001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2021, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.util.List; 022 023import com.nimbusds.jose.EncryptionMethod; 024import com.nimbusds.jose.JWEAlgorithm; 025import com.nimbusds.jose.JWSAlgorithm; 026import com.nimbusds.langtag.LangTag; 027import com.nimbusds.oauth2.sdk.as.ReadOnlyAuthorizationServerMetadata; 028import com.nimbusds.openid.connect.sdk.Display; 029import com.nimbusds.openid.connect.sdk.SubjectType; 030import com.nimbusds.openid.connect.sdk.assurance.IdentityTrustFramework; 031import com.nimbusds.openid.connect.sdk.assurance.evidences.*; 032import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.AttachmentType; 033import com.nimbusds.openid.connect.sdk.assurance.evidences.attachment.HashAlgorithm; 034import com.nimbusds.openid.connect.sdk.claims.ACR; 035import com.nimbusds.openid.connect.sdk.claims.ClaimType; 036 037 038/** 039 * Read-only OpenID Provider (OP) metadata. 040 * 041 * <p>Related specifications: 042 * 043 * <ul> 044 * <li>OpenID Connect Discovery 1.0 045 * <li>OpenID Connect Session Management 1.0 046 * <li>OpenID Connect Front-Channel Logout 1.0 047 * <li>OpenID Connect Back-Channel Logout 1.0 048 * <li>OpenID Connect Native SSO for Mobile Apps 1.0 049 * <li>OpenID Connect for Identity Assurance 1.0 050 * <li>OpenID Connect Federation 1.0 051 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 052 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 053 * Access Tokens (RFC 8705) 054 * <li>Financial-grade API: JWT Secured Authorization Response Mode for 055 * OAuth 2.0 (JARM) 056 * <li>OAuth 2.0 Authorization Server Issuer Identification (RFC 9207) 057 * <li>OAuth 2.0 Rich Authorization Requests (RFC 9396) 058 * </ul> 059 */ 060public interface ReadOnlyOIDCProviderMetadata extends ReadOnlyAuthorizationServerMetadata, ReadOnlyOIDCProviderEndpointMetadata { 061 062 063 @Override 064 ReadOnlyOIDCProviderEndpointMetadata getReadOnlyMtlsEndpointAliases(); 065 066 067 /** 068 * Gets the supported Authentication Context Class References (ACRs). 069 * Corresponds to the {@code acr_values_supported} metadata field. 070 * 071 * @return The supported ACRs, {@code null} if not specified. 072 */ 073 List<ACR> getACRs(); 074 075 076 /** 077 * Gets the supported subject types. Corresponds to the 078 * {@code subject_types_supported} metadata field. 079 * 080 * @return The supported subject types. 081 */ 082 List<SubjectType> getSubjectTypes(); 083 084 085 /** 086 * Gets the supported JWS algorithms for ID tokens. Corresponds to the 087 * {@code id_token_signing_alg_values_supported} metadata field. 088 * 089 * @return The supported JWS algorithms, {@code null} if not specified. 090 */ 091 List<JWSAlgorithm> getIDTokenJWSAlgs(); 092 093 094 /** 095 * Gets the supported JWE algorithms for ID tokens. Corresponds to the 096 * {@code id_token_encryption_alg_values_supported} metadata field. 097 * 098 * @return The supported JWE algorithms, {@code null} if not specified. 099 */ 100 List<JWEAlgorithm> getIDTokenJWEAlgs(); 101 102 103 /** 104 * Gets the supported encryption methods for ID tokens. Corresponds to 105 * the {@code id_token_encryption_enc_values_supported} metadata field. 106 * 107 * @return The supported encryption methods, {@code null} if not 108 * specified. 109 */ 110 List<EncryptionMethod> getIDTokenJWEEncs(); 111 112 113 /** 114 * Gets the supported JWS algorithms for UserInfo JWTs. Corresponds to 115 * the {@code userinfo_signing_alg_values_supported} metadata field. 116 * 117 * @return The supported JWS algorithms, {@code null} if not specified. 118 */ 119 List<JWSAlgorithm> getUserInfoJWSAlgs(); 120 121 122 /** 123 * Gets the supported JWE algorithms for UserInfo JWTs. Corresponds to 124 * the {@code userinfo_encryption_alg_values_supported} metadata field. 