Package net.shibboleth.idp.plugin.oidc.op.messaging.context

Class OIDCAuthenticationResponseContext

  • All Implemented Interfaces:
    Iterable<BaseContext>
    public class OIDCAuthenticationResponseContext
extends BaseContext
    Subcontext carrying information to form authentication, token and userinfo responses for relying party. This context appears as a subcontext of the MessageContext.

    • Field Detail

      • idToken

        @Nullable
private com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet idToken
        The id token formed.

      • requestObject

        @Nullable
private com.nimbusds.jwt.JWT requestObject
        The request object.

      • userInfo

        @Nullable
private com.nimbusds.openid.connect.sdk.claims.UserInfo userInfo
        The user info formed.

      • accessTokenClaimsSet

        @Nullable
private com.nimbusds.openid.connect.sdk.claims.ClaimsSet accessTokenClaimsSet
        The access token claim set.

      • processedToken

        @Nullable
private com.nimbusds.jwt.JWT processedToken
        The signed/encrypted id token / user info response formed.

      • acr

        @Nullable
private com.nimbusds.openid.connect.sdk.claims.ACR acr
        the acr used in response.

      • redirectURI

        @Nullable
private URI redirectURI
        validated redirect uri.

      • authTime

        @Nullable
private Instant authTime
        Authentication time of the end user.

      • validatedScope

        @Nullable
private com.nimbusds.oauth2.sdk.Scope validatedScope
        Validated scope values.

      • requestedSubject

        @Nullable
private String requestedSubject
        Requested sub value.

      • subject

        @Nullable
private String subject
        Subject generated for response. Value is set to sub claim.

      • subjectType

        @Nullable
private String subjectType
        Subject type, public or pairwise.

      • authorizationCode

        @Nullable
private com.nimbusds.oauth2.sdk.AuthorizationCode authorizationCode
        Authorization code.

      • accessToken

        @Nullable
private com.nimbusds.oauth2.sdk.token.AccessToken accessToken
        Access token.

      • refreshToken

        @Nullable
private com.nimbusds.oauth2.sdk.token.RefreshToken refreshToken
        Refresh token.

      • authorizationGrantClaims

        @Nullable
private TokenClaimsSet authorizationGrantClaims
        Authorization grant (authz code, access token) claims.

      • requestedClaims

        @Nullable
private com.nimbusds.openid.connect.sdk.OIDCClaimsRequest requestedClaims
        Requested claims.

      • mappedIdTokenRequestedClaims

        @Nullable
private net.shibboleth.idp.attribute.AttributesMapContainer mappedIdTokenRequestedClaims
        Mapped requested claims from the ID Token set.

      • mappedUserinfoRequestedClaims

        @Nullable
private net.shibboleth.idp.attribute.AttributesMapContainer mappedUserinfoRequestedClaims
        Mapped requested claims from the Userinfo set.

    • Constructor Detail

      • OIDCAuthenticationResponseContext

        public OIDCAuthenticationResponseContext()
        Constructor.

    • Method Detail

      • getRequestedClaims

        @Nullable
public com.nimbusds.openid.connect.sdk.OIDCClaimsRequest getRequestedClaims()
        Get requested claims.
        Returns:
        requested claims

      • setRequestedClaims

        public void setRequestedClaims​(@Nullable
                               com.nimbusds.openid.connect.sdk.OIDCClaimsRequest claims)
        Set requested claims.
        Parameters:
        claims - requested claims

      • getMappedIdTokenRequestedClaims

        @Nullable
public net.shibboleth.idp.attribute.AttributesMapContainer getMappedIdTokenRequestedClaims()
        Get the requested claims for the ID Token after they've been reverse-mapped by the registry.
        Returns:
        mapped requested claims

      • setMappedIdTokenRequestedClaims

        public void setMappedIdTokenRequestedClaims​(@Nullable
                                            net.shibboleth.idp.attribute.AttributesMapContainer container)
        Set the requested claims for the ID Token after they've been reverse-mapped by the registry.
        Parameters:
        container - the container of mapped claims

