001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2021, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.util.List; 022 023import com.nimbusds.jose.EncryptionMethod; 024import com.nimbusds.jose.JWEAlgorithm; 025import com.nimbusds.jose.JWSAlgorithm; 026import com.nimbusds.langtag.LangTag; 027import com.nimbusds.oauth2.sdk.as.ReadOnlyAuthorizationServerMetadata; 028import com.nimbusds.openid.connect.sdk.Display; 029import com.nimbusds.openid.connect.sdk.SubjectType; 030import com.nimbusds.openid.connect.sdk.assurance.IdentityTrustFramework; 031import com.nimbusds.openid.connect.sdk.assurance.evidences.*; 032import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.AttachmentType; 033import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.HashAlgorithm; 034import com.nimbusds.openid.connect.sdk.claims.ACR; 035import com.nimbusds.openid.connect.sdk.claims.ClaimType; 036 037 038/** 039 * Read-only OpenID Provider (OP) metadata. 040 * 041 * <p>Related specifications: 042 * 043 * <ul> 044 * <li>OpenID Connect Discovery 1.0 045 * <li>OpenID Connect Session Management 1.0 046 * <li>OpenID Connect Front-Channel Logout 1.0 047 * <li>OpenID Connect Back-Channel Logout 1.0 048 * <li>OpenID Connect Native SSO for Mobile Apps 1.0 049 * <li>OpenID Connect for Identity Assurance 1.0 050 * <li>OpenID Connect Federation 1.0 051 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 052 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 053 * Access Tokens (RFC 8705) 054 * <li>The OAuth 2.0 Authorization Framework: JWT-Secured Authorization 055 * Request (JAR) (RFC 9101) 056 * <li>Financial-grade API: JWT Secured Authorization Response Mode for 057 * OAuth 2.0 (JARM) 058 * <li>OAuth 2.0 Authorization Server Issuer Identification (RFC 9207) 059 * <li>OAuth 2.0 Rich Authorization Requests (RFC 9396) 060 * </ul> 061 */ 062public interface ReadOnlyOIDCProviderMetadata extends ReadOnlyAuthorizationServerMetadata, ReadOnlyOIDCProviderEndpointMetadata { 063 064 065 @Override 066 ReadOnlyOIDCProviderEndpointMetadata getReadOnlyMtlsEndpointAliases(); 067 068 069 /** 070 * Gets the supported Authentication Context Class References (ACRs). 071 * Corresponds to the {@code acr_values_supported} metadata field. 072 * 073 * @return The supported ACRs, {@code null} if not specified. 074 */ 075 List<ACR> getACRs(); 076 077 078 /** 079 * Gets the supported subject types. Corresponds to the 080 * {@code subject_types_supported} metadata field. 081 * 082 * @return The supported subject types. 083 */ 084 List<SubjectType> getSubjectTypes(); 085 086 087 /** 088 * Gets the supported JWS algorithms for ID tokens. Corresponds to the 089 * {@code id_token_signing_alg_values_supported} metadata field. 090 * 091 * @return The supported JWS algorithms, {@code null} if not specified. 092 */ 093 List<JWSAlgorithm> getIDTokenJWSAlgs(); 094 095 096 /** 097 * Gets the supported JWE algorithms for ID tokens. Corresponds to the 098 * {@code id_token_encryption_alg_values_supported} metadata field. 099 * 100 * @return The supported JWE algorithms, {@code null} if not specified. 101 */ 102 List<JWEAlgorithm> getIDTokenJWEAlgs(); 103 104 105 /** 106 * Gets the supported encryption methods for ID tokens. Corresponds to 107 * the {@code id_token_encryption_enc_values_supported} metadata field. 108 * 109 * @return The supported encryption methods, {@code null} if not 110 * specified. 111 */ 112 List<EncryptionMethod> getIDTokenJWEEncs(); 113 114 115 /** 116 * Gets the supported JWS algorithms for UserInfo JWTs. Corresponds to 117 * the {@code userinfo_signing_alg_values_supported} metadata field. 118 * 119 * @return The supported JWS algorithms, {@code null} if not specified. 120 */ 121 List<JWSAlgorithm> getUserInfoJWSAlgs(); 122 123 124 /** 125 * Gets the supported JWE algorithms for UserInfo JWTs. Corresponds to 126 * the {@code userinfo_encryption_alg_values_supported} metadata field. 