125 * 126 * @return The supported JWE algorithms, {@code null} if not specified. 127 */ 128 List<JWEAlgorithm> getUserInfoJWEAlgs(); 129 130 131 /** 132 * Gets the supported encryption methods for UserInfo JWTs. Corresponds 133 * to the {@code userinfo_encryption_enc_values_supported} metadata 134 * field. 135 * 136 * @return The supported encryption methods, {@code null} if not 137 * specified. 138 */ 139 List<EncryptionMethod> getUserInfoJWEEncs(); 140 141 142 /** 143 * Gets the supported displays. Corresponds to the 144 * {@code display_values_supported} metadata field. 145 * 146 * @return The supported displays, {@code null} if not specified. 147 */ 148 List<Display> getDisplays(); 149 150 151 /** 152 * Gets the supported claim types. Corresponds to the 153 * {@code claim_types_supported} metadata field. 154 * 155 * @return The supported claim types, {@code null} if not specified. 156 */ 157 List<ClaimType> getClaimTypes(); 158 159 160 /** 161 * Gets the supported claims names. Corresponds to the 162 * {@code claims_supported} metadata field. 163 * 164 * @return The supported claims names, {@code null} if not specified. 165 */ 166 List<String> getClaims(); 167 168 169 /** 170 * Gets the supported claims locales. Corresponds to the 171 * {@code claims_locales_supported} metadata field. 172 * 173 * @return The supported claims locales, {@code null} if not specified. 174 */ 175 List<LangTag> getClaimsLocales(); 176 177 178 /** 179 * Gets the support for the {@code claims} authorisation request 180 * parameter. Corresponds to the {@code claims_parameter_supported} 181 * metadata field. 182 * 183 * @return {@code true} if the {@code claim} parameter is supported, 184 * else {@code false}. 185 */ 186 boolean supportsClaimsParam(); 187 188 189 /** 190 * Gets the support for front-channel logout. Corresponds to the 191 * {@code frontchannel_logout_supported} metadata field. 192 * 193 * @return {@code true} if front-channel logout is supported, else 194 * {@code false}. 195 */ 196 boolean supportsFrontChannelLogout(); 197 198 199 /** 200 * Gets the support for front-channel logout with a session ID. 201 * Corresponds to the {@code frontchannel_logout_session_supported} 202 * metadata field. 203 * 204 * @return {@code true} if front-channel logout with a session ID is 205 * supported, else {@code false}. 206 */ 207 boolean supportsFrontChannelLogoutSession(); 208 209 210 /** 211 * Gets the support for back-channel logout. Corresponds to the 212 * {@code backchannel_logout_supported} metadata field. 213 * 214 * @return {@code true} if back-channel logout is supported, else 215 * {@code false}. 216 */ 217 boolean supportsBackChannelLogout(); 218 219 220 /** 221 * Gets the support for back-channel logout with a session ID. 222 * Corresponds to the {@code backchannel_logout_session_supported} 223 * metadata field. 224 * 225 * @return {@code true} if back-channel logout with a session ID is 226 * supported, else {@code false}. 227 */ 228 boolean supportsBackChannelLogoutSession(); 229 230 231 /** 232 * Gets the support for OpenID Connect native SSO. Corresponds to the 233 * {@code native_sso_supported} metadata field. 234 * 235 * @return {@code true} if native SSO is supported, else {@code false}. 236 */ 237 boolean supportsNativeSSO(); 238 239 240 /** 241 * Gets support for verified claims. Corresponds to the 242 * {@code verified_claims_supported} metadata field. 243 * 244 * @return {@code true} if verified claims are supported, else 245 * {@code false}. 246 */ 247 boolean supportsVerifiedClaims(); 248 249 250 /** 251 * Gets the supported identity trust frameworks. Corresponds to the 252 * {@code trust_frameworks_supported} metadata field. 253 * 254 * @return The supported identity trust frameworks, {@code null} if not 255 * specified. 