Package com.nimbusds.oauth2.sdk.as

Class AuthorizationServerMetadata

java.lang.Object

com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata

com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata

All Implemented Interfaces:

ReadOnlyAuthorizationServerEndpointMetadata, ReadOnlyAuthorizationServerMetadata

Direct Known Subclasses:

OIDCProviderMetadata

public class AuthorizationServerMetadata
extends AuthorizationServerEndpointMetadata
implements ReadOnlyAuthorizationServerMetadata

OAuth 2.0 Authorisation Server (AS) metadata.

Related specifications:

• OAuth 2.0 Authorization Server Metadata (RFC 8414)
• OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705)
• OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (draft-ietf-oauth-dpop-02)
• Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
• OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)
• Financial-grade API - Part 2: Read and Write API Security Profile
• OAuth 2.0 Pushed Authorization Requests (RFC 9126)
• OAuth 2.0 Device Authorization Grant (RFC 8628)
• OpenID Connect Client Initiated Backchannel Authentication Flow - Core 1.0
• OAuth 2.0 Incremental Authorization (draft-ietf-oauth-incremental-authz-04)
• Initiating User Registration via OpenID Connect (draft 04)

Constructor Summary

Constructors

Constructor	Description
AuthorizationServerMetadata(Issuer issuer)	Creates a new OAuth 2.0 Authorisation Server (AS) metadata instance.