      • getMappedUserinfoRequestedClaims

        @Nullable
public net.shibboleth.idp.attribute.AttributesMapContainer getMappedUserinfoRequestedClaims()
        Get the requested claims for the Userinfo endpoint after they've been reverse-mapped by the registry.
        Returns:
        mapped requested claims

      • setMappedUserinfoRequestedClaims

        public void setMappedUserinfoRequestedClaims​(@Nullable
                                             net.shibboleth.idp.attribute.AttributesMapContainer container)
        Set the requested claims for the Userinfo endpoint after they've been reverse-mapped by the registry.
        Parameters:
        container - the container of mapped claims

      • getAuthorizationGrantClaimsSet

        @Nullable
public TokenClaimsSet getAuthorizationGrantClaimsSet()
        Get the claims representing the authorization grant, which may be derived from an authorization code, refresh token, or assertion.
        Returns:
        token claims

      • setAuthorizationGrantClaimsSet

        public void setAuthorizationGrantClaimsSet​(@Nullable
                                           TokenClaimsSet claims)
        Set the claims representing the authorization grant, which may be derived from an authorization code, refresh token, or assertion.
        Parameters:
        claims - token claims

      • getTokenClaimsSet

        @Deprecated(since="3.1.0",
            forRemoval=true)
@Nullable
public TokenClaimsSet getTokenClaimsSet()
        Deprecated, for removal: This API element is subject to removal in a future version.
        Get the claims representing the authorization grant, which may be derived from an authorization code, refresh token, or assertion.

        Renamed to getAuthorizationGrantClaimsSet().

        Returns:
        token claims

      • setTokenClaimsSet

        @Deprecated(since="3.1.0",
            forRemoval=true)
public void setTokenClaimsSet​(@Nullable
                              TokenClaimsSet claims)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Set the claims representing the authorization grant, which may be derived from an authorization code, refresh token, or assertion.

        Renamed to setAuthorizationGrantClaimsSet(TokenClaimsSet).

        Parameters:
        claims - token claims

      • getAuthorizationCode

        @Nullable
public com.nimbusds.oauth2.sdk.AuthorizationCode getAuthorizationCode()
        Get authorization code.
        Returns:
        authorization code

      • setAuthorizationCode

        public void setAuthorizationCode​(@Nullable
                                 String code)
        Set authorization code.
        Parameters:
        code - String to form authorization code

      • getRequestedSubject

        @Nullable
public String getRequestedSubject()
        Gets requested sub value.
        Returns:
        requested sub value

      • setRequestedSubject

        public void setRequestedSubject​(@Nullable
                                String sub)
        Set requested sub value.
        Parameters:
        sub - requested sub value.

      • getSubject

        @Nullable
public String getSubject()
        Gets Name ID generated for response.
        Returns:
        Name ID generated for response

      • setSubject

        public void setSubject​(@Nullable
                       String generatedSubject)
        Sets generated subject for the response.
        Parameters:
        generatedSubject - subject for the response

      • getSubjectType

        @Nullable
public String getSubjectType()
        Gets subject type.
        Returns:
        generated subject type.

      • setSubjectType

        public void setSubjectType​(@Nullable
                           String type)
        Sets subject type.
        Parameters:
        type - subject type.

      • getScope

        @Nullable
public com.nimbusds.oauth2.sdk.Scope getScope()
        Get validated scope values.
        Returns:
        validated scope values

      • setScope

        public void setScope​(@Nullable
                     com.nimbusds.oauth2.sdk.Scope scope)
        Set validated scope values.
        Parameters:
        scope - scope values

      • getAudience

        @Nonnull
@NonnullElements
@Live
public List<String> getAudience()
        Get modifiable collection of token audience values.
        Returns:
        audience collection
        Since:
        3.1.0

      • getAuthTime

        @Nullable
public Instant getAuthTime()
        Authentication time of the end user.
        Returns:
        authentication time of the end user. null if has not been set.

      • setAuthTime

        public void setAuthTime​(@Nullable
                        Instant time)
        Set authentication time of the end user.
        Parameters:
        time - authentication time.