256 */ 257 List<IdentityTrustFramework> getIdentityTrustFrameworks(); 258 259 260 /** 261 * Gets the supported identity evidence types. Corresponds to the 262 * {@code evidence_supported} metadata field. 263 * 264 * @return The supported identity evidence types, {@code null} if not 265 * specified. 266 */ 267 List<IdentityEvidenceType> getIdentityEvidenceTypes(); 268 269 270 /** 271 * Gets the supported identity document types. Corresponds to the 272 * {@code documents_supported} metadata field. 273 * 274 * @return The supported identity document types, {@code null} if not 275 * specified. 276 */ 277 List<DocumentType> getDocumentTypes(); 278 279 280 /** 281 * Gets the supported identity document types. Corresponds to the 282 * {@code id_documents_supported} metadata field. 283 * 284 * @return The supported identity documents types, {@code null} if not 285 * specified. 286 * @deprecated Use {@link #getDocumentTypes} instead. 287 */ 288 @Deprecated 289 List<IDDocumentType> getIdentityDocumentTypes(); 290 291 292 /** 293 * Gets the supported coarse identity verification methods for 294 * evidences of type document. Corresponds to the 295 * {@code documents_methods_supported} metadata field. 296 * 297 * @return The supported identity verification methods for document 298 * evidences, {@code null} if not specified. 299 */ 300 List<IdentityVerificationMethod> getDocumentMethods(); 301 302 303 /** 304 * Gets the supported validation methods for evidences of type 305 * document. Corresponds to the 306 * {@code documents_validation_methods_supported} metadata field. 307 * 308 * @return The validation methods for document evidences, {@code null} 309 * if not specified. 310 */ 311 List<ValidationMethodType> getDocumentValidationMethods(); 312 313 314 /** 315 * Gets the supported verification methods for evidences of type 316 * document. Corresponds to the 317 * {@code documents_verification_methods_supported} metadata field. 318 * 319 * @return The verification methods for document evidences, {@code null} 320 * if not specified. 321 */ 322 List<VerificationMethodType> getDocumentVerificationMethods(); 323 324 325 /** 326 * Gets the supported electronic record types. Corresponds to the 327 * {@code electronic_records_supported} metadata field. 328 * 329 * @return The supported electronic record types, {@code null} if not 330 * specified. 331 */ 332 List<ElectronicRecordType> getElectronicRecordTypes(); 333 334 335 /** 336 * Gets the supported identity verification methods. Corresponds to the 337 * {@code id_documents_verification_methods_supported} metadata field. 338 * 339 * @return The supported identity verification methods, {@code null} if 340 * not specified. 341 */ 342 @Deprecated 343 List<IdentityVerificationMethod> getIdentityVerificationMethods(); 344 345 346 /** 347 * Gets the names of the supported verified claims. Corresponds to the 348 * {@code claims_in_verified_claims_supported} metadata field. 349 * 350 * @return The supported verified claims names, {@code null} if not 351 * specified. 352 */ 353 List<String> getVerifiedClaims(); 354 355 356 /** 357 * Gets the supported evidence attachment types. Corresponds to the 358 * {@code attachments_supported} metadata field. 359 * 360 * @return The supported evidence attachment types, empty if 361 * attachments are not supported, {@code null} if not 362 * specified. 363 */ 364 List<AttachmentType> getAttachmentTypes(); 365 366 367 /** 368 * Gets the supported digest algorithms for the external evidence 369 * attachments. Corresponds to the {@code digest_algorithms_supported} 370 * metadata field. 371 * 372 * @return The supported digest algorithms, {@code null} if not 373 * specified. 374 */ 375 List<HashAlgorithm> getAttachmentDigestAlgs(); 376}