Method Summary

Modifier and Type	Method	Description
void	applyDefaults()	Applies the OAuth 2.0 Authorisation Server metadata defaults where no values have been specified.
List<com.nimbusds.jose.JWEAlgorithm>	getAuthorizationJWEAlgs()	Gets the supported JWE algorithms for JWT-encoded authorisation responses.
List<com.nimbusds.jose.EncryptionMethod>	getAuthorizationJWEEncs()	Gets the supported encryption methods for JWT-encoded authorisation responses.
List<com.nimbusds.jose.JWSAlgorithm>	getAuthorizationJWSAlgs()	Gets the supported JWS algorithms for JWT-encoded authorisation responses.
List<com.nimbusds.jose.JWSAlgorithm>	getBackChannelAuthenticationRequestJWSAlgs()	Gets the supported JWS algorithms for CIBA requests.
List<BackChannelTokenDeliveryMode>	getBackChannelTokenDeliveryModes()	Gets the supported CIBA token delivery modes.
List<CodeChallengeMethod>	getCodeChallengeMethods()	Gets the supported authorisation code challenge methods for PKCE.
Object	getCustomParameter(String name)	Gets the specified custom (not registered) parameter.
net.minidev.json.JSONObject	getCustomParameters()	Gets the custom (not registered) parameters.
URI	getCustomURIParameter(String name)	Gets the specified custom (not registered) URI parameter.
List<com.nimbusds.jose.JWSAlgorithm>	getDPoPJWSAlgs()	Gets the supported JWS algorithms for Demonstrating Proof-of-Possession at the Application Layer (DPoP).
List<GrantType>	getGrantTypes()	Gets the supported OAuth 2.0 grant types.
List<ClientType>	getIncrementalAuthorizationTypes()	Gets the supported OAuth 2.0 client types for incremental authorisation.
List<ClientAuthenticationMethod>	getIntrospectionEndpointAuthMethods()	Gets the supported introspection endpoint authentication methods.
List<com.nimbusds.jose.JWSAlgorithm>	getIntrospectionEndpointJWSAlgs()	Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt introspection endpoint authentication methods.
Issuer	getIssuer()	Gets the issuer identifier.
URI	getJWKSetURI()	Gets the JSON Web Key (JWK) set URI.
AuthorizationServerEndpointMetadata	getMtlsEndpointAliases()	Gets the aliases for communication with mutual TLS.
URI	getPolicyURI()	Gets the provider's policy regarding relying party use of data.
List<Prompt.Type>	getPromptTypes()	Gets the supported prompt types.
ReadOnlyAuthorizationServerEndpointMetadata	getReadOnlyMtlsEndpointAliases()	Gets the aliases for communication with mutual TLS.
static Set<String>	getRegisteredParameterNames()	Gets the registered OpenID Connect provider metadata parameter names.
List<com.nimbusds.jose.JWEAlgorithm>	getRequestObjectJWEAlgs()	Gets the supported JWE algorithms for request objects.
List<com.nimbusds.jose.EncryptionMethod>	getRequestObjectJWEEncs()	Gets the supported encryption methods for request objects.
List<com.nimbusds.jose.JWSAlgorithm>	getRequestObjectJWSAlgs()	Gets the supported JWS algorithms for request objects.
List<ResponseMode>	getResponseModes()	Gets the supported response mode values.
List<ResponseType>	getResponseTypes()	Gets the supported response type values.
List<ClientAuthenticationMethod>	getRevocationEndpointAuthMethods()	Gets the supported revocation endpoint authentication methods.
List<com.nimbusds.jose.JWSAlgorithm>	getRevocationEndpointJWSAlgs()	Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt revocation endpoint authentication methods.
Scope	getScopes()	Gets the supported scope values.
URI	getServiceDocsURI()	Gets the service documentation URI.
URI	getTermsOfServiceURI()	Gets the provider's terms of service.
List<ClientAuthenticationMethod>	getTokenEndpointAuthMethods()	Gets the supported token endpoint authentication methods.
List<com.nimbusds.jose.JWSAlgorithm>	getTokenEndpointJWSAlgs()	Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt token endpoint authentication methods.
List<com.nimbusds.langtag.LangTag>	getUILocales()	Gets the supported UI locales.
static AuthorizationServerMetadata	parse(String s)	Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object string.
static AuthorizationServerMetadata	parse(net.minidev.json.JSONObject jsonObject)	Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object.
boolean	requiresPushedAuthorizationRequests()	Gets the requirement for pushed authorisation requests (PAR).
void	requiresPushedAuthorizationRequests(boolean requirePAR)	Sets the requirement for pushed authorisation requests (PAR).
boolean	requiresRequestURIRegistration()	Gets the requirement for the request_uri parameter pre-registration.
static AuthorizationServerMetadata	resolve(Issuer issuer)	Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier.
static AuthorizationServerMetadata	resolve(Issuer issuer, int connectTimeout, int readTimeout)	Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier.
static URL	resolveURL(Issuer issuer)	Resolves OAuth 2.0 authorisation server metadata URL from the specified issuer identifier.
void	setAuthorizationJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> authzJWEAlgs)	Sets the supported JWE algorithms for JWT-encoded authorisation responses.
void	setAuthorizationJWEEncs(List<com.nimbusds.jose.EncryptionMethod> authzJWEEncs)	Sets the supported encryption methods for JWT-encoded authorisation responses.
void	setAuthorizationJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> authzJWSAlgs)	Sets the supported JWS algorithms for JWT-encoded authorisation responses.
void	setBackChannelAuthenticationRequestJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> backChannelAuthRequestJWSAlgs)	Gets the supported JWS algorithms for CIBA requests.
void	setBackChannelTokenDeliveryModes(List<BackChannelTokenDeliveryMode> backChannelTokenDeliveryModes)	Sets the supported CIBA token delivery modes.
void	setCodeChallengeMethods(List<CodeChallengeMethod> codeChallengeMethods)	Gets the supported authorisation code challenge methods for PKCE.
void	setCustomParameter(String name, Object value)	Sets the specified custom (not registered) parameter.
void	setDPoPJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> dPoPJWSAlgs)	Sets the supported JWS algorithms for Demonstrating Proof-of-Possession at the Application Layer (DPoP).
void	setGrantTypes(List<GrantType> gts)	Sets the supported OAuth 2.0 grant types.
void	setIncrementalAuthorizationTypes(List<ClientType> incrementalAuthzTypes)	Sets the supported OAuth 2.0 client types for incremental authorisation.
void	setIntrospectionEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)	Sets the supported introspection endpoint authentication methods.
void	setIntrospectionEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)	Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt introspection endpoint authentication methods.
void	setJWKSetURI(URI jwkSetURI)	Sets the JSON Web Key (JWT) set URI.
void	setMtlsEndpointAliases(AuthorizationServerEndpointMetadata mtlsEndpointAliases)	Sets the aliases for communication with mutual TLS.
void	setPolicyURI(URI policyURI)	Sets the provider's policy regarding relying party use of data.
void	setPromptTypes(List<Prompt.Type> promptTypes)	Sets the supported prompt types.
void	setRequestObjectJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> requestObjectJWEAlgs)	Sets the supported JWE algorithms for request objects.
void	setRequestObjectJWEEncs(List<com.nimbusds.jose.EncryptionMethod> requestObjectJWEEncs)	Sets the supported encryption methods for request objects.
void	setRequestObjectJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> requestObjectJWSAlgs)	Sets the supported JWS algorithms for request objects.
void	setRequiresRequestURIRegistration(boolean requireRequestURIReg)	Sets the requirement for the request_uri parameter pre-registration.
void	setResponseModes(List<ResponseMode> rms)	Sets the supported response mode values.
void	setResponseTypes(List<ResponseType> rts)	Sets the supported response type values.
void	setRevocationEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)	Sets the supported revocation endpoint authentication methods.
void	setRevocationEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)	Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt revocation endpoint authentication methods.
void	setScopes(Scope scope)	Sets the supported scope values.
void	setServiceDocsURI(URI serviceDocsURI)	Sets the service documentation URI.
void	setSupportsAuthorizationResponseIssuerParam(boolean authzResponseIssParameterSupported)	Sets the support for the iss authorisation response parameter.
void	setSupportsBackChannelUserCodeParam(boolean backChannelUserCodeSupported)	Sets the support for the user_code CIBA request parameter.
void	setSupportsMutualTLSSenderConstrainedAccessTokens(boolean mutualTLSSenderConstrainedAccessTokens)	Deprecated.
void	setSupportsRequestParam(boolean requestParamSupported)	Sets the support for the request authorisation request parameter.
void	setSupportsRequestURIParam(boolean requestURIParamSupported)	Sets the support for the request_uri authorisation request parameter.
void	setSupportsTLSClientCertificateBoundAccessTokens(boolean tlsClientCertBoundTokens)	Sets the support for TLS client certificate bound access tokens.
void	setTermsOfServiceURI(URI tosURI)	Sets the provider's terms of service.
void	setTokenEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)	Sets the supported token endpoint authentication methods.
void	setTokenEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)	Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt token endpoint authentication methods.
void	setUILocales(List<com.nimbusds.langtag.LangTag> uiLocales)	Sets the supported UI locales.
boolean	supportsAuthorizationResponseIssuerParam()	Gets the support for the iss authorisation response parameter.
boolean	supportsBackChannelUserCodeParam()	Gets the support for the user_code CIBA request parameter.
boolean	supportsMutualTLSSenderConstrainedAccessTokens()	Deprecated.
boolean	supportsRequestParam()	Gets the support for the request authorisation request parameter.
boolean	supportsRequestURIParam()	Gets the support for the request_uri authorisation request parameter.
boolean	supportsTLSClientCertificateBoundAccessTokens()	Gets the support for TLS client certificate bound access tokens.
net.minidev.json.JSONObject	toJSONObject()	Returns the JSON object representation of the metadata.

