:

The custom parameters, empty JSON object if none.

applyDefaults

public void applyDefaults()

Applies the OAuth 2.0 Authorisation Server metadata defaults where no values have been specified.

• The response modes default to ["query", "fragment"].
• The grant types default to ["authorization_code", "implicit"].
• The token endpoint authentication methods default to ["client_secret_basic"].

toJSONObject

public net.minidev.json.JSONObject toJSONObject()

Returns the JSON object representation of this OpenID Connect provider metadata.

Returns:

The JSON object representation.

toString

public String toString()

Overrides:

toString in class Object

parse

public static AuthorizationServerMetadata parse(net.minidev.json.JSONObject jsonObject)
                                         throws ParseException

Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object.

Parameters:

jsonObject - The JSON object to parse. Must not be null.

Returns:

The OAuth 2.0 Authorisation Server metadata.

Throws:

ParseException - If the JSON object couldn't be parsed to an OAuth 2.0 Authorisation Server metadata.

parse

public static AuthorizationServerMetadata parse(String s)
                                         throws ParseException

Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object string.

Parameters:

s - The JSON object sting to parse. Must not be null.

Returns:

The OAuth 2.0 Authorisation Server metadata.

Throws:

ParseException - If the JSON object string couldn't be parsed to an OAuth 2.0 Authorisation Server metadata.

resolve

public static AuthorizationServerMetadata resolve(Issuer issuer)
                                           throws GeneralException,
                                                  IOException

Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from [issuer-url]/.well-known/oauth-authorization-server.

Parameters:

issuer - The issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

Returns:

The OAuth 2.0 authorisation server metadata.

Throws:

GeneralException - If the issuer identifier or the downloaded metadata are invalid.

IOException - On a HTTP exception.

resolve

public static AuthorizationServerMetadata resolve(Issuer issuer,
                                                  int connectTimeout,
                                                  int readTimeout)
                                           throws GeneralException,
                                                  IOException

Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from [issuer-url]/.well-known/oauth-authorization-server.

Parameters:

issuer - The issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

connectTimeout - The HTTP connect timeout, in milliseconds. Zero implies no timeout. Must not be negative.

readTimeout - The HTTP response read timeout, in milliseconds. Zero implies no timeout. Must not be negative.

Returns:

The OAuth 2.0 authorisation server metadata.

Throws:

GeneralException - If the issuer identifier or the downloaded metadata are invalid.

IOException - On a HTTP exception.