127 * 128 * @return The supported JWE algorithms, {@code null} if not specified. 129 */ 130 List<JWEAlgorithm> getUserInfoJWEAlgs(); 131 132 133 /** 134 * Gets the supported encryption methods for UserInfo JWTs. Corresponds 135 * to the {@code userinfo_encryption_enc_values_supported} metadata 136 * field. 137 * 138 * @return The supported encryption methods, {@code null} if not 139 * specified. 140 */ 141 List<EncryptionMethod> getUserInfoJWEEncs(); 142 143 144 /** 145 * Gets the supported displays. Corresponds to the 146 * {@code display_values_supported} metadata field. 147 * 148 * @return The supported displays, {@code null} if not specified. 149 */ 150 List<Display> getDisplays(); 151 152 153 /** 154 * Gets the supported claim types. Corresponds to the 155 * {@code claim_types_supported} metadata field. 156 * 157 * @return The supported claim types, {@code null} if not specified. 158 */ 159 List<ClaimType> getClaimTypes(); 160 161 162 /** 163 * Gets the supported claims names. Corresponds to the 164 * {@code claims_supported} metadata field. 165 * 166 * @return The supported claims names, {@code null} if not specified. 167 */ 168 List<String> getClaims(); 169 170 171 /** 172 * Gets the supported claims locales. Corresponds to the 173 * {@code claims_locales_supported} metadata field. 174 * 175 * @return The supported claims locales, {@code null} if not specified. 176 */ 177 List<LangTag> getClaimsLocales(); 178 179 180 /** 181 * Gets the support for the {@code claims} authorisation request 182 * parameter. Corresponds to the {@code claims_parameter_supported} 183 * metadata field. 184 * 185 * @return {@code true} if the {@code claim} parameter is supported, 186 * else {@code false}. 187 */ 188 boolean supportsClaimsParam(); 189 190 191 /** 192 * Gets the support for front-channel logout. Corresponds to the 193 * {@code frontchannel_logout_supported} metadata field. 194 * 195 * @return {@code true} if front-channel logout is supported, else 196 * {@code false}. 197 */ 198 boolean supportsFrontChannelLogout(); 199 200 201 /** 202 * Gets the support for front-channel logout with a session ID. 203 * Corresponds to the {@code frontchannel_logout_session_supported} 204 * metadata field. 205 * 206 * @return {@code true} if front-channel logout with a session ID is 207 * supported, else {@code false}. 208 */ 209 boolean supportsFrontChannelLogoutSession(); 210 211 212 /** 213 * Gets the support for back-channel logout. Corresponds to the 214 * {@code backchannel_logout_supported} metadata field. 215 * 216 * @return {@code true} if back-channel logout is supported, else 217 * {@code false}. 218 */ 219 boolean supportsBackChannelLogout(); 220 221 222 /** 223 * Gets the support for back-channel logout with a session ID. 224 * Corresponds to the {@code backchannel_logout_session_supported} 225 * metadata field. 226 * 227 * @return {@code true} if back-channel logout with a session ID is 228 * supported, else {@code false}. 229 */ 230 boolean supportsBackChannelLogoutSession(); 231 232 233 /** 234 * Gets the support for OpenID Connect native SSO. Corresponds to the 235 * {@code native_sso_supported} metadata field. 236 * 237 * @return {@code true} if native SSO is supported, else {@code false}. 238 */ 239 boolean supportsNativeSSO(); 240 241 242 /** 243 * Gets support for verified claims. Corresponds to the 244 * {@code verified_claims_supported} metadata field. 245 * 246 * @return {@code true} if verified claims are supported, else 247 * {@code false}. 248 */ 249 boolean supportsVerifiedClaims(); 250 251 252 /** 253 * Gets the supported identity trust frameworks. Corresponds to the 254 * {@code trust_frameworks_supported} metadata field. 