Methods inherited from class com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata

getAuthorizationEndpointURI, getBackChannelAuthenticationEndpoint, getBackChannelAuthenticationEndpointURI, getDeviceAuthorizationEndpointURI, getIntrospectionEndpointURI, getPushedAuthorizationRequestEndpointURI, getRegistrationEndpointURI, getRequestObjectEndpoint, getRevocationEndpointURI, getTokenEndpointURI, setAuthorizationEndpointURI, setBackChannelAuthenticationEndpoint, setBackChannelAuthenticationEndpointURI, setDeviceAuthorizationEndpointURI, setIntrospectionEndpointURI, setPushedAuthorizationRequestEndpointURI, setRegistrationEndpointURI, setRequestObjectEndpoint, setRevocationEndpointURI, setTokenEndpointURI, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.nimbusds.oauth2.sdk.as.ReadOnlyAuthorizationServerEndpointMetadata

getAuthorizationEndpointURI, getBackChannelAuthenticationEndpoint, getBackChannelAuthenticationEndpointURI, getDeviceAuthorizationEndpointURI, getIntrospectionEndpointURI, getPushedAuthorizationRequestEndpointURI, getRegistrationEndpointURI, getRequestObjectEndpoint, getRevocationEndpointURI, getTokenEndpointURI

Constructor Detail

AuthorizationServerMetadata

public AuthorizationServerMetadata(Issuer issuer)

Creates a new OAuth 2.0 Authorisation Server (AS) metadata instance.

Parameters:

issuer - The issuer identifier. Must be an URI using the https scheme with no query or fragment component. Must not be null.

Method Detail

getRegisteredParameterNames

public static Set<String> getRegisteredParameterNames()

Gets the registered OpenID Connect provider metadata parameter names.

Returns:

The registered OpenID Connect provider metadata parameter names, as an unmodifiable set.

getIssuer

public Issuer getIssuer()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the issuer identifier. Corresponds to the issuer metadata field.

Specified by:

getIssuer in interface ReadOnlyAuthorizationServerMetadata

Returns:

The issuer identifier.

getJWKSetURI

public URI getJWKSetURI()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the JSON Web Key (JWK) set URI. Corresponds to the jwks_uri metadata field.

Specified by:

getJWKSetURI in interface ReadOnlyAuthorizationServerMetadata

Returns:

The JWK set URI, null if not specified.

setJWKSetURI

public void setJWKSetURI(URI jwkSetURI)

Sets the JSON Web Key (JWT) set URI. Corresponds to the jwks_uri metadata field.

Parameters:

jwkSetURI - The JWK set URI, null if not specified.

getScopes

public Scope getScopes()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported scope values. Corresponds to the scopes_supported metadata field.

Specified by:

getScopes in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported scope values, null if not specified.

setScopes

public void setScopes(Scope scope)

Sets the supported scope values. Corresponds to the scopes_supported metadata field.

Parameters:

scope - The supported scope values, null if not specified.

getResponseTypes

public List<ResponseType> getResponseTypes()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported response type values. Corresponds to the response_types_supported metadata field.

Specified by:

getResponseTypes in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported response type values, null if not specified.

setResponseTypes

public void setResponseTypes(List<ResponseType> rts)

Sets the supported response type values. Corresponds to the response_types_supported metadata field.

Parameters:

rts - The supported response type values, null if not specified.

getResponseModes

public List<ResponseMode> getResponseModes()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported response mode values. Corresponds to the response_modes_supported.

Specified by:

getResponseModes in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported response mode values, null if not specified.

setResponseModes

public void setResponseModes(List<ResponseMode> rms)

Sets the supported response mode values. Corresponds to the response_modes_supported.

