Package net.shibboleth.idp.plugin.oidc.op.token.support

Class AccessTokenClaimsSet

  • public final class AccessTokenClaimsSet
extends TokenClaimsSet
    Class wrapping claims set for access token.

    • Field Detail

      • log

        @Nonnull
private org.slf4j.Logger log
        Class logger.

    • Constructor Detail

      • AccessTokenClaimsSet

        public AccessTokenClaimsSet​(@Nonnull
                            TokenClaimsSet tokenClaimSet,
                            @Nonnull
                            com.nimbusds.oauth2.sdk.Scope scope,
                            @Nullable
                            com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaims,
                            @Nullable
                            com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsUI,
                            @Nonnull
                            Instant iat,
                            @Nonnull
                            Instant exp)
        Constructor for access token claims set when derived from authz code.
        Parameters:
        tokenClaimSet - Authorize Code / Refresh Token this token is based on. Must not be NULL.
        scope - Validated and possibly reduced scope of the authentication request. Must not be NULL.
        dlClaims - Claims set for token delivery.
        dlClaimsUI - Claims set for token delivery, user info only.
        iat - Issue time of the token. Must not be NULL.
        exp - Expiration time of the token. Must not be NULL.
        Throws:
        RuntimeException - if called with non allowed null parameters

      • AccessTokenClaimsSet

        private AccessTokenClaimsSet​(@Nonnull
                             IdentifierGenerationStrategy idGenerator,
                             @Nonnull
                             com.nimbusds.oauth2.sdk.id.ClientID clientID,
                             @Nonnull
                             String issuer,
                             @Nonnull
                             String userPrincipal,
                             @Nonnull
                             String subject,
                             @Nullable
                             com.nimbusds.openid.connect.sdk.claims.ACR acr,
                             @Nonnull
                             Instant iat,
                             @Nonnull
                             Instant exp,
                             @Nullable
                             com.nimbusds.openid.connect.sdk.Nonce nonce,
                             @Nonnull
                             Instant authTime,
                             @Nonnull
                             URI redirectURI,
                             @Nonnull
                             com.nimbusds.oauth2.sdk.Scope scope,
                             @Nullable
                             com.nimbusds.openid.connect.sdk.OIDCClaimsRequest claims,
                             @Nullable
                             com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaims,
                             @Nullable
                             com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsUI,
                             @Nullable
                             List<Object> consentedClaims,
                             boolean consentEnabled)
        Constructor for access token claims set.
        Parameters:
        idGenerator - Generator for pseudo unique identifier for the code. Must not be NULL.
        clientID - Client Id of the rp. Must not be NULL.
        issuer - OP issuer value. Must not be NULL.
        userPrincipal - User Principal of the authenticated user. Must not be NULL.
        subject - subject of the authenticated user. Must not be NULL
        acr - Authentication context class reference value of the authentication. May be NULL.
        iat - Issue time of the authorize code. Must not be NULL.
        exp - Expiration time of the authorize code. Must not be NULL.
        nonce - Nonce of the authentication request. May be NULL.
        authTime - Authentication time of the user. Must not be NULL.
        redirectURI - Validated redirect URI of the authentication request. Must not be NULL.
        scope - Scope of the authentication request. Must not be NULL.
        claims - Claims request of the authentication request. May be NULL.
        dlClaims - token delivery claims delivered both for id token and userinfo response. May be NULL.
        dlClaimsUI - token delivery claims delivered for userinfo response. May be NULL.
        consentedClaims - consented claims. May be NULL.
        consentEnabled - Whether consent has been enabled.
        Throws:
        RuntimeException - if called with nonallowed null parameters

      • AccessTokenClaimsSet

        private AccessTokenClaimsSet​(com.nimbusds.jwt.JWTClaimsSet accessTokenClaimsSet)
        Private constructor for the parser.
        Parameters:
        accessTokenClaimsSet - access token claims set

    • Method Detail

      • parse

        public static AccessTokenClaimsSet parse​(String accessTokenClaimsSet)
                                  throws ParseException
        Parses access token from string (JSON).
        Parameters:
        accessTokenClaimsSet - JSON String representation of the code
        Returns:
        AccessTokenClaimsSet instance if parsing is successful.
        Throws:
        ParseException - if parsing fails for example due to incompatible types.