Package org.geant.idpextension.oidc.token.support

Class AuthorizeCodeClaimsSet

java.lang.Object

org.geant.idpextension.oidc.token.support.TokenClaimsSet

org.geant.idpextension.oidc.token.support.AuthorizeCodeClaimsSet

public final class AuthorizeCodeClaimsSet
extends TokenClaimsSet

Class wrapping claims set for authorize code.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AuthorizeCodeClaimsSet.Builder	Builder to create instance of AuthorizeCodeClaimsSet.

Field Summary

Fields

Modifier and Type	Field	Description
static String	VALUE_TYPE_AC	Value of authorize code claims set type.

Fields inherited from class org.geant.idpextension.oidc.token.support.TokenClaimsSet

KEY_AC_ID, KEY_ACR, KEY_AUTH_TIME, KEY_CLAIMS, KEY_CLIENTID, KEY_CODE_CHALLENGE, KEY_CONSENTABLE_CLAIMS, KEY_CONSENTED_CLAIMS, KEY_DELIVERY_CLAIMS, KEY_DELIVERY_CLAIMS_IDTOKEN, KEY_DELIVERY_CLAIMS_USERINFO, KEY_EXPIRATION_TIME, KEY_ISSUED_AT, KEY_ISSUER, KEY_NONCE, KEY_REDIRECT_URI, KEY_SCOPE, KEY_SUBJECT, KEY_TYPE, KEY_USER_PRINCIPAL, tokenClaimsSet

Constructor Summary

Constructors

Modifier	Constructor	Description
private	AuthorizeCodeClaimsSet(com.nimbusds.jwt.JWTClaimsSet authzCodeClaimsSet)	Private constructor for the parser.
private	AuthorizeCodeClaimsSet(net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idGenerator, com.nimbusds.oauth2.sdk.id.ClientID clientID, String issuer, String userPrincipal, String subject, com.nimbusds.openid.connect.sdk.claims.ACR acr, Instant iat, Instant exp, com.nimbusds.openid.connect.sdk.Nonce nonce, Instant authTime, URI redirectURI, com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.openid.connect.sdk.ClaimsRequest claims, com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaims, com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsID, com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsUI, net.minidev.json.JSONArray consentableClaims, net.minidev.json.JSONArray consentedClaims, String codeChallenge)	Constructor for authorize code claims set.

Method Summary

Modifier and Type	Method	Description
static AuthorizeCodeClaimsSet	parse(String authorizeCodeClaimsSet)	Parses authz code from string (JSON).
static AuthorizeCodeClaimsSet	parse(String wrappedAuthCode, net.shibboleth.utilities.java.support.security.DataSealer dataSealer)	Parses authz code from sealed authorization code.

Methods inherited from class org.geant.idpextension.oidc.token.support.TokenClaimsSet

getACR, getAuthenticationTime, getClaimsRequest, getClaimsSet, getClientID, getCodeChallenge, getConsentableClaims, getConsentedClaims, getDeliveryClaims, getExp, getID, getIDTokenDeliveryClaims, getNonce, getPrincipal, getRedirectURI, getScope, getType, getUserinfoDeliveryClaims, isExpired, serialize, serialize, verifyParsedClaims

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

VALUE_TYPE_AC

public static final String VALUE_TYPE_AC

Value of authorize code claims set type.

See Also:

Constant Field Values

Constructor Detail

AuthorizeCodeClaimsSet

private AuthorizeCodeClaimsSet(@Nonnull
                               net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idGenerator,
                               @Nonnull
                               com.nimbusds.oauth2.sdk.id.ClientID clientID,
                               @Nonnull
                               String issuer,
                               @Nonnull
                               String userPrincipal,
                               @Nonnull
                               String subject,
                               @Nonnull
                               com.nimbusds.openid.connect.sdk.claims.ACR acr,
                               @Nonnull
                               Instant iat,
                               @Nonnull
                               Instant exp,
                               @Nullable
                               com.nimbusds.openid.connect.sdk.Nonce nonce,
                               @Nonnull
                               Instant authTime,
                               @Nonnull
                               URI redirectURI,
                               @Nonnull
                               com.nimbusds.oauth2.sdk.Scope scope,
                               @Nullable
                               com.nimbusds.openid.connect.sdk.ClaimsRequest claims,
                               @Nullable
                               com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaims,
                               @Nullable
                               com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsID,
                               @Nullable
                               com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsUI,
                               @Nullable
                               net.minidev.json.JSONArray consentableClaims,
                               @Nullable
                               net.minidev.json.JSONArray consentedClaims,
                               @Nullable
                               String codeChallenge)

Constructor for authorize code claims set.

Parameters:

idGenerator - Generator for pseudo unique identifier for the code. Must not be NULL.

clientID - Client Id of the rp. Must not be NULL.

issuer - OP issuer value. Must not be NULL.

userPrincipal - User Principal of the authenticated user. Must not be NULL.

subject - Subject of the authenticated user. Must not be NULL

acr - Authentication context class reference value of the authentication. May be NULL.

iat - Issue time of the authorize code. Must not be NULL.

exp - Expiration time of the authorize code. Must not be NULL.

nonce - Nonce of the authentication request. May be NULL.

authTime - Authentication time of the user. Must not be NULL.

redirectURI - Validated redirect URI of the authentication request. Must not be NULL.

scope - Scope of the authentication request. Must not be NULL.

claims - Claims request of the authentication request. May be NULL.

dlClaims - Token delivery claims delivered both for id token and userinfo response. May be NULL.

dlClaimsID - Token delivery claims delivered for id token. May be NULL.

dlClaimsUI - Token delivery claims delivered for userinfo response. May be NULL.

consentableClaims - consentable claims. May be NULL.

consentedClaims - consented claims. May be NULL.

codeChallenge - Code Challenge. May be NULL.

Throws:

RuntimeException - if called with nonallowed null parameters

AuthorizeCodeClaimsSet

private AuthorizeCodeClaimsSet(com.nimbusds.jwt.JWTClaimsSet authzCodeClaimsSet)

Private constructor for the parser.

Parameters:

authzCodeClaimsSet - authorize code claims set

Method Detail

parse

public static AuthorizeCodeClaimsSet parse(String authorizeCodeClaimsSet)
                                    throws ParseException

Parses authz code from string (JSON).

Parameters:

authorizeCodeClaimsSet - JSON String representation of the code

Returns:

AuthorizeCodeClaimsSet instance if parsing is successful.

Throws:

ParseException - if parsing fails for example due to incompatible types.

parse

public static AuthorizeCodeClaimsSet parse(@Nonnull
                                           String wrappedAuthCode,
                                           @Nonnull
                                           net.shibboleth.utilities.java.support.security.DataSealer dataSealer)
                                    throws ParseException,
                                           net.shibboleth.utilities.java.support.security.DataSealerException

Parses authz code from sealed authorization code.

Parameters:

wrappedAuthCode - wrapped code

dataSealer - sealer to unwrap the code

Returns:

authorize code

Throws:

ParseException - is thrown if unwrapped code is not understood

net.shibboleth.utilities.java.support.security.DataSealerException - is thrown if unwrapping fails