Parameters:

rms - The supported response mode values, null if not specified.

getGrantTypes

public List<GrantType> getGrantTypes()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported OAuth 2.0 grant types. Corresponds to the grant_types_supported metadata field.

Specified by:

getGrantTypes in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported grant types, null if not specified.

setGrantTypes

public void setGrantTypes(List<GrantType> gts)

Sets the supported OAuth 2.0 grant types. Corresponds to the grant_types_supported metadata field.

Parameters:

gts - The supported grant types, null if not specified.

getCodeChallengeMethods

public List<CodeChallengeMethod> getCodeChallengeMethods()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported authorisation code challenge methods for PKCE. Corresponds to the code_challenge_methods_supported metadata field.

Specified by:

getCodeChallengeMethods in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported code challenge methods, null if not specified.

setCodeChallengeMethods

public void setCodeChallengeMethods(List<CodeChallengeMethod> codeChallengeMethods)

Gets the supported authorisation code challenge methods for PKCE. Corresponds to the code_challenge_methods_supported metadata field.

Parameters:

codeChallengeMethods - The supported code challenge methods, null if not specified.

getTokenEndpointAuthMethods

public List<ClientAuthenticationMethod> getTokenEndpointAuthMethods()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported token endpoint authentication methods. Corresponds to the token_endpoint_auth_methods_supported metadata field.

Specified by:

getTokenEndpointAuthMethods in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported token endpoint authentication methods, null if not specified.

setTokenEndpointAuthMethods

public void setTokenEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)

Sets the supported token endpoint authentication methods. Corresponds to the token_endpoint_auth_methods_supported metadata field.

Parameters:

authMethods - The supported token endpoint authentication methods, null if not specified.

getTokenEndpointJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getTokenEndpointJWSAlgs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt token endpoint authentication methods. Corresponds to the token_endpoint_auth_signing_alg_values_supported metadata field.

Specified by:

getTokenEndpointJWSAlgs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported JWS algorithms, null if not specified.

setTokenEndpointJWSAlgs

public void setTokenEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)

Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt token endpoint authentication methods. Corresponds to the token_endpoint_auth_signing_alg_values_supported metadata field.

Parameters:

jwsAlgs - The supported JWS algorithms, null if not specified. Must not contain the none algorithm.

getIntrospectionEndpointAuthMethods

public List<ClientAuthenticationMethod> getIntrospectionEndpointAuthMethods()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_methods_supported metadata field.

Specified by:

getIntrospectionEndpointAuthMethods in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported introspection endpoint authentication methods, null if not specified.

setIntrospectionEndpointAuthMethods

public void setIntrospectionEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)

Sets the supported introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_methods_supported metadata field.

Parameters:

authMethods - The supported introspection endpoint authentication methods, null if not specified.

getIntrospectionEndpointJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getIntrospectionEndpointJWSAlgs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_signing_alg_values_supported metadata field.

Specified by:

getIntrospectionEndpointJWSAlgs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported JWS algorithms, null if not specified.

setIntrospectionEndpointJWSAlgs

public void setIntrospectionEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)

Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt introspection endpoint authentication methods. Corresponds to the introspection_endpoint_auth_signing_alg_values_supported metadata field.

Parameters:

jwsAlgs - The supported JWS algorithms, null if not specified. Must not contain the none algorithm.

getRevocationEndpointAuthMethods

public List<ClientAuthenticationMethod> getRevocationEndpointAuthMethods()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_methods_supported metadata field.

Specified by:

getRevocationEndpointAuthMethods in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported revocation endpoint authentication methods, null if not specified.

setRevocationEndpointAuthMethods

public void setRevocationEndpointAuthMethods(List<ClientAuthenticationMethod> authMethods)

Sets the supported revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_methods_supported metadata field.

Parameters:

authMethods - The supported revocation endpoint authentication methods, null if not specified.

getRevocationEndpointJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getRevocationEndpointJWSAlgs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported JWS algorithms for the private_key_jwt and client_secret_jwt revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_signing_alg_values_supported metadata field.

Specified by:

getRevocationEndpointJWSAlgs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported JWS algorithms, null if not specified.

setRevocationEndpointJWSAlgs

public void setRevocationEndpointJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> jwsAlgs)

Sets the supported JWS algorithms for the private_key_jwt and client_secret_jwt revocation endpoint authentication methods. Corresponds to the revocation_endpoint_auth_signing_alg_values_supported metadata field.

Parameters:

jwsAlgs - The supported JWS algorithms, null if not specified. Must not contain the none algorithm.

getRequestObjectJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getRequestObjectJWSAlgs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported JWS algorithms for request objects. Corresponds to the request_object_signing_alg_values_supported metadata field.

Specified by:

getRequestObjectJWSAlgs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported JWS algorithms, null if not specified.

setRequestObjectJWSAlgs

public void setRequestObjectJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> requestObjectJWSAlgs)

Sets the supported JWS algorithms for request objects. Corresponds to the request_object_signing_alg_values_supported metadata field.

