Package net.shibboleth.idp.plugin.oidc.op.token.support

Class AccessTokenClaimsSet

java.lang.Object

net.shibboleth.idp.plugin.oidc.op.token.support.TokenClaimsSet

net.shibboleth.idp.plugin.oidc.op.token.support.AccessTokenClaimsSet

public final class AccessTokenClaimsSet
extends TokenClaimsSet

Class wrapping claims set for access token.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AccessTokenClaimsSet.Builder	Builder to create instance of AccessTokenClaimsSet.

Field Summary

Fields

Modifier and Type	Field	Description
protected static String	VALUE_TYPE_AT	Value of access token claims set type.

Fields inherited from class net.shibboleth.idp.plugin.oidc.op.token.support.TokenClaimsSet

KEY_AC_ID, KEY_ACR, KEY_AUDIENCE, KEY_AUTH_TIME, KEY_CLAIMS, KEY_CLIENTID, KEY_CODE_CHALLENGE, KEY_CONSENT_ENABLED, KEY_CONSENTED_CLAIMS, KEY_DELIVERY_CLAIMS, KEY_DELIVERY_CLAIMS_IDTOKEN, KEY_DELIVERY_CLAIMS_USERINFO, KEY_EXPIRATION_TIME, KEY_ISSUED_AT, KEY_ISSUER, KEY_LEGACY_CLIENTID, KEY_NONCE, KEY_NOTBEFORE_TIME, KEY_REDIRECT_URI, KEY_SCOPE, KEY_SUBJECT, KEY_TYPE, KEY_USER_PRINCIPAL

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AccessTokenClaimsSet(com.nimbusds.jwt.JWTClaimsSet accessTokenClaimsSet)	Private constructor for the parser.
	AccessTokenClaimsSet(TokenClaimsSet tokenClaimsSet, com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaims, com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsUI, Instant iat, Instant exp)	Deprecated, for removal: This API element is subject to removal in a future version.

Method Summary

Modifier and Type	Method	Description
static AccessTokenClaimsSet	parse(String accessTokenClaimsSet)	Parses access token from string (JSON).
static AccessTokenClaimsSet	parse(String wrappedAccessToken, DataSealer dataSealer)	Parses access token from sealed access token.

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.token.support.TokenClaimsSet

getACR, getAudience, getAuthenticationTime, getClaimsRequest, getClaimsSet, getClientID, getCodeChallenge, getConsentedClaims, getDeliveryClaims, getExp, getID, getIDTokenDeliveryClaims, getIssuedAt, getIssuer, getNonce, getNotBefore, getPrincipal, getRedirectURI, getScope, getSubject, getType, getUserinfoDeliveryClaims, isConsentEnabled, isExpired, isTimeValid, serialize, serialize, setClaimsSet, verifyParsedClaims

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

VALUE_TYPE_AT

@Nonnull
@NotEmpty
protected static final String VALUE_TYPE_AT

Value of access token claims set type.

See Also:

Constant Field Values

Constructor Detail

AccessTokenClaimsSet

@Deprecated(since="3.1.0",
            forRemoval=true)
public AccessTokenClaimsSet(@Nonnull
                            TokenClaimsSet tokenClaimsSet,
                            @Nonnull
                            com.nimbusds.oauth2.sdk.Scope scope,
                            @Nullable
                            com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaims,
                            @Nullable
                            com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsUI,
                            @Nonnull
                            Instant iat,
                            @Nonnull
                            Instant exp)

Deprecated, for removal: This API element is subject to removal in a future version.

Constructor for access token claims set when derived from existing claims set.

Parameters:

tokenClaimsSet - Authorize Code / Refresh Token this token is based on

scope - Validated and possibly reduced scope of the authentication request

dlClaims - Claims set for token delivery.

dlClaimsUI - Claims set for token delivery, user info only.

iat - Issue time of the token

exp - Expiration time of the token

AccessTokenClaimsSet

protected AccessTokenClaimsSet(@Nonnull
                               com.nimbusds.jwt.JWTClaimsSet accessTokenClaimsSet)

Private constructor for the parser.

Parameters:

accessTokenClaimsSet - access token claims set

Method Detail

parse

@Nonnull
public static AccessTokenClaimsSet parse(@Nonnull @NotEmpty
                                         String accessTokenClaimsSet)
                                  throws ParseException

Parses access token from string (JSON).

Parameters:

accessTokenClaimsSet - JSON String representation of the code

Returns:

AccessTokenClaimsSet instance if parsing is successful.

Throws:

ParseException - if parsing fails for example due to incompatible types.

parse

@Nonnull
public static AccessTokenClaimsSet parse(@Nonnull @NotEmpty
                                         String wrappedAccessToken,
                                         @Nonnull
                                         DataSealer dataSealer)
                                  throws ParseException,
                                         DataSealerException

Parses access token from sealed access token.

Parameters:

wrappedAccessToken - wrapped access token

dataSealer - sealer to unwrap the access token

Returns:

access token claims set.

Throws:

ParseException - is thrown if unwrapped access token is not understood

DataSealerException - is thrown if unwrapping fails