Package net.shibboleth.idp.plugin.oidc.op.token.support

Class TokenClaimsSet

    • Constructor Detail

      • TokenClaimsSet

        protected TokenClaimsSet()
        Constructor.

      • TokenClaimsSet

        protected TokenClaimsSet​(@Nonnull
                         String tokenType,
                         @Nonnull
                         String tokenID,
                         @Nonnull
                         com.nimbusds.oauth2.sdk.id.ClientID clientID,
                         @Nonnull
                         String issuer,
                         @Nonnull
                         String userPrincipal,
                         @Nonnull
                         String subject,
                         @Nullable
                         com.nimbusds.openid.connect.sdk.claims.ACR acr,
                         @Nonnull
                         Instant iat,
                         @Nonnull
                         Instant exp,
                         @Nullable
                         com.nimbusds.openid.connect.sdk.Nonce nonce,
                         @Nonnull
                         Instant authTime,
                         @Nonnull
                         URI redirectURI,
                         @Nonnull
                         com.nimbusds.oauth2.sdk.Scope scope,
                         @Nullable
                         com.nimbusds.openid.connect.sdk.OIDCClaimsRequest claims,
                         @Nullable
                         com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaims,
                         @Nullable
                         com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsID,
                         @Nullable
                         com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsUI,
                         @Nullable
                         List<Object> consentedClaims,
                         @Nullable
                         String codeChallenge,
                         boolean consentEnabled)
        Constructor for token claims set.
        Parameters:
        tokenType - Token type. Must not be NULL.
        tokenID - identifier for the token. Must not be NULL.
        clientID - Client Id of the rp. Must not be NULL.
        issuer - OP issuer value. Must not be NULL.
        userPrincipal - User Principal of the authenticated user. Must not be NULL.
        subject - subject of the authenticated user. Must not be NULL.
        acr - Authentication context class reference value of the authentication. May be NULL.
        iat - Issue time of the token. Must not be NULL.
        exp - Expiration time of the token. Must not be NULL.
        nonce - Nonce of the authentication request. May be NULL.
        authTime - Authentication time of the user. Must not be NULL.
        redirectURI - Validated redirect URI of the authentication request. Must not be NULL.
        scope - Scope of the authentication request. Must not be NULL.
        claims - Claims request of the authentication request. May be NULL.
        dlClaims - token delivery claims delivered both for id token and userinfo response. May be NULL.
        dlClaimsID - token delivery claims delivered for id token. May be NULL.
        dlClaimsUI - token delivery claims delivered for userinfo response. May be NULL.
        consentedClaims - consented claims. May be NULL.
        codeChallenge - Code Challenge. May be NULL.
        consentEnabled - Whether consent has been enabled.
        Throws:
        RuntimeException - if called with not allowed null parameters

    • Method Detail

      • verifyParsedClaims

        protected static void verifyParsedClaims​(@Nonnull
                                         String tokenType,
                                         @Nonnull
                                         com.nimbusds.jwt.JWTClaimsSet tokenClaimsSet)
                                  throws ParseException
        Helper to verify parsed claims are what is expected.
        Parameters:
        tokenType - The type of the expected token. Must not be NULL.
        tokenClaimsSet - token claims set Must not be NULL.
        Throws:
        ParseException - if claims set is not expected one.

      • serialize

        public String serialize()
        Serialize the token as JSON String.
        Returns:
        token as JSON String

      • serialize

        public String serialize​(@Nonnull
                        DataSealer dataSealer)
                 throws DataSealerException
        Serialize the token as JSON String wrapped with sealer.
        Parameters:
        dataSealer - data sealer to wrap the JSON serialization
        Returns:
        token as JSON String wrapped with sealer
        Throws:
        DataSealerException - is thrown if unwrapping fails

      • setClaimsSet

        public void setClaimsSet​(@Nonnull
                         com.nimbusds.jwt.JWTClaimsSet claimsSet)
        Set the token claims set.
        Parameters:
        claimsSet - What to set.

      • getClaimsSet

        @Nonnull
public com.nimbusds.jwt.JWTClaimsSet getClaimsSet()
        Get the token claims set.
        Returns:
        token claims set

      • isExpired

        public boolean isExpired()
        Check if the token is expired.
        Returns:
        true if the token is expired, otherwise false.

      • getExp

        @Nonnull
public Instant getExp()
        Get expiration time of the token.
        Returns:
        expiration time of the token.

      • getRedirectURI

        @Nonnull
public URI getRedirectURI()
        Get redirect uri of the request.
        Returns:
        redirect uri of the request, null if not located.

      • getACR

        @Nonnull
public String getACR()
        Get acr of the performed authentication.
        Returns:
        acr of the performed authentication.

      • getType

        @Nonnull
public String getType()
        Get type of the claims set.
        Returns:
        Type of the claims set.

      • getPrincipal

        @Nonnull
public String getPrincipal()
        Get principal of the user.
        Returns:
        principal of the user.

      • getAuthenticationTime

        @Nonnull
public Instant getAuthenticationTime()
        Get auth time of the user.
        Returns:
        auth time of the user.

      • getNonce

        @Nonnull
public com.nimbusds.openid.connect.sdk.Nonce getNonce()
        Get nonce of the authentication request.
        Returns:
        nonce of the authentication request.

      • getClaimsRequest

        @Nullable
public com.nimbusds.openid.connect.sdk.OIDCClaimsRequest getClaimsRequest()
        Get claims request of the authentication request.
        Returns:
        claims request in authentication request, null if not existing.

      • getDeliveryClaims

        public com.nimbusds.openid.connect.sdk.claims.ClaimsSet getDeliveryClaims()
        Get token delivery claims.
        Returns:
        token delivery claims

      • getIDTokenDeliveryClaims

        public com.nimbusds.openid.connect.sdk.claims.ClaimsSet getIDTokenDeliveryClaims()
        Get id token token delivery claims.
        Returns:
        id token token delivery claims

      • getUserinfoDeliveryClaims

        public com.nimbusds.openid.connect.sdk.claims.ClaimsSet getUserinfoDeliveryClaims()
        Get user info response token delivery claims.
        Returns:
        user info response token delivery claims

      • getConsentedClaims

        public List<Object> getConsentedClaims()
        Get consented claims.
        Returns:
        consented claims

      • isConsentEnabled

        public boolean isConsentEnabled()
        Get whether consent has been enabled.
        Returns:
        whether consent has been enabled

      • getScope

        @Nonnull
public com.nimbusds.oauth2.sdk.Scope getScope()
        Get scope of the authentication request.
        Returns:
        scope of the authentication request.

      • getCodeChallenge

        @Nonnull
public String getCodeChallenge()
        Get code challenge of the authentication request.
        Returns:
        code challenge of the authentication request.

      • getID

        @Nonnull
public String getID()
        Get the id of the token.
        Returns:
        id of the token

      • getClientID

        @Nonnull
public com.nimbusds.oauth2.sdk.id.ClientID getClientID()
        Get Client ID of the token.
        Returns:
        Client ID of the token