Parameters:

requestObjectJWSAlgs - The supported JWS algorithms, null if not specified.

getRequestObjectJWEAlgs

public List<com.nimbusds.jose.JWEAlgorithm> getRequestObjectJWEAlgs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported JWE algorithms for request objects. Corresponds to the request_object_encryption_alg_values_supported metadata field.

Specified by:

getRequestObjectJWEAlgs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported JWE algorithms, null if not specified.

setRequestObjectJWEAlgs

public void setRequestObjectJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> requestObjectJWEAlgs)

Sets the supported JWE algorithms for request objects. Corresponds to the request_object_encryption_alg_values_supported metadata field.

Parameters:

requestObjectJWEAlgs - The supported JWE algorithms, null if not specified.

getRequestObjectJWEEncs

public List<com.nimbusds.jose.EncryptionMethod> getRequestObjectJWEEncs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported encryption methods for request objects. Corresponds to the request_object_encryption_enc_values_supported metadata field.

Specified by:

getRequestObjectJWEEncs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported encryption methods, null if not specified.

setRequestObjectJWEEncs

public void setRequestObjectJWEEncs(List<com.nimbusds.jose.EncryptionMethod> requestObjectJWEEncs)

Sets the supported encryption methods for request objects. Corresponds to the request_object_encryption_enc_values_supported metadata field.

Parameters:

requestObjectJWEEncs - The supported encryption methods, null if not specified.

supportsRequestParam

public boolean supportsRequestParam()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the support for the request authorisation request parameter. Corresponds to the request_parameter_supported metadata field.

Specified by:

supportsRequestParam in interface ReadOnlyAuthorizationServerMetadata

Returns:

true if the reqeust parameter is supported, else false.

setSupportsRequestParam

public void setSupportsRequestParam(boolean requestParamSupported)

Sets the support for the request authorisation request parameter. Corresponds to the request_parameter_supported metadata field.

Parameters:

requestParamSupported - true if the reqeust parameter is supported, else false.

supportsRequestURIParam

public boolean supportsRequestURIParam()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the support for the request_uri authorisation request parameter. Corresponds to the request_uri_parameter_supported metadata field.

Specified by:

supportsRequestURIParam in interface ReadOnlyAuthorizationServerMetadata

Returns:

true if the request_uri parameter is supported, else false.

setSupportsRequestURIParam

public void setSupportsRequestURIParam(boolean requestURIParamSupported)

Sets the support for the request_uri authorisation request parameter. Corresponds to the request_uri_parameter_supported metadata field.

Parameters:

requestURIParamSupported - true if the request_uri parameter is supported, else false.

requiresRequestURIRegistration

public boolean requiresRequestURIRegistration()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the requirement for the request_uri parameter pre-registration. Corresponds to the require_request_uri_registration metadata field.

Specified by:

requiresRequestURIRegistration in interface ReadOnlyAuthorizationServerMetadata

Returns:

true if the request_uri parameter values must be pre-registered, else false.

setRequiresRequestURIRegistration

public void setRequiresRequestURIRegistration(boolean requireRequestURIReg)

Sets the requirement for the request_uri parameter pre-registration. Corresponds to the require_request_uri_registration metadata field.

Parameters:

requireRequestURIReg - true if the request_uri parameter values must be pre-registered, else false.

supportsAuthorizationResponseIssuerParam

public boolean supportsAuthorizationResponseIssuerParam()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the support for the iss authorisation response parameter. Corresponds to the authorization_response_iss_parameter_supported metadata field.

Specified by:

supportsAuthorizationResponseIssuerParam in interface ReadOnlyAuthorizationServerMetadata

Returns:

true if the iss authorisation response parameter is provided, else false.

setSupportsAuthorizationResponseIssuerParam

public void setSupportsAuthorizationResponseIssuerParam(boolean authzResponseIssParameterSupported)

Sets the support for the iss authorisation response parameter. Corresponds to the authorization_response_iss_parameter_supported metadata field.

Parameters:

authzResponseIssParameterSupported - true if the iss authorisation response parameter is provided, else false.

getUILocales

public List<com.nimbusds.langtag.LangTag> getUILocales()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported UI locales. Corresponds to the ui_locales_supported metadata field.

Specified by:

getUILocales in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported UI locales, null if not specified.

setUILocales

public void setUILocales(List<com.nimbusds.langtag.LangTag> uiLocales)

Sets the supported UI locales. Corresponds to the ui_locales_supported metadata field.

Parameters:

uiLocales - The supported UI locales, null if not specified.

getServiceDocsURI

public URI getServiceDocsURI()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the service documentation URI. Corresponds to the service_documentation metadata field.

Specified by:

getServiceDocsURI in interface ReadOnlyAuthorizationServerMetadata

Returns:

The service documentation URI, null if not specified.

setServiceDocsURI

public void setServiceDocsURI(URI serviceDocsURI)

Sets the service documentation URI. Corresponds to the service_documentation metadata field.

