org.forgerock.openam.oauth2

Class OpenAMClientRegistration

java.lang.Object

org.forgerock.openam.oauth2.OpenAMClientRegistration

All Implemented Interfaces:

ClientRegistration, OpenIdConnectClientRegistration

public class OpenAMClientRegistration
extends Object
implements OpenIdConnectClientRegistration

Models an OpenAM OAuth2 and OpenId Connect client registration in the OAuth2 provider.

Since:

12.0.0

Method Summary

Modifier and Type	Method and Description
long	getAccessTokenLifeTime(OAuth2ProviderSettings providerSettings) Gets the access token life time in milliseconds.
String	getAccessTokenType() Gets the type of access token the client requires.
Set<String>	getAllowedResponseTypes() Gets the allowed response types.
Set<String>	getAllowedScopes() Gets the allowed scopes configured for the client.
long	getAuthorizationCodeLifeTime(OAuth2ProviderSettings providerSettings) Gets the authorization code life time in milliseconds.
Map<String,String>	getClaimDescriptions(Locale locale) Gets the display descriptions for the allowed and default scopes combined, in the specified locale.
String	getClientId() Gets the client's identifier.
String	getClientSecret() Gets the client's secret.
String	getClientSessionURI() Gets the client's session URI.
ClientType	getClientType() Gets the client's type.
Set<String>	getDefaultScopes() Gets the default scopes configured for the client.
String	getDisplayDescription(Locale locale) Gets the display description of the client in the specified locale.
String	getDisplayName(Locale locale) Gets the display name of the client in the specified locale.
Key	getIDTokenEncryptionKey() Gets the encryption key used to encrypt OpenID Connect tokens.
String	getIDTokenEncryptionResponseAlgorithm() Gets the algorithm used to encrypt OpenID Connect tokens.
String	getIDTokenEncryptionResponseMethod() Gets the encryption method used to encrypt OpenID Connect tokens.
String	getIDTokenSignedResponseAlgorithm() Gets the OpenId Token signed response algorithm.
long	getJwtTokenLifeTime(OAuth2ProviderSettings providerSettings) Gets the JWT token life time in milliseconds.
Set<URI>	getPostLogoutRedirectUris() Gets the registered post logout redirect uris for the client.
Set<URI>	getRedirectUris() Gets the registered redirect uris for the client.
long	getRefreshTokenLifeTime(OAuth2ProviderSettings providerSettings) Gets the refresh token life time in milliseconds.
Map<String,String>	getScopeDescriptions(Locale locale) Gets the display descriptions for the allowed and default scopes combined, in the specified locale.
URI	getSectorIdentifierUri() Gets the subject identifier uri.
String	getSubjectType() Gets the subject type of this client.
String	getSubValue(String id, OAuth2ProviderSettings providerSettings) Retrieve the sub value, appropriate for the client subject type, or null if there are issues with its formation.
String	getTokenEndpointAuthMethod() Gets the token_endpoint_auth_method configured for this client.
boolean	isConfidential() Gets whether the client is confidential or not.
boolean	isConsentImplied() Gets whether or not the client wants the OAuth2 implementation to skip asking the resource owner for consent.
boolean	isIDTokenEncryptionEnabled() Determines if ID token encryption is enabled.
boolean	verifyJwtIdentity(OAuth2Jwt jwt) Verifies that the supplied jwt is signed by this client.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getRedirectUris

public Set<URI> getRedirectUris()

Gets the registered redirect uris for the client.

Specified by:

getRedirectUris in interface ClientRegistration

Returns:

The redirect uris.

getPostLogoutRedirectUris

public Set<URI> getPostLogoutRedirectUris()

Gets the registered post logout redirect uris for the client.

Specified by:

getPostLogoutRedirectUris in interface ClientRegistration

Returns:

The redirect uris.

getAllowedResponseTypes

public Set<String> getAllowedResponseTypes()

Gets the allowed response types.

