Package com.nimbusds.openid.connect.sdk

Class ClaimsRequest

  • public class ClaimsRequest
extends Object
    Specifies the individual claims to return from the UserInfo endpoint and / or in the ID Token.

    Related specifications:

    • OpenID Connect Core 1.0, section 5.5.

    • Constructor Detail

      • ClaimsRequest

        public ClaimsRequest()
        Creates a new empty claims request.

    • Method Detail

      • add

        public void add​(ClaimsRequest other)
        Adds the entries from the specified other claims request.
        Parameters:
        other - The other claims request. If null no claims request entries will be added to this claims request.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName)
        Adds the specified ID token claim to the request. It is marked as voluntary and no language tag and value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName,
                            ClaimRequirement requirement)
        Adds the specified ID token claim to the request. No language tag and value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName,
                            ClaimRequirement requirement,
                            com.nimbusds.langtag.LangTag langTag)
        Adds the specified ID token claim to the request. No value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName,
                            ClaimRequirement requirement,
                            com.nimbusds.langtag.LangTag langTag,
                            String value)
        Adds the specified ID token claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        value - The expected claim value, null if not specified.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName,
                            ClaimRequirement requirement,
                            com.nimbusds.langtag.LangTag langTag,
                            List<String> values)
        Adds the specified ID token claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        values - The expected claim values, null if not specified.

      • addIDTokenClaim

        public void addIDTokenClaim​(ClaimsRequest.Entry entry)
        Adds the specified ID token claim to the request.
        Parameters:
        entry - The individual ID token claim request. Must not be null.

      • getIDTokenClaimNames

        public Set<StringgetIDTokenClaimNames​(boolean withLangTag)
        Gets the names of the requested ID token claim names.
        Parameters:
        withLangTag - If true the language tags, if any, will be appended to the names, else not.
        Returns:
        The ID token claim names, as an unmodifiable set, empty set if none.

      • removeIDTokenClaim

        public ClaimsRequest.Entry removeIDTokenClaim​(String claimName,
                                              com.nimbusds.langtag.LangTag langTag)
        Removes the specified ID token claim from the request.
        Parameters:
        claimName - The claim name. Must not be null.
        langTag - The associated language tag, null if none.
        Returns:
        The removed ID token claim, null if not found.

      • removeIDTokenClaims

        public Collection<ClaimsRequest.EntryremoveIDTokenClaims​(String claimName)
        Removes the specified ID token claims from the request, in all existing language tag variations.
        Parameters:
        claimName - The claim name. Must not be null.
        Returns:
        The removed ID token claims, as an unmodifiable collection, empty set if none were found.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName)
        Adds the specified UserInfo claim to the request. It is marked as voluntary and no language tag and value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName,
                             ClaimRequirement requirement)
        Adds the specified UserInfo claim to the request. No language tag and value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName,
                             ClaimRequirement requirement,
                             com.nimbusds.langtag.LangTag langTag)
        Adds the specified UserInfo claim to the request. No value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName,
                             ClaimRequirement requirement,
                             com.nimbusds.langtag.LangTag langTag,
                             String value)
        Adds the specified UserInfo claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        value - The expected claim value, null if not specified.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName,
                             ClaimRequirement requirement,
                             com.nimbusds.langtag.LangTag langTag,
                             List<String> values)
        Adds the specified UserInfo claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        values - The expected claim values, null if not specified.

      • addUserInfoClaim

        public void addUserInfoClaim​(ClaimsRequest.Entry entry)
        Adds the specified UserInfo claim to the request.
        Parameters:
        entry - The individual UserInfo claim request. Must not be null.

      • getUserInfoClaimNames

        public Set<StringgetUserInfoClaimNames​(boolean withLangTag)
        Gets the names of the requested UserInfo claim names.
        Parameters:
        withLangTag - If true the language tags, if any, will be appended to the names, else not.
        Returns:
        The UserInfo claim names, as an unmodifiable set, empty set if none.

      • removeUserInfoClaim

        public ClaimsRequest.Entry removeUserInfoClaim​(String claimName,
                                               com.nimbusds.langtag.LangTag langTag)
        Removes the specified UserInfo claim from the request.
        Parameters:
        claimName - The claim name. Must not be null.
        langTag - The associated language tag, null if none.
        Returns:
        The removed UserInfo claim, null if not found.

      • removeUserInfoClaims

        public Collection<ClaimsRequest.EntryremoveUserInfoClaims​(String claimName)
        Removes the specified UserInfo claims from the request, in all existing language tag variations.
        Parameters:
        claimName - The claim name. Must not be null.
        Returns:
        The removed UserInfo claims, as an unmodifiable collection, empty set if none were found.

      • toJSONObject

        public net.minidev.json.JSONObject toJSONObject()
        Returns the JSON object representation of this claims request.

        Example: 

         {
   "userinfo":
    {
     "given_name": {"essential": true},
     "nickname": null,
     "email": {"essential": true},
     "email_verified": {"essential": true},
     "picture": null,
     "http://example.info/claims/groups": null
    },
   "id_token":
    {
     "auth_time": {"essential": true},
     "acr": {"values": ["urn:mace:incommon:iap:silver"] }
    }
 }
        Returns:
        The corresponding JSON object, empty if no ID token and UserInfo claims are specified.

      • resolve

        public static ClaimsRequest resolve​(ResponseType responseType,
                                    Scope scope)
        Resolves the claims request for the specified response type and scope. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        Returns:
        The claims request.

      • resolve

        public static ClaimsRequest resolve​(ResponseType responseType,
                                    Scope scope,
                                    Map<Scope.Value,​Set<String>> customClaims)
        Resolves the claims request for the specified response type and scope. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are checked in the specified custom claims map and resolved accordingly.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        customClaims - Custom scope to claim name map, null if not specified.
        Returns:
        The claims request.

      • resolve

        public static ClaimsRequest resolve​(ResponseType responseType,
                                    Scope scope,
                                    ClaimsRequest claimsRequest)
        Resolves the merged claims request from the specified OpenID authentication request parameters. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        claimsRequest - The claims request, corresponding to the optional claims OpenID Connect authorisation request parameter, null if not specified.
        Returns:
        The merged claims request.

      • resolve

        public static ClaimsRequest resolve​(ResponseType responseType,
                                    Scope scope,
                                    ClaimsRequest claimsRequest,
                                    Map<Scope.Value,​Set<String>> customClaims)
        Resolves the merged claims request from the specified OpenID authentication request parameters. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are checked in the specified custom claims map and resolved accordingly.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        claimsRequest - The claims request, corresponding to the optional claims OpenID Connect authorisation request parameter, null if not specified.
        customClaims - Custom scope to claim name map, null if not specified.
        Returns:
        The merged claims request.

      • resolve

        public static ClaimsRequest resolve​(AuthenticationRequest authRequest)
        Resolves the merged claims request for the specified OpenID authentication request. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
        Parameters:
        authRequest - The OpenID authentication request. Must not be null.
        Returns:
        The merged claims request.

      • parse

        public static ClaimsRequest parse​(net.minidev.json.JSONObject jsonObject)
        Parses a claims request from the specified JSON object representation. Unexpected members in the JSON object are silently ignored.
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        Returns:
        The claims request.

      • parse

        public static ClaimsRequest parse​(String json)
                           throws ParseException
        Parses a claims request from the specified JSON object string representation. Unexpected members in the JSON object are silently ignored.
        Parameters:
        json - The JSON object string to parse. Must not be null.
        Returns:
        The claims request.
        Throws:
        ParseException - If the string couldn't be parsed to a valid JSON object.