Package net.shibboleth.oidc.profile.config

Interface OIDCIDTokenProducingProfileConfiguration

All Superinterfaces:

Component, net.shibboleth.idp.profile.config.ConditionalProfileConfiguration, IdentifiedComponent, OAuth2ProfileConfiguration, OIDCProfileConfiguration, net.shibboleth.idp.profile.config.ProfileConfiguration

All Known Subinterfaces:

OAuth2TokenConfiguration, OIDCAuthorizationConfiguration, OIDCSSOProviderConfiguration

public interface OIDCIDTokenProducingProfileConfiguration
extends OIDCProfileConfiguration

Configuration common to ID Token producing profiles.

Method Summary

Modifier and Type	Method	Description
Set<String>	getAdditionalAudiencesForIdToken(ProfileRequestContext profileRequestContext)	Get the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the ID Token, with which the token may be shared.
Set<String>	getAlwaysIncludedAttributes(ProfileRequestContext profileRequestContext)	Get the set of attribute IDs which should be included in the ID token regardless of response_type.
Duration	getIDTokenLifetime(ProfileRequestContext profileRequestContext)	Get ID token lifetime.
BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>	getIDTokenManipulationStrategy(ProfileRequestContext profileRequestContext)	Get the bi-function for manipulating id_token claims.

Methods inherited from interface net.shibboleth.idp.profile.config.ConditionalProfileConfiguration

getActivationCondition

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.idp.profile.config.ProfileConfiguration

getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration

Method Detail

getIDTokenLifetime

@Positive
@Nonnull
Duration getIDTokenLifetime(@Nullable
                            ProfileRequestContext profileRequestContext)

Get ID token lifetime.

Defaults to 1 hour.

Parameters:

profileRequestContext - profile request context

Returns:

ID token lifetime

getIDTokenManipulationStrategy

@Nonnull
BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> getIDTokenManipulationStrategy(@Nullable
                                                                                                                               ProfileRequestContext profileRequestContext)

Get the bi-function for manipulating id_token claims.

Parameters:

profileRequestContext - profile request context

Returns:

the bi-function for manipulating id_token claims

Since:

2.1.0

getAlwaysIncludedAttributes

@Nonnull
@NonnullElements
@NotLive
Set<String> getAlwaysIncludedAttributes(@Nullable
                                        ProfileRequestContext profileRequestContext)

Get the set of attribute IDs which should be included in the ID token regardless of response_type.

Default behavior is to include claims only with the implicit id_token type only, while any use of a back-channel relies on the user_info endpoint to get the claims. This setting forces certain attributes to be added to the ID token regardless of flow.

Parameters:

profileRequestContext - profile request context

Returns:

the attribute IDs to include in all cases

getAdditionalAudiencesForIdToken

@Nonnull
@NonnullElements
@NotLive
Set<String> getAdditionalAudiencesForIdToken(@Nullable
                                             ProfileRequestContext profileRequestContext)

Get the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the ID Token, with which the token may be shared.

Parameters:

profileRequestContext - profile request context

Returns:

the additional audiences