Parameters:

serviceDocsURI - The service documentation URI, null if not specified. The URI scheme must be https or http.

getPolicyURI

public URI getPolicyURI()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the provider's policy regarding relying party use of data. Corresponds to the op_policy_uri metadata field.

Specified by:

getPolicyURI in interface ReadOnlyAuthorizationServerMetadata

Returns:

The policy URI, null if not specified.

setPolicyURI

public void setPolicyURI(URI policyURI)

Sets the provider's policy regarding relying party use of data. Corresponds to the op_policy_uri metadata field.

Parameters:

policyURI - The policy URI, null if not specified. The URI scheme must be https or http.

getTermsOfServiceURI

public URI getTermsOfServiceURI()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the provider's terms of service. Corresponds to the op_tos_uri metadata field.

Specified by:

getTermsOfServiceURI in interface ReadOnlyAuthorizationServerMetadata

Returns:

The terms of service URI, null if not specified.

setTermsOfServiceURI

public void setTermsOfServiceURI(URI tosURI)

Sets the provider's terms of service. Corresponds to the op_tos_uri metadata field.

Parameters:

tosURI - The terms of service URI, null if not specified. The URI scheme must be https or http.

getReadOnlyMtlsEndpointAliases

public ReadOnlyAuthorizationServerEndpointMetadata getReadOnlyMtlsEndpointAliases()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the aliases for communication with mutual TLS. Corresponds to the mtls_endpoint_aliases metadata field.

Specified by:

getReadOnlyMtlsEndpointAliases in interface ReadOnlyAuthorizationServerMetadata

Returns:

The aliases for communication with mutual TLS, null when no aliases are defined.

getMtlsEndpointAliases

public AuthorizationServerEndpointMetadata getMtlsEndpointAliases()

Gets the aliases for communication with mutual TLS. Corresponds to the mtls_endpoint_aliases metadata field.

Returns:

The aliases for communication with mutual TLS, null when no aliases are defined.

setMtlsEndpointAliases

public void setMtlsEndpointAliases(AuthorizationServerEndpointMetadata mtlsEndpointAliases)

Sets the aliases for communication with mutual TLS. Corresponds to the mtls_endpoint_aliases metadata field.

Parameters:

mtlsEndpointAliases - The aliases for communication with mutual TLS, or null when no aliases are defined.

supportsTLSClientCertificateBoundAccessTokens

public boolean supportsTLSClientCertificateBoundAccessTokens()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.

Specified by:

supportsTLSClientCertificateBoundAccessTokens in interface ReadOnlyAuthorizationServerMetadata

Returns:

true if TLS client certificate bound access tokens are supported, else false.

setSupportsTLSClientCertificateBoundAccessTokens

public void setSupportsTLSClientCertificateBoundAccessTokens(boolean tlsClientCertBoundTokens)

Sets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.

Parameters:

tlsClientCertBoundTokens - true if TLS client certificate bound access tokens are supported, else false.

supportsMutualTLSSenderConstrainedAccessTokens

@Deprecated
public boolean supportsMutualTLSSenderConstrainedAccessTokens()

Deprecated.

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.

Specified by:

supportsMutualTLSSenderConstrainedAccessTokens in interface ReadOnlyAuthorizationServerMetadata

Returns:

true if TLS client certificate bound access tokens are supported, else false.

setSupportsMutualTLSSenderConstrainedAccessTokens

@Deprecated
public void setSupportsMutualTLSSenderConstrainedAccessTokens(boolean mutualTLSSenderConstrainedAccessTokens)

Deprecated.

Sets the support for TLS client certificate bound access tokens. Corresponds to the tls_client_certificate_bound_access_tokens metadata field.

Parameters:

mutualTLSSenderConstrainedAccessTokens - true if TLS client certificate bound access tokens are supported, else false.

getDPoPJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getDPoPJWSAlgs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported JWS algorithms for Demonstrating Proof-of-Possession at the Application Layer (DPoP). Corresponds to the "dpop_signing_alg_values_supported" metadata field.

Specified by:

getDPoPJWSAlgs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported JWS algorithms for DPoP, null if none.

setDPoPJWSAlgs

public void setDPoPJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> dPoPJWSAlgs)

Sets the supported JWS algorithms for Demonstrating Proof-of-Possession at the Application Layer (DPoP). Corresponds to the "dpop_signing_alg_values_supported" metadata field.

Parameters:

dPoPJWSAlgs - The supported JWS algorithms for DPoP, null if none.

getAuthorizationJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getAuthorizationJWSAlgs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported JWS algorithms for JWT-encoded authorisation responses. Corresponds to the authorization_signing_alg_values_supported metadata field.

Specified by:

getAuthorizationJWSAlgs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported JWS algorithms, null if not specified.

setAuthorizationJWSAlgs

public void setAuthorizationJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> authzJWSAlgs)

Sets the supported JWS algorithms for JWT-encoded authorisation responses. Corresponds to the authorization_signing_alg_values_supported metadata field.