Specified by:

getAllowedResponseTypes in interface ClientRegistration

Returns:

The allowed response types.

getClientSecret

public String getClientSecret()

Gets the client's secret.

Specified by:

getClientSecret in interface ClientRegistration

Returns:

The client's secret.

getClientId

public String getClientId()

Gets the client's identifier.

Specified by:

getClientId in interface ClientRegistration

Returns:

The client's id.

getAccessTokenType

public String getAccessTokenType()

Gets the type of access token the client requires.

Specified by:

getAccessTokenType in interface ClientRegistration

Returns:

The access token type.

getDisplayName

public String getDisplayName(Locale locale)

Gets the display name of the client in the specified locale.

Specified by:

getDisplayName in interface ClientRegistration

Parameters:

locale - The locale.

Returns:

The display name.

getDisplayDescription

public String getDisplayDescription(Locale locale)

Gets the display description of the client in the specified locale.

Specified by:

getDisplayDescription in interface ClientRegistration

Parameters:

locale - The locale.

Returns:

The display description.

getScopeDescriptions

public Map<String,String> getScopeDescriptions(Locale locale)
                                        throws ServerException

Gets the display descriptions for the allowed and default scopes combined, in the specified locale.

Specified by:

getScopeDescriptions in interface ClientRegistration

Parameters:

locale - The locale.

Returns:

The descriptions of the allowed and default scopes combined.

Throws:

ServerException

getClaimDescriptions

public Map<String,String> getClaimDescriptions(Locale locale)
                                        throws ServerException

Gets the display descriptions for the allowed and default scopes combined, in the specified locale.

Specified by:

getClaimDescriptions in interface ClientRegistration

Parameters:

locale - The locale.

Returns:

The descriptions of the allowed and default scopes combined.

Throws:

ServerException

getDefaultScopes

public Set<String> getDefaultScopes()

Gets the default scopes configured for the client.

Specified by:

getDefaultScopes in interface ClientRegistration

Returns:

The default scopes.

getAllowedScopes

public Set<String> getAllowedScopes()

Gets the allowed scopes configured for the client.

Specified by:

getAllowedScopes in interface ClientRegistration

Returns:

The allowed scopes.

isConfidential

public boolean isConfidential()

Gets whether the client is confidential or not.

Specified by:

isConfidential in interface ClientRegistration

Returns:

true if the client is confidential.

getClientSessionURI

public String getClientSessionURI()

Gets the client's session URI.

Specified by:

getClientSessionURI in interface ClientRegistration

Returns:

The client's session URI.

getClientType

public ClientType getClientType()

Gets the client's type.

Returns:

The client's type.

getAuthorizationCodeLifeTime

public long getAuthorizationCodeLifeTime(OAuth2ProviderSettings providerSettings)
                                  throws ServerException

Gets the authorization code life time in milliseconds.

Specified by:

getAuthorizationCodeLifeTime in interface OpenIdConnectClientRegistration

Parameters:

providerSettings - An instance of the OAuth2ProviderSettings.

Returns:

The authorization code life time in milliseconds.

Throws:

ServerException - If any internal server error occurs.

getAccessTokenLifeTime

public long getAccessTokenLifeTime(OAuth2ProviderSettings providerSettings)
                            throws ServerException

Gets the access token life time in milliseconds.

Specified by:

getAccessTokenLifeTime in interface OpenIdConnectClientRegistration

Parameters:

providerSettings - An instance of the OAuth2ProviderSettings.

Returns:

The access token life time in milliseconds.

Throws:

ServerException - If any internal server error occurs.

getRefreshTokenLifeTime

public long getRefreshTokenLifeTime(OAuth2ProviderSettings providerSettings)
                             throws ServerException

Gets the refresh token life time in milliseconds.

Specified by:

getRefreshTokenLifeTime in interface OpenIdConnectClientRegistration

Parameters:

providerSettings - An instance of the OAuth2ProviderSettings.

Returns:

The refresh token life time in milliseconds.

