Package net.shibboleth.idp.plugin.oidc.op.token.support

Class TokenClaimsSet.Builder<T extends TokenClaimsSet>

    • Field Detail

      • rpId

        @Nullable
protected com.nimbusds.oauth2.sdk.id.ClientID rpId
        Client Id of the rp.

      • principal

        @Nullable
@NotEmpty
protected String principal
        User Principal of the authenticated user.

      • sub

        @Nullable
@NotEmpty
protected String sub
        Subject claim value of the authenticated user.

      • acr

        @Nullable
protected com.nimbusds.openid.connect.sdk.claims.ACR acr
        Authentication context class reference value of the authentication.

      • iat

        @Nullable
protected Instant iat
        Issue time of the claims set.

      • exp

        @Nullable
protected Instant exp
        Expiration time of the claims set.

      • nbt

        @Nullable
protected Instant nbt
        Not Before time of the claims set.

      • authTime

        @Nullable
protected Instant authTime
        Authentication time of the user.

      • redirect

        @Nullable
protected URI redirect
        Validated redirect URI of the authentication request.

      • reqScope

        @Nullable
protected com.nimbusds.oauth2.sdk.Scope reqScope
        Scope of the token request.

      • nonce

        @Nullable
protected com.nimbusds.openid.connect.sdk.Nonce nonce
        Nonce of the authentication request.

      • reqClaims

        @Nullable
protected com.nimbusds.openid.connect.sdk.OIDCClaimsRequest reqClaims
        Claims request of the authentication request.

      • dlClaims

        @Nullable
protected com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaims
        Token delivery claims delivered both for id token and userinfo response.

      • dlClaimsID

        @Nullable
protected com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsID
        Token delivery claims delivered for id token.

      • dlClaimsUI

        @Nullable
protected com.nimbusds.openid.connect.sdk.claims.ClaimsSet dlClaimsUI
        Token delivery claims delivered for userinfo response.

      • consentedClaims

        @Nullable
protected List<Object> consentedClaims
        consented claims.

      • consentEnabled

        protected Boolean consentEnabled
        Has consent been asked from the end-user.

      • codeChallenge

        @Nullable
protected String codeChallenge
        Code challenge.

      • customClaims

        @Nonnull
protected Map<String,​Object> customClaims
        Extends the token with custom claims.

    • Constructor Detail

      • Builder

        protected Builder()
        Default constructor.

    • Method Detail

      • buildJWTClaimsSet

        @Nonnull
protected com.nimbusds.jwt.JWTClaimsSet buildJWTClaimsSet​(@Nonnull @NotEmpty
                                                          String tokenType)
        Produce the underlying JWT to pass into the constructor methods.

        Used by subclasses to manufacture the input required to build the object.

        Parameters:
        tokenType - a type designation
        Returns:
        the JWT claims set
        Since:
        3.1.0

      • setClientID

        public TokenClaimsSet.Builder<T> setClientID​(@Nonnull
                                             com.nimbusds.oauth2.sdk.id.ClientID id)
        Set client ID.
        Parameters:
        id - client ID
        Returns:
        the builder
        Since:
        3.1.0

      • setIssuer

        public TokenClaimsSet.Builder<T> setIssuer​(@Nonnull
                                           String s)
        Set issuer.
        Parameters:
        s - issuer
        Returns:
        the builder
        Since:
        3.1.0

      • setPrincipal

        public TokenClaimsSet.Builder<T> setPrincipal​(@Nonnull
                                              String s)
        Set user principal name.
        Parameters:
        s - principal name
        Returns:
        the builder
        Since:
        3.1.0

      • setSubject

        public TokenClaimsSet.Builder<T> setSubject​(@Nonnull
                                            String s)
        Set subject name.
        Parameters:
        s - subject name
        Returns:
        the builder
        Since:
        3.1.0

      • setIssuedAt

        public TokenClaimsSet.Builder<T> setIssuedAt​(@Nonnull
                                             Instant i)
        Set issue time.
        Parameters:
        i - time
        Returns:
        the builder
        Since:
        3.1.0

      • setExpiresAt

        public TokenClaimsSet.Builder<T> setExpiresAt​(@Nonnull
                                              Instant i)
        Set expiration time.
        Parameters:
        i - time
        Returns:
        the builder
        Since:
        3.1.0

      • setNotBefore

        public TokenClaimsSet.Builder<T> setNotBefore​(@Nonnull
                                              Instant i)
        Set not before time.
        Parameters:
        i - time
        Returns:
        the builder
        Since:
        3.1.0