Parameters:

authzJWSAlgs - The supported JWS algorithms, null if not specified.

getAuthorizationJWEAlgs

public List<com.nimbusds.jose.JWEAlgorithm> getAuthorizationJWEAlgs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported JWE algorithms for JWT-encoded authorisation responses. Corresponds to the authorization_encryption_alg_values_supported metadata field.

Specified by:

getAuthorizationJWEAlgs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported JWE algorithms, null if not specified.

setAuthorizationJWEAlgs

public void setAuthorizationJWEAlgs(List<com.nimbusds.jose.JWEAlgorithm> authzJWEAlgs)

Sets the supported JWE algorithms for JWT-encoded authorisation responses. Corresponds to the authorization_encryption_alg_values_supported metadata field.

Parameters:

authzJWEAlgs - The supported JWE algorithms, null if not specified.

getAuthorizationJWEEncs

public List<com.nimbusds.jose.EncryptionMethod> getAuthorizationJWEEncs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported encryption methods for JWT-encoded authorisation responses. Corresponds to the authorization_encryption_enc_values_supported metadata field.

Specified by:

getAuthorizationJWEEncs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported encryption methods, null if not specified.

setAuthorizationJWEEncs

public void setAuthorizationJWEEncs(List<com.nimbusds.jose.EncryptionMethod> authzJWEEncs)

Sets the supported encryption methods for JWT-encoded authorisation responses. Corresponds to the authorization_encryption_enc_values_supported metadata field.

Parameters:

authzJWEEncs - The supported encryption methods, null if not specified.

requiresPushedAuthorizationRequests

public boolean requiresPushedAuthorizationRequests()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the requirement for pushed authorisation requests (PAR). Corresponds to the pushed_authorization_request_endpoint metadata field.

Specified by:

requiresPushedAuthorizationRequests in interface ReadOnlyAuthorizationServerMetadata

Returns:

true if PAR is required, else false.

requiresPushedAuthorizationRequests

public void requiresPushedAuthorizationRequests(boolean requirePAR)

Sets the requirement for pushed authorisation requests (PAR). Corresponds to the pushed_authorization_request_endpoint metadata field.

Parameters:

requirePAR - true if PAR is required, else false.

getIncrementalAuthorizationTypes

public List<ClientType> getIncrementalAuthorizationTypes()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported OAuth 2.0 client types for incremental authorisation. Corresponds to the incremental_authz_types_supported metadata field.

Specified by:

getIncrementalAuthorizationTypes in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported client types for incremental authorisation, null if not specified.

setIncrementalAuthorizationTypes

public void setIncrementalAuthorizationTypes(List<ClientType> incrementalAuthzTypes)

Sets the supported OAuth 2.0 client types for incremental authorisation. Corresponds to the incremental_authz_types_supported metadata field.

Parameters:

incrementalAuthzTypes - The supported client types for incremental authorisation, null if not specified.

getBackChannelTokenDeliveryModes

public List<BackChannelTokenDeliveryMode> getBackChannelTokenDeliveryModes()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported CIBA token delivery modes. Corresponds to the backchannel_token_delivery_modes_supported metadata field.

Specified by:

getBackChannelTokenDeliveryModes in interface ReadOnlyAuthorizationServerMetadata

Returns:

The CIBA token delivery modes, null if not specified.

setBackChannelTokenDeliveryModes

public void setBackChannelTokenDeliveryModes(List<BackChannelTokenDeliveryMode> backChannelTokenDeliveryModes)

Sets the supported CIBA token delivery modes. Corresponds to the backchannel_token_delivery_modes_supported metadata field.

Parameters:

backChannelTokenDeliveryModes - The CIBA token delivery modes, null if not specified.

getBackChannelAuthenticationRequestJWSAlgs

public List<com.nimbusds.jose.JWSAlgorithm> getBackChannelAuthenticationRequestJWSAlgs()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported JWS algorithms for CIBA requests. Corresponds to the backchannel_authentication_request_signing_alg_values_supported metadata field.

Specified by:

getBackChannelAuthenticationRequestJWSAlgs in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported JWS algorithms, null if not specified.

setBackChannelAuthenticationRequestJWSAlgs

public void setBackChannelAuthenticationRequestJWSAlgs(List<com.nimbusds.jose.JWSAlgorithm> backChannelAuthRequestJWSAlgs)

Gets the supported JWS algorithms for CIBA requests. Corresponds to the backchannel_authentication_request_signing_alg_values_supported metadata field.

Parameters:

backChannelAuthRequestJWSAlgs - The supported JWS algorithms, null if not specified.

supportsBackChannelUserCodeParam

public boolean supportsBackChannelUserCodeParam()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the support for the user_code CIBA request parameter. Corresponds to the backchannel_user_code_parameter_supported metadata field.

Specified by:

supportsBackChannelUserCodeParam in interface ReadOnlyAuthorizationServerMetadata

Returns:

true if the user_code parameter is supported, else false.

setSupportsBackChannelUserCodeParam

public void setSupportsBackChannelUserCodeParam(boolean backChannelUserCodeSupported)

Sets the support for the user_code CIBA request parameter. Corresponds to the backchannel_user_code_parameter_supported metadata field.

