Package net.shibboleth.idp.plugin.oidc.op.token.support

Class TokenClaimsSet.Builder<T extends TokenClaimsSet>

    • Field Detail

      • rpId

        @Nonnull
protected com.nimbusds.oauth2.sdk.id.ClientID rpId
        Client Id of the rp.

      • iss

        @Nonnull
protected String iss
        OP issuer value.

      • usrPrincipal

        @Nonnull
protected String usrPrincipal
        User Principal of the authenticated user.

      • sub

        @Nonnull
protected String sub
        Subject claim value of the authenticated user.

      • acr

        @Nonnull
protected com.nimbusds.openid.connect.sdk.claims.ACR acr
        Authentication context class reference value of the authentication.

      • iat

        @Nonnull
protected Instant iat
        Issue time of the claims set.

      • exp

        @Nonnull
protected Instant exp
        Expiration time of the claims set.

      • authTime

        @Nonnull
protected Instant authTime
        Authentication time of the user.

      • redirect

        @Nonnull
protected URI redirect
        Validated redirect URI of the authentication request.

      • reqScope

        @Nonnull
protected com.nimbusds.oauth2.sdk.Scope reqScope
        Scope of the authentication request.

      • nonce

        @Nullable
protected com.nimbusds.openid.connect.sdk.Nonce nonce
        Nonce of the authentication request.

      • claims

        @Nullable
protected com.nimbusds.openid.connect.sdk.OIDCClaimsRequest claims
        Claims request of the authentication request.

      • dlClaims

        @Nullable
protected com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaims
        Token delivery claims delivered both for id token and userinfo response.

      • dlClaimsID

        @Nullable
protected com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsID
        Token delivery claims delivered for id token.

      • dlClaimsUI

        @Nullable
protected com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsUI
        Token delivery claims delivered for userinfo response.

      • cnsntdClaims

        @Nullable
protected List<Object> cnsntdClaims
        consented claims.

      • cnsntEnabled

        protected boolean cnsntEnabled
        Has consent been asked from the end-user.

      • codeChallenge

        @Nullable
protected String codeChallenge
        Code challenge.

    • Constructor Detail

      • Builder

        protected Builder​(@Nonnull
                  IdentifierGenerationStrategy idGenerator,
                  @Nonnull
                  com.nimbusds.oauth2.sdk.id.ClientID clientID,
                  @Nonnull
                  String issuer,
                  @Nonnull
                  String userPrincipal,
                  @Nonnull
                  String subject,
                  @Nonnull
                  Instant issuedAt,
                  @Nonnull
                  Instant expiresAt,
                  @Nonnull
                  Instant authenticationTime,
                  @Nonnull
                  URI redirectURI,
                  @Nonnull
                  com.nimbusds.oauth2.sdk.Scope scope)
        Constructor for authorize code builder.
        Parameters:
        idGenerator - Generator for pseudo unique identifier for the claims set. Must not be NULL.
        clientID - Client Id of the rp. Must not be NULL.
        issuer - OP issuer value. Must not be NULL.
        userPrincipal - User Principal of the authenticated user. Must not be NULL.
        subject - subject of the authenticated user. Must not be NULL
        issuedAt - Issue time of the authorize code. Must not be NULL.
        expiresAt - Expiration time of the authorize code. Must not be NULL.
        authenticationTime - Authentication time of the user. Must not be NULL.
        redirectURI - Validated redirect URI of the authentication request. Must not be NULL.
        scope - Scope of the authentication request. Must not be NULL.

    • Method Detail

      • setACR

        public TokenClaimsSet.Builder<T> setACR​(@Nullable
                                        com.nimbusds.openid.connect.sdk.claims.ACR authenticationContextReference)
        Set authentication context class reference value of the authentication.
        Parameters:
        authenticationContextReference - authentication context class reference value of the authentication.
        Returns:
        the builder

      • setNonce

        public TokenClaimsSet.Builder<T> setNonce​(@Nullable
                                          com.nimbusds.openid.connect.sdk.Nonce requestNonce)
        Set nonce of the authentication request.
        Parameters:
        requestNonce - nonce of the authentication request.
        Returns:
        the builder

      • setClaims

        public TokenClaimsSet.Builder<T> setClaims​(@Nullable
                                           com.nimbusds.openid.connect.sdk.OIDCClaimsRequest requestedClaims)
        Set claims request of the authentication request.
        Parameters:
        requestedClaims - claims request of the authentication request.
        Returns:
        the builder

      • setDlClaims

        public TokenClaimsSet.Builder<T> setDlClaims​(@Nullable
                                             com.nimbusds.openid.connect.sdk.claims.ClaimsSet deliveryClaims)
        Set token delivery claims delivered both for id token and userinfo response.
        Parameters:
        deliveryClaims - token delivery claims delivered both for id token and userinfo response.
        Returns:
        the builder

      • setDlClaimsID

        public TokenClaimsSet.Builder<T> setDlClaimsID​(@Nullable
                                               com.nimbusds.openid.connect.sdk.claims.ClaimsSet deliveryClaimsIDToken)
        Set token delivery claims delivered for id token.
        Parameters:
        deliveryClaimsIDToken - token delivery claims delivered for id token
        Returns:
        the builder

      • setDlClaimsUI

        public TokenClaimsSet.Builder<T> setDlClaimsUI​(@Nullable
                                               com.nimbusds.openid.connect.sdk.claims.ClaimsSet deliveryClaimsUserInfo)
        Set token delivery claims delivered for userinfo response.
        Parameters:
        deliveryClaimsUserInfo - token delivery claims delivered for userinfo response
        Returns:
        the builder

      • setConsentedClaims

        public TokenClaimsSet.Builder<T> setConsentedClaims​(@Nullable
                                                    List<Object> consentedClaims)
        Set consented claims.
        Parameters:
        consentedClaims - consented claims
        Returns:
        the builder

      • setConsentEnabled

        public TokenClaimsSet.Builder<T> setConsentEnabled​(boolean consentEnabled)
        Set whether consent has been enabled.
        Parameters:
        consentEnabled - whether consent has been enabled.
        Returns:
        the builder

      • setCodeChallenge

        public TokenClaimsSet.Builder<T> setCodeChallenge​(@Nullable
                                                  String challenge)
        Set code challenge.
        Parameters:
        challenge - code challenge
        Returns:
        the builder

      • build

        public abstract T build()
        Builds claims set.
        Returns:
        claims set instance.