Package com.nimbusds.openid.connect.sdk

Class AuthenticationRequest.Builder

java.lang.Object
com.nimbusds.openid.connect.sdk.AuthenticationRequest.Builder
Enclosing class:
AuthenticationRequest
public static class AuthenticationRequest.Builder extends Object
Builder for constructing OpenID Connect authentication requests.

  • Constructor Details

    • Builder

      public Builder(ResponseType rt, Scope scope, ClientID clientID, URI redirectURI)
      Creates a new OpenID Connect authentication request builder.
      Parameters:
      rt - The response type. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.
      scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.
      clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.
      redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null unless set by means of the optional request_object / request_uri parameter.

    • Builder

      public Builder(com.nimbusds.jwt.JWT requestObject, ClientID clientID)
      Creates a new JWT secured OpenID Connect authentication request (JAR) builder.
      Parameters:
      requestObject - The request object. Must not be null.
      clientID - The client ID. Must not be null.

    • Builder

      public Builder(URI requestURI, ClientID clientID)
      Creates a new JWT secured OpenID Connect authentication request (JAR) builder.
      Parameters:
      requestURI - The request object URI. Must not be null.
      clientID - The client ID. Must not be null.

    • Builder

      public Builder(AuthenticationRequest request)
      Creates a new OpenID Connect authentication request builder from the specified request.
      Parameters:
      request - The OpenID Connect authentication request. Must not be null.

  • Method Details

    • responseType

      public AuthenticationRequest.Builder responseType(ResponseType rt)
      Sets the response type. Corresponds to the response_type parameter.
      Parameters:
      rt - The response type. Must not be null.
      Returns:
      This builder.

    • scope

      public AuthenticationRequest.Builder scope(Scope scope)
      Sets the scope. Corresponds to the scope parameter.
      Parameters:
      scope - The scope. Must not be null.
      Returns:
      This builder.

    • redirectionURI

      public AuthenticationRequest.Builder redirectionURI(URI redirectURI)
      Sets the redirection URI. Corresponds to the redirection_uri parameter.
      Parameters:
      redirectURI - The redirection URI. Must not be null.
      Returns:
      This builder.

    • state

      public AuthenticationRequest.Builder state(State state)
      Sets the state. Corresponds to the recommended state parameter.
      Parameters:
      state - The state, null if not specified.
      Returns:
      This builder.

    • endpointURI

      public AuthenticationRequest.Builder endpointURI(URI endpoint)
      Sets the URI of the authorisation endpoint.
      Parameters:
      endpoint - The URI of the authorisation endpoint. May be null if the request is not going to be serialised.
      Returns:
      This builder.

    • nonce

      public AuthenticationRequest.Builder nonce(Nonce nonce)
      Sets the nonce. Corresponds to the conditionally optional nonce parameter.
      Parameters:
      nonce - The nonce, null if not specified.
      Returns:
      This builder.

    • display

      public AuthenticationRequest.Builder display(Display display)
      Sets the requested display type. Corresponds to the optional display parameter.
      Parameters:
      display - The requested display type, null if not specified.
      Returns:
      This builder.

    • prompt

      public AuthenticationRequest.Builder prompt(Prompt prompt)
      Sets the requested prompt. Corresponds to the optional prompt parameter.
      Parameters:
      prompt - The requested prompt, null if not specified.
      Returns:
      This builder.

    • prompt

      public AuthenticationRequest.Builder prompt(Prompt.Type... promptType)
      Sets the requested prompt. Corresponds to the optional prompt parameter.
      Parameters:
      promptType - The requested prompt types, null if not specified.
      Returns:
      This builder.

    • dPoPJWKThumbprintConfirmation

      public AuthenticationRequest.Builder dPoPJWKThumbprintConfirmation(JWKThumbprintConfirmation dpopJKT)
      Sets the DPoP JWK SHA-256 thumbprint. Corresponds to the optional dpop_jkt parameter.
      Parameters:
      dpopJKT - DPoP JWK SHA-256 thumbprint, null if not specified.
      Returns:
      This builder.

    • trustChain

      public AuthenticationRequest.Builder trustChain(TrustChain trustChain)
      Sets the OpenID Connect Federation 1.0 trust chain. Corresponds to the optional trust_chain parameter.
      Parameters:
      trustChain - The trust chain, null if not specified.
      Returns:
      This builder.

    • maxAge

      public AuthenticationRequest.Builder maxAge(int maxAge)
      Sets the required maximum authentication age. Corresponds to the optional max_age parameter.
      Parameters:
      maxAge - The maximum authentication age, in seconds; 0 if not specified.
      Returns:
      This builder.

    • uiLocales

      public AuthenticationRequest.Builder uiLocales(List<com.nimbusds.langtag.LangTag> uiLocales)
      Sets the end-user's preferred languages and scripts for the user interface, ordered by preference. Corresponds to the optional ui_locales parameter.
      Parameters:
      uiLocales - The preferred UI locales, null if not specified.
      Returns:
      This builder.