Parameters:

backChannelUserCodeSupported - true if the user_code parameter is supported, else false.

getPromptTypes

public List<Prompt.Type> getPromptTypes()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the supported prompt types. Corresponds to the prompt_values_supported metadata field.

Specified by:

getPromptTypes in interface ReadOnlyAuthorizationServerMetadata

Returns:

The supported prompt types, null if not specified.

setPromptTypes

public void setPromptTypes(List<Prompt.Type> promptTypes)

Sets the supported prompt types. Corresponds to the prompt_values_supported metadata field.

Parameters:

promptTypes - The supported prompt types, null if not specified.

getCustomParameter

public Object getCustomParameter(String name)

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the specified custom (not registered) parameter.

Specified by:

getCustomParameter in interface ReadOnlyAuthorizationServerMetadata

Parameters:

name - The parameter name. Must not be null.

Returns:

The parameter value, null if not specified.

getCustomURIParameter

public URI getCustomURIParameter(String name)

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the specified custom (not registered) URI parameter.

Specified by:

getCustomURIParameter in interface ReadOnlyAuthorizationServerMetadata

Parameters:

name - The parameter name. Must not be null.

Returns:

The parameter URI value, null if not specified.

setCustomParameter

public void setCustomParameter(String name,
                               Object value)

Sets the specified custom (not registered) parameter.

Parameters:

name - The parameter name. Must not be null.

value - The parameter value, null if not specified.

getCustomParameters

public net.minidev.json.JSONObject getCustomParameters()

Description copied from interface: ReadOnlyAuthorizationServerMetadata

Gets the custom (not registered) parameters.

Specified by:

getCustomParameters in interface ReadOnlyAuthorizationServerMetadata

Returns:

The custom parameters, empty JSON object if none.

applyDefaults

public void applyDefaults()

Applies the OAuth 2.0 Authorisation Server metadata defaults where no values have been specified.

• The response modes default to ["query", "fragment"].
• The grant types default to ["authorization_code", "implicit"].
• The token endpoint authentication methods default to ["client_secret_basic"].

toJSONObject

public net.minidev.json.JSONObject toJSONObject()

Description copied from interface: ReadOnlyAuthorizationServerEndpointMetadata

Returns the JSON object representation of the metadata.

Specified by:

toJSONObject in interface ReadOnlyAuthorizationServerEndpointMetadata

Specified by:

toJSONObject in interface ReadOnlyAuthorizationServerMetadata

Overrides:

toJSONObject in class AuthorizationServerEndpointMetadata

Returns:

The JSON object.

parse

public static AuthorizationServerMetadata parse(net.minidev.json.JSONObject jsonObject)
                                         throws ParseException

Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object.

Parameters:

jsonObject - The JSON object to parse. Must not be null.

Returns:

The OAuth 2.0 Authorisation Server metadata.

Throws:

ParseException - If the JSON object couldn't be parsed to an OAuth 2.0 Authorisation Server metadata.

parse

public static AuthorizationServerMetadata parse(String s)
                                         throws ParseException

Parses an OAuth 2.0 Authorisation Server metadata from the specified JSON object string.

Parameters:

s - The JSON object sting to parse. Must not be null.

Returns:

The OAuth 2.0 Authorisation Server metadata.

Throws:

ParseException - If the JSON object string couldn't be parsed to an OAuth 2.0 Authorisation Server metadata.

resolveURL

public static URL resolveURL(Issuer issuer)
                      throws GeneralException

Resolves OAuth 2.0 authorisation server metadata URL from the specified issuer identifier.

Parameters:

issuer - The issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

Returns:

The OAuth 2.0 authorisation server metadata URL.

Throws:

GeneralException - If the issuer identifier is invalid.

resolve

public static AuthorizationServerMetadata resolve(Issuer issuer)
                                           throws GeneralException,
                                                  IOException

Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from [issuer-url]/.well-known/oauth-authorization-server.

Parameters:

issuer - The issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

Returns:

The OAuth 2.0 authorisation server metadata.

Throws:

GeneralException - If the issuer identifier or the downloaded metadata are invalid.

IOException - On a HTTP exception.

resolve

public static AuthorizationServerMetadata resolve(Issuer issuer,
                                                  int connectTimeout,
                                                  int readTimeout)
                                           throws GeneralException,
                                                  IOException

Resolves OAuth 2.0 authorisation server metadata from the specified issuer identifier. The metadata is downloaded by HTTP GET from [issuer-url]/.well-known/oauth-authorization-server.

Parameters:

issuer - The issuer identifier. Must represent a valid HTTPS or HTTP URL. Must not be null.

connectTimeout - The HTTP connect timeout, in milliseconds. Zero implies no timeout. Must not be negative.

readTimeout - The HTTP response read timeout, in milliseconds. Zero implies no timeout. Must not be negative.

Returns:

The OAuth 2.0 authorisation server metadata.

Throws:

GeneralException - If the issuer identifier or the downloaded metadata are invalid.

IOException - On a HTTP exception.