Throws:

ServerException - If any internal server error occurs.

getJwtTokenLifeTime

public long getJwtTokenLifeTime(OAuth2ProviderSettings providerSettings)
                         throws ServerException

Gets the JWT token life time in milliseconds.

Specified by:

getJwtTokenLifeTime in interface OpenIdConnectClientRegistration

Parameters:

providerSettings - An instance of the OAuth2ProviderSettings.

Returns:

The JWT token life time in milliseconds.

Throws:

ServerException - If any internal server error occurs.

getIDTokenSignedResponseAlgorithm

public String getIDTokenSignedResponseAlgorithm()

Gets the OpenId Token signed response algorithm.

Specified by:

getIDTokenSignedResponseAlgorithm in interface OpenIdConnectClientRegistration

Returns:

The OpenId token signed response algorithm.

isIDTokenEncryptionEnabled

public boolean isIDTokenEncryptionEnabled()

Description copied from interface: OpenIdConnectClientRegistration

Determines if ID token encryption is enabled.

Specified by:

isIDTokenEncryptionEnabled in interface OpenIdConnectClientRegistration

Returns:

true if ID token encryption is enabled.

getIDTokenEncryptionResponseAlgorithm

public String getIDTokenEncryptionResponseAlgorithm()

Description copied from interface: OpenIdConnectClientRegistration

Gets the algorithm used to encrypt OpenID Connect tokens.

Specified by:

getIDTokenEncryptionResponseAlgorithm in interface OpenIdConnectClientRegistration

Returns:

The OpenID Connect token encryption algorithm.

getIDTokenEncryptionResponseMethod

public String getIDTokenEncryptionResponseMethod()

Description copied from interface: OpenIdConnectClientRegistration

Gets the encryption method used to encrypt OpenID Connect tokens.

Specified by:

getIDTokenEncryptionResponseMethod in interface OpenIdConnectClientRegistration

Returns:

The OpenID Connect token encryption method.

getIDTokenEncryptionKey

public Key getIDTokenEncryptionKey()

Description copied from interface: OpenIdConnectClientRegistration

Gets the encryption key used to encrypt OpenID Connect tokens. This will either be the public key if RSA encryption is used, or the truncated SHA-2 hash of the client secret as per section 10.2 of the OpenID Connect spec.

Specified by:

getIDTokenEncryptionKey in interface OpenIdConnectClientRegistration

Returns:

The OpenID Connect token encryption key.

See Also:

OpenID Connect 1.0 Section 10.2 - Encryption

getTokenEndpointAuthMethod

public String getTokenEndpointAuthMethod()

Gets the token_endpoint_auth_method configured for this client.

Specified by:

getTokenEndpointAuthMethod in interface OpenIdConnectClientRegistration

getSubjectType

public String getSubjectType()

Gets the subject type of this client. PAIRWISE or PUBLIC.

Specified by:

getSubjectType in interface ClientRegistration

verifyJwtIdentity

public boolean verifyJwtIdentity(OAuth2Jwt jwt)

Description copied from interface: ClientRegistration

Verifies that the supplied jwt is signed by this client.

Specified by:

verifyJwtIdentity in interface ClientRegistration

isConsentImplied

public boolean isConsentImplied()

Description copied from interface: ClientRegistration

Gets whether or not the client wants the OAuth2 implementation to skip asking the resource owner for consent.

Specified by:

isConsentImplied in interface ClientRegistration

Returns:

true if the client is configured to skip resource owner consent.

getSectorIdentifierUri

public URI getSectorIdentifierUri()

Gets the subject identifier uri.

Specified by:

getSectorIdentifierUri in interface OpenIdConnectClientRegistration

getSubValue

public String getSubValue(String id,
                          OAuth2ProviderSettings providerSettings)

Description copied from interface: OpenIdConnectClientRegistration

Retrieve the sub value, appropriate for the client subject type, or null if there are issues with its formation.

Specified by:

getSubValue in interface OpenIdConnectClientRegistration