      • setRedirectURI

        public TokenClaimsSet.Builder<T> setRedirectURI​(@Nonnull
                                                URI uri)
        Set redirect URI.
        Parameters:
        uri - redirect URI
        Returns:
        the builder
        Since:
        3.1.0

      • setScope

        public TokenClaimsSet.Builder<T> setScope​(@Nonnull
                                          com.nimbusds.oauth2.sdk.Scope s)
        Set scope.
        Parameters:
        s - scope
        Returns:
        the builder
        Since:
        3.1.0

      • setAuthenticationTime

        public TokenClaimsSet.Builder<T> setAuthenticationTime​(@Nonnull
                                                       Instant i)
        Set authentication time.
        Parameters:
        i - time
        Returns:
        the builder
        Since:
        3.1.0

      • setACR

        public TokenClaimsSet.Builder<T> setACR​(@Nullable
                                        com.nimbusds.openid.connect.sdk.claims.ACR authenticationContextReference)
        Set authentication context class reference value of the authentication.
        Parameters:
        authenticationContextReference - authentication context class reference value of the authentication.
        Returns:
        the builder

      • setNonce

        public TokenClaimsSet.Builder<T> setNonce​(@Nullable
                                          com.nimbusds.openid.connect.sdk.Nonce requestNonce)
        Set nonce of the authentication request.
        Parameters:
        requestNonce - nonce of the authentication request.
        Returns:
        the builder

      • setClaims

        @Deprecated(since="3.1.0",
            forRemoval=true)
public TokenClaimsSet.Builder<T> setClaims​(@Nullable
                                           com.nimbusds.openid.connect.sdk.OIDCClaimsRequest claimsRequest)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Set claims request of the authentication request.
        Parameters:
        claimsRequest - claims request of the authentication request.
        Returns:
        the builder

      • setClaimsRequest

        public TokenClaimsSet.Builder<T> setClaimsRequest​(@Nullable
                                                  com.nimbusds.openid.connect.sdk.OIDCClaimsRequest claimsRequest)
        Set claims request of the authentication request.
        Parameters:
        claimsRequest - claims request of the authentication request.
        Returns:
        the builder
        Since:
        3.1.0

      • setDlClaims

        public TokenClaimsSet.Builder<T> setDlClaims​(@Nullable
                                             com.nimbusds.openid.connect.sdk.claims.ClaimsSet claims)
        Set token delivery claims delivered both for id token and userinfo response.
        Parameters:
        claims - token delivery claims delivered both for id token and userinfo response.
        Returns:
        the builder

      • setDlClaimsID

        public TokenClaimsSet.Builder<T> setDlClaimsID​(@Nullable
                                               com.nimbusds.openid.connect.sdk.claims.ClaimsSet claims)
        Set token delivery claims delivered for id token.
        Parameters:
        claims - token delivery claims delivered for id token
        Returns:
        the builder

      • setDlClaimsUI

        public TokenClaimsSet.Builder<T> setDlClaimsUI​(@Nullable
                                               com.nimbusds.openid.connect.sdk.claims.ClaimsSet claims)
        Set token delivery claims delivered for userinfo response.
        Parameters:
        claims - token delivery claims delivered for userinfo response
        Returns:
        the builder

      • setConsentedClaims

        public TokenClaimsSet.Builder<T> setConsentedClaims​(@Nullable
                                                    List<Object> claims)
        Set consented claims.
        Parameters:
        claims - consented claims
        Returns:
        the builder

      • setConsentEnabled

        public TokenClaimsSet.Builder<T> setConsentEnabled​(@Nullable
                                                   Boolean flag)
        Set whether consent has been enabled.
        Parameters:
        flag - whether consent has been enabled.
        Returns:
        the builder

      • setCodeChallenge

        public TokenClaimsSet.Builder<T> setCodeChallenge​(@Nullable
                                                  String challenge)
        Set code challenge.
        Parameters:
        challenge - code challenge
        Returns:
        the builder

      • addCustomClaim

        public TokenClaimsSet.Builder<T> addCustomClaim​(@Nonnull @NotEmpty
                                                String name,
                                                @Nullable
                                                Object value)
        Add a custom claim.

        This method does NOT check for overlap with existing claim names.

        Parameters:
        name - claim name
        value - claim value
        Returns:
        this builder
        Since:
        3.1.0

      • setCustomClaims

        public TokenClaimsSet.Builder<T> setCustomClaims​(@Nonnull
                                                 net.minidev.json.JSONObject claims)
        Sets a batch of custom claim from a JSONObject.

        This method does NOT check for overlap with existing claim names.

        Parameters:
        claims - the claims
        Returns:
        this builder
        Since:
        3.1.0

      • build

        public abstract T build()
        Builds claims set.
        Returns:
        claims set instance.