255 * 256 * @return The supported identity trust frameworks, {@code null} if not 257 * specified. 258 */ 259 List<IdentityTrustFramework> getIdentityTrustFrameworks(); 260 261 262 /** 263 * Gets the supported identity evidence types. Corresponds to the 264 * {@code evidence_supported} metadata field. 265 * 266 * @return The supported identity evidence types, {@code null} if not 267 * specified. 268 */ 269 List<IdentityEvidenceType> getIdentityEvidenceTypes(); 270 271 272 /** 273 * Gets the supported identity document types. Corresponds to the 274 * {@code documents_supported} metadata field. 275 * 276 * @return The supported identity document types, {@code null} if not 277 * specified. 278 */ 279 List<DocumentType> getDocumentTypes(); 280 281 282 /** 283 * Gets the supported identity document types. Corresponds to the 284 * {@code id_documents_supported} metadata field. 285 * 286 * @return The supported identity documents types, {@code null} if not 287 * specified. 288 * @deprecated Use {@link #getDocumentTypes} instead. 289 */ 290 @Deprecated 291 List<IDDocumentType> getIdentityDocumentTypes(); 292 293 294 /** 295 * Gets the supported coarse identity verification methods for 296 * evidences of type document. Corresponds to the 297 * {@code documents_methods_supported} metadata field. 298 * 299 * @return The supported identity verification methods for document 300 * evidences, {@code null} if not specified. 301 */ 302 List<IdentityVerificationMethod> getDocumentMethods(); 303 304 305 /** 306 * Gets the supported validation methods for evidences of type 307 * document. Corresponds to the 308 * {@code documents_validation_methods_supported} metadata field. 309 * 310 * @return The validation methods for document evidences, {@code null} 311 * if not specified. 312 */ 313 List<ValidationMethodType> getDocumentValidationMethods(); 314 315 316 /** 317 * Gets the supported verification methods for evidences of type 318 * document. Corresponds to the 319 * {@code documents_verification_methods_supported} metadata field. 320 * 321 * @return The verification methods for document evidences, {@code null} 322 * if not specified. 323 */ 324 List<VerificationMethodType> getDocumentVerificationMethods(); 325 326 327 /** 328 * Gets the supported electronic record types. Corresponds to the 329 * {@code electronic_records_supported} metadata field. 330 * 331 * @return The supported electronic record types, {@code null} if not 332 * specified. 333 */ 334 List<ElectronicRecordType> getElectronicRecordTypes(); 335 336 337 /** 338 * Gets the supported identity verification methods. Corresponds to the 339 * {@code id_documents_verification_methods_supported} metadata field. 340 * 341 * @return The supported identity verification methods, {@code null} if 342 * not specified. 343 */ 344 @Deprecated 345 List<IdentityVerificationMethod> getIdentityVerificationMethods(); 346 347 348 /** 349 * Gets the names of the supported verified claims. Corresponds to the 350 * {@code claims_in_verified_claims_supported} metadata field. 351 * 352 * @return The supported verified claims names, {@code null} if not 353 * specified. 354 */ 355 List<String> getVerifiedClaims(); 356 357 358 /** 359 * Gets the supported evidence attachment types. Corresponds to the 360 * {@code attachments_supported} metadata field. 361 * 362 * @return The supported evidence attachment types, empty if 363 * attachments are not supported, {@code null} if not 364 * specified. 365 */ 366 List<AttachmentType> getAttachmentTypes(); 367 368 369 /** 370 * Gets the supported digest algorithms for the external evidence 371 * attachments. Corresponds to the {@code digest_algorithms_supported} 372 * metadata field. 373 * 374 * @return The supported digest algorithms, {@code null} if not 375 * specified. 376 */ 377 List<HashAlgorithm> getAttachmentDigestAlgs(); 378}