      • getRedirectURI

        @Nullable
public URI getRedirectURI()
        Returns a validated redirect uri for the response.
        Returns:
        redirect uri.

      • setRedirectURI

        public void setRedirectURI​(@Nullable
                           URI uri)
        Sets a validated redirect uri for the response.
        Parameters:
        uri - validated redirect uri for the response

      • getAcr

        @Nullable
public com.nimbusds.openid.connect.sdk.claims.ACR getAcr()
        Returns the acr meant for response.
        Returns:
        acr

      • setAcr

        public void setAcr​(@Nullable
                   String acrValue)
        Set acr for response.
        Parameters:
        acrValue - for response.

      • getIDToken

        @Nullable
public com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet getIDToken()
        Get the IDTokenClaimsSet object that will source the ID token.
        Returns:
        ID token claims set

      • setIDToken

        public void setIDToken​(@Nullable
                       com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet token)
        Set the IDTokenClaimsSet object that will source the ID token.
        Parameters:
        token - ID token claims set

      • getUserInfo

        @Nullable
public com.nimbusds.openid.connect.sdk.claims.UserInfo getUserInfo()
        Get the UserInfo claims set that will source the UserInfo response.
        Returns:
        UserInfo claims set

      • setUserInfo

        public void setUserInfo​(@Nullable
                        com.nimbusds.openid.connect.sdk.claims.UserInfo info)
        Set the UserInfo claims set that will source the UserInfo response.
        Parameters:
        info - UserInfo claims set

      • getAccessTokenClaimSet

        @Nullable
public com.nimbusds.openid.connect.sdk.claims.ClaimsSet getAccessTokenClaimSet()
        Get the access token claims set (used when prepping OAuth-only access tokens).
        Returns:
        access token claims set
        Since:
        3.1.0

      • setAccessTokenClaimsSet

        public void setAccessTokenClaimsSet​(@Nullable
                                    com.nimbusds.openid.connect.sdk.claims.ClaimsSet claims)
        Set the access token claims set (used when prepping OAuth-only access tokens).
        Parameters:
        claims - access token claims set
        Since:
        3.1.0

      • getAccessToken

        @Nullable
public com.nimbusds.oauth2.sdk.token.AccessToken getAccessToken()
        Get access token.
        Returns:
        access token

      • setAccessToken

        public void setAccessToken​(@Nullable
                           String token,
                           @Nonnull
                           Duration lifeTime)
        Set access token.
        Parameters:
        token - String to form access token
        lifeTime - lifetime of the access token

      • setAccessToken

        public void setAccessToken​(@Nullable
                           String token,
                           @Nonnull
                           Duration lifeTime,
                           @Nonnull
                           com.nimbusds.oauth2.sdk.Scope scope)
        Set access token.
        Parameters:
        token - string to form access token
        lifeTime - lifetime of the access token
        scope - scope of the access token
        Since:
        3.1.0

      • getRefreshToken

        @Nullable
public com.nimbusds.oauth2.sdk.token.RefreshToken getRefreshToken()
        Get refresh token.
        Returns:
        refresh token

      • setRefreshToken

        public void setRefreshToken​(@Nullable
                            String token)
        Set refresh token.
        Parameters:
        token - String to form refresh token

      • getProcessedToken

        @Nullable
public com.nimbusds.jwt.JWT getProcessedToken()
        Get the signed/encrypted ID token / UserInfo response JWT.
        Returns:
        ID token / UserInfo response JWT

      • setProcessedToken

        public void setProcessedToken​(@Nullable
                              com.nimbusds.jwt.JWT token)
        Set the signed/encrypted ID token / UserInfo response JWT.
        Parameters:
        token - ID token / UserInfo response JWT

      • getRequestObject

        @Nullable
public com.nimbusds.jwt.JWT getRequestObject()
        Get the request object.
        Returns:
        the request object

      • setRequestObject

        public void setRequestObject​(@Nullable
                             com.nimbusds.jwt.JWT obj)
        Set the request object. Either by value or fetched by reference.
        Parameters:
        obj - the request object.