    • claimsLocales

      public AuthenticationRequest.Builder claimsLocales(List<com.nimbusds.langtag.LangTag> claimsLocales)
      Sets the end-user's preferred languages and scripts for the claims being returned, ordered by preference. Corresponds to the optional claims_locales parameter.
      Parameters:
      claimsLocales - The preferred claims locales, null if not specified.
      Returns:
      This builder.

    • idTokenHint

      public AuthenticationRequest.Builder idTokenHint(com.nimbusds.jwt.JWT idTokenHint)
      Sets the ID Token hint. Corresponds to the conditionally optional id_token_hint parameter.
      Parameters:
      idTokenHint - The ID Token hint, null if not specified.
      Returns:
      This builder.

    • loginHint

      public AuthenticationRequest.Builder loginHint(String loginHint)
      Sets the login hint. Corresponds to the optional login_hint parameter.
      Parameters:
      loginHint - The login hint, null if not specified.
      Returns:
      This builder.

    • acrValues

      public AuthenticationRequest.Builder acrValues(List<ACR> acrValues)
      Sets the requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter.
      Parameters:
      acrValues - The requested ACR values, null if not specified.
      Returns:
      This builder.

    • claims

      @Deprecated public AuthenticationRequest.Builder claims(ClaimsRequest claims)
      Deprecated.
      Sets the individual claims to be returned. Corresponds to the optional claims parameter.
      Parameters:
      claims - The individual claims to be returned, null if not specified.
      Returns:
      This builder.
      See Also:

    • claims

      public AuthenticationRequest.Builder claims(OIDCClaimsRequest claims)
      Sets the individual OpenID claims to be returned. Corresponds to the optional claims parameter.
      Parameters:
      claims - The individual OpenID claims to be returned, null if not specified.
      Returns:
      This builder.

    • purpose

      public AuthenticationRequest.Builder purpose(String purpose)
      Sets the transaction specific purpose. Corresponds to the optional purpose parameter.
      Parameters:
      purpose - The purpose, null if not specified.
      Returns:
      This builder.

    • requestObject

      public AuthenticationRequest.Builder requestObject(com.nimbusds.jwt.JWT requestObject)
      Sets the request object. Corresponds to the optional request parameter. Must not be specified together with a request object URI.
      Parameters:
      requestObject - The request object, null if not specified.
      Returns:
      This builder.

    • requestURI

      public AuthenticationRequest.Builder requestURI(URI requestURI)
      Sets the request object URI. Corresponds to the optional request_uri parameter. Must not be specified together with a request object.
      Parameters:
      requestURI - The request object URI, null if not specified.
      Returns:
      This builder.

    • responseMode

      public AuthenticationRequest.Builder responseMode(ResponseMode rm)
      Sets the response mode. Corresponds to the optional response_mode parameter. Use of this parameter is not recommended unless a non-default response mode is requested (e.g. form_post).
      Parameters:
      rm - The response mode, null if not specified.
      Returns:
      This builder.

    • codeChallenge

      @Deprecated public AuthenticationRequest.Builder codeChallenge(CodeChallenge codeChallenge, CodeChallengeMethod codeChallengeMethod)
      Deprecated.
      Sets the code challenge for Proof Key for Code Exchange (PKCE) by public OAuth clients.
      Parameters:
      codeChallenge - The code challenge, null if not specified.
      codeChallengeMethod - The code challenge method, null if not specified.
      Returns:
      This builder.

    • codeChallenge

      public AuthenticationRequest.Builder codeChallenge(CodeVerifier codeVerifier, CodeChallengeMethod codeChallengeMethod)
      Sets the code challenge for Proof Key for Code Exchange (PKCE) by public OAuth clients.
      Parameters:
      codeVerifier - The code verifier to use to compute the code challenge, null if PKCE is not specified.
      codeChallengeMethod - The code challenge method, null if not specified. Defaults to CodeChallengeMethod.PLAIN if a code verifier is specified.
      Returns:
      This builder.

    • authorizationDetails

      public AuthenticationRequest.Builder authorizationDetails(List<AuthorizationDetail> authorizationDetails)
      Sets the Rich Authorisation Request (RAR) details.
      Parameters:
      authorizationDetails - The authorisation details, null if not specified.
      Returns:
      This builder.

    • resource

      public AuthenticationRequest.Builder resource(URI resource)
      Sets the resource server URI.
      Parameters:
      resource - The resource URI, null if not specified.
      Returns:
      This builder.

    • resources

      public AuthenticationRequest.Builder resources(URI... resources)
      Sets the resource server URI(s).
      Parameters:
      resources - The resource URI(s), null if not specified.
      Returns:
      This builder.

    • includeGrantedScopes

      public AuthenticationRequest.Builder includeGrantedScopes(boolean includeGrantedScopes)
      Requests incremental authorisation.
      Parameters:
      includeGrantedScopes - true to request incremental authorisation.
      Returns:
      This builder.

    • customParameter

      public AuthenticationRequest.Builder customParameter(String name, String... values)
      Sets a custom parameter.
      Parameters:
      name - The parameter name. Must not be null.
      values - The parameter values, null if not specified.
      Returns:
      This builder.

    • build

      public AuthenticationRequest build()
      Builds a new authentication request.
      Returns:
      The authentication request.