Package net.shibboleth.oidc.profile.config

Interface OIDCAuthorizationConfiguration

All Superinterfaces:

net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration, net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration, Component, net.shibboleth.idp.profile.config.ConditionalProfileConfiguration, IdentifiedComponent, OAuth2AccessTokenProducingProfileConfiguration, OAuth2AuthorizationCodeProducingProfileConfiguration, OAuth2AuthorizationProfileConfiguration, OAuth2ClientAuthenticableProfileConfiguration, OAuth2FlowAwareProfileConfiguration, OAuth2ProfileConfiguration, OAuth2RefreshTokenProducingProfileConfiguration, OAuth2TokenEncryptionProfileConfiguration, OIDCAuthenticationProfileConfiguration, OIDCFlowAwareProfileConfiguration, OIDCIDTokenProducingProfileConfiguration, OIDCProfileConfiguration, OIDCSSOProfileConfiguration, OIDCSSOProviderConfiguration, net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration, net.shibboleth.idp.profile.config.ProfileConfiguration

public interface OIDCAuthorizationConfiguration
extends OIDCAuthenticationProfileConfiguration, OAuth2AuthorizationCodeProducingProfileConfiguration, net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration, net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration, OIDCSSOProviderConfiguration

Configuration of an OIDC 1.0 authentication request.

This is specific to the role of the OpenID Provider (OP).

Nested Class Summary

Nested classes/interfaces inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2AuthorizationProfileConfiguration

OAuth2AuthorizationProfileConfiguration.HttpRequestMethod

Field Summary

Fields

Modifier and Type	Field	Description
static String	PROFILE_ID	ID for this profile configuration.

Method Summary

Modifier and Type	Method	Description
Set<String>	getDeniedUserInfoAttributes(ProfileRequestContext profileRequestContext)	Get the set of attribute IDs which should be omitted from the UserInfo token.
Set<String>	getEncodedAttributes(ProfileRequestContext profileRequestContext)	Get the set of attribute IDs which should be encoded in encrypted form into the authorization code and/or access/refresh tokens to enable recovery on the back-channel.
boolean	isAcrRequestAlwaysEssential(ProfileRequestContext profileRequestContext)	Get whether all acr claim requests should be treated as Essential.
boolean	isEncodeConsentInTokens(ProfileRequestContext profileRequestContext)	Get whether to encode consent in authorization code and access/refresh tokens.
boolean	isIncludeIssuerInResponse(ProfileRequestContext profileRequestContext)	Get whether to include iss parameter in the authentication response.

Methods inherited from interface net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration

isResolveAttributes

Methods inherited from interface net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration

getAuthenticationFlows, getDefaultAuthenticationMethods, getPostAuthenticationFlows, getProxyCount, isForceAuthn, isLocal

Methods inherited from interface net.shibboleth.idp.profile.config.ConditionalProfileConfiguration

getActivationCondition

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2AccessTokenProducingProfileConfiguration

getAccessTokenClaimsSetManipulationStrategy, getAccessTokenLifetime, getAccessTokenType

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2AuthorizationCodeProducingProfileConfiguration

getAuthorizationCodeClaimsSetManipulationStrategy, getAuthorizeCodeLifetime

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2AuthorizationProfileConfiguration

getHttpRequestMethod, getResponseMode, getResponseType, getScopes

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2ClientAuthenticableProfileConfiguration

getClaimsValidator, getTokenEndpointAuthMethods

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2FlowAwareProfileConfiguration

isAuthorizationCodeFlowEnabled, isImplicitFlowEnabled, isRefreshTokensEnabled

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2RefreshTokenProducingProfileConfiguration

getRefreshTokenChainLifetime, getRefreshTokenLifetime, getRefreshTokenTimeout

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2TokenEncryptionProfileConfiguration

isEncryptionOptional

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCAuthenticationProfileConfiguration

getAuthenticationContextClassReferenceTranslationStrategy, getAuthenticationMethodsReferencesTranslationStrategy, getLoginHint, getMaxAuthenticationAge, isUseRequestObject

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCFlowAwareProfileConfiguration

isHybridFlowEnabled

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCIDTokenProducingProfileConfiguration

getAdditionalAudiencesForIdToken, getAlwaysIncludedAttributes, getIDTokenLifetime, getIDTokenManipulationStrategy

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCSSOProfileConfiguration

isAllowPKCEPlain, isForcePKCE

Methods inherited from interface net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration

getIssuer

Methods inherited from interface net.shibboleth.idp.profile.config.ProfileConfiguration

getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration

Field Detail

PROFILE_ID

@Nonnull
@NotEmpty
static final String PROFILE_ID

ID for this profile configuration.

See Also:

Constant Field Values

Method Detail

isAcrRequestAlwaysEssential

boolean isAcrRequestAlwaysEssential(@Nullable
                                    ProfileRequestContext profileRequestContext)

Get whether all acr claim requests should be treated as Essential.

Parameters:

profileRequestContext - profile request context

Returns:

whether all acr claim requests should be treated as Essential

isEncodeConsentInTokens

boolean isEncodeConsentInTokens(@Nullable
                                ProfileRequestContext profileRequestContext)

Get whether to encode consent in authorization code and access/refresh tokens.

Parameters:

profileRequestContext - profile request context

Returns:

whether to encode consent in authorization code and access/refresh tokens

getDeniedUserInfoAttributes

@Nonnull
@NonnullElements
@NotLive
Set<String> getDeniedUserInfoAttributes(@Nullable
                                        ProfileRequestContext profileRequestContext)

Get the set of attribute IDs which should be omitted from the UserInfo token.

Default behavior is to include all claims, but omiited claims also affect the set that may need to be embedded for recovery into the access/refresh tokens.

Parameters:

profileRequestContext - profile request context

Returns:

the attribute IDs to omit from UserInfo token

isIncludeIssuerInResponse

boolean isIncludeIssuerInResponse(@Nullable
                                  ProfileRequestContext profileRequestContext)

Get whether to include iss parameter in the authentication response.

Parameters:

profileRequestContext - profile request context

Returns:

whether to include iss parameter in the authentication response

Since:

2.1.0

getEncodedAttributes

@Nonnull
@NonnullElements
@NotLive
Set<String> getEncodedAttributes(@Nullable
                                 ProfileRequestContext profileRequestContext)

Get the set of attribute IDs which should be encoded in encrypted form into the authorization code and/or access/refresh tokens to enable recovery on the back-channel.

Parameters:

profileRequestContext - profile request context

Returns:

the attribute IDs to encode