com.nimbusds.openid.connect.sdk

Class OIDCAuthorizationRequest

java.lang.Object

com.nimbusds.oauth2.sdk.AbstractRequest

com.nimbusds.oauth2.sdk.AuthorizationRequest

com.nimbusds.openid.connect.sdk.OIDCAuthorizationRequest

All Implemented Interfaces:

Message, Request

@Immutable
public final class OIDCAuthorizationRequest
extends AuthorizationRequest

OpenID Connect authorisation request. Used to authenticate (if required) an end-user and request the end-user's authorisation to release information to the client. This class is immutable.

Example HTTP request (code flow):

 https://server.example.com/op/authorize?
 response_type=code%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
 &scope=openid
 &nonce=n-0S6_WzA2Mj
 &state=af0ifjsldkj
 

Related specifications:

• OpenID Connect Messages 1.0, section 2.1.1.
• OpenID Connect Standard 1.0, section 2.3.1.

Author:

Vladimir Dzhuvinov

Constructor Summary

Constructors

Constructor and Description
OIDCAuthorizationRequest(URL uri, ResponseType rt, Scope scope, ClientID clientID, URL redirectURI, State state, Nonce nonce) Creates a new minimal OpenID Connect authorisation request.
OIDCAuthorizationRequest(URL uri, ResponseType rt, Scope scope, ClientID clientID, URL redirectURI, State state, Nonce nonce, Display display, Prompt prompt, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, ClaimsRequest claims) Creates a new OpenID Connect authorisation request without a request object.
OIDCAuthorizationRequest(URL uri, ResponseType rt, Scope scope, ClientID clientID, URL redirectURI, State state, Nonce nonce, Display display, Prompt prompt, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, ClaimsRequest claims, com.nimbusds.jwt.JWT requestObject) Creates a new OpenID Connect authorisation request with a request object specified by value.
OIDCAuthorizationRequest(URL uri, ResponseType rt, Scope scope, ClientID clientID, URL redirectURI, State state, Nonce nonce, Display display, Prompt prompt, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, ClaimsRequest claims, URL requestURI) Creates a new OpenID Connect authorisation request with a request object specified by URL.

Method Summary

Methods

Modifier and Type	Method and Description
List<ACR>	getACRValues() Gets the requested Authentication Context Class Reference values.
ClaimsRequest	getClaims() Gets the individual claims to be returned.
List<com.nimbusds.langtag.LangTag>	getClaimsLocales() Gets the end-user's preferred languages and scripts for the claims being returned, ordered by preference.
Display	getDisplay() Gets the requested display type.
com.nimbusds.jwt.JWT	getIDTokenHint() Gets the ID Token hint.
String	getLoginHint() Gets the login hint.
int	getMaxAge() Gets the required maximum authentication age.
Nonce	getNonce() Gets the nonce.
Prompt	getPrompt() Gets the requested prompt.
com.nimbusds.jwt.JWT	getRequestObject() Gets the request object.
URL	getRequestURI() Gets the request object URL.
List<com.nimbusds.langtag.LangTag>	getUILocales() Gets the end-user's preferred languages and scripts for the user interface, ordered by preference.
static AuthorizationRequest	parse(HTTPRequest httpRequest) Parses an authorisation request from the specified HTTP GET or HTTP POST request.
static OIDCAuthorizationRequest	parse(URL uri, Map<String,String> params) Parses an OpenID Connect authorisation request from the specified parameters.
static OIDCAuthorizationRequest	parse(URL uri, String query) Parses an OpenID Connect authorisation request from the specified URL query string.
boolean	specifiesRequestObject() Returns true if this authorisation request specifies an OpenID Connect request object (directly through the request parameter or by reference through the request_uri parameter).
Map<String,String>	toParameters() Returns the parameters for this authorisation request.

Methods inherited from class com.nimbusds.oauth2.sdk.AuthorizationRequest

getClientID, getRedirectionURI, getResponseType, getScope, getState, toHTTPRequest, toHTTPRequest, toQueryString

Methods inherited from class com.nimbusds.oauth2.sdk.AbstractRequest

getURI

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OIDCAuthorizationRequest

public OIDCAuthorizationRequest(URL uri,
                        ResponseType rt,
                        Scope scope,
                        ClientID clientID,
                        URL redirectURI,
                        State state,
                        Nonce nonce)

Creates a new minimal OpenID Connect authorisation request.

Parameters:

uri - The URI of the authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest() method will not be used.

rt - The response type. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.

scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.

clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.

redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null.

state - The state. Corresponds to the state parameter. May be null.

nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.

OIDCAuthorizationRequest

public OIDCAuthorizationRequest(URL uri,
                        ResponseType rt,
                        Scope scope,
                        ClientID clientID,
                        URL redirectURI,
                        State state,
                        Nonce nonce,
                        Display display,
                        Prompt prompt,
                        int maxAge,
                        List<com.nimbusds.langtag.LangTag> uiLocales,
                        List<com.nimbusds.langtag.LangTag> claimsLocales,
                        com.nimbusds.jwt.JWT idTokenHint,
                        String loginHint,
                        List<ACR> acrValues,
                        ClaimsRequest claims)

Creates a new OpenID Connect authorisation request without a request object.

Parameters:

uri - The URI of the authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest() method will not be used.

rt - The response type. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.

scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.

clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.

redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null.

state - The state. Corresponds to the recommended state parameter. null if not specified.

nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.

display - The requested display type. Corresponds to the optional display parameter. null if not specified.

prompt - The requested prompt. Corresponds to the optional prompt parameter. null if not specified.

maxAge - The required maximum authentication age, in seconds. Corresponds to the optional max_age parameter. Zero if not specified.

uiLocales - The preferred languages and scripts for the user interface. Corresponds to the optional ui_locales parameter. null if not specified.

claimsLocales - The preferred languages and scripts for claims being returned. Corresponds to the optional claims_locales parameter. null if not specified.

idTokenHint - The ID Token hint. Corresponds to the optional id_token_hint parameter. null if not specified.

loginHint - The login hint. Corresponds to the optional login_hint parameter. null if not specified.

acrValues - The requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter. null if not specified.

claims - The individual claims to be returned. Corresponds to the optional claims parameter. null if not specified.

OIDCAuthorizationRequest

public OIDCAuthorizationRequest(URL uri,
                        ResponseType rt,
                        Scope scope,
                        ClientID clientID,
                        URL redirectURI,
                        State state,
                        Nonce nonce,
                        Display display,
                        Prompt prompt,
                        int maxAge,
                        List<com.nimbusds.langtag.LangTag> uiLocales,
                        List<com.nimbusds.langtag.LangTag> claimsLocales,
                        com.nimbusds.jwt.JWT idTokenHint,
                        String loginHint,
                        List<ACR> acrValues,
                        ClaimsRequest claims,
                        com.nimbusds.jwt.JWT requestObject)

Creates a new OpenID Connect authorisation request with a request object specified by value.

Parameters:

uri - The URI of the authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest() method will not be used.

rt - The response type set. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.

scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.

clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.

redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null.

state - The state. Corresponds to the recommended state parameter. null if not specified.

nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.

display - The requested display type. Corresponds to the optional display parameter. null if not specified.

prompt - The requested prompt. Corresponds to the optional prompt parameter. null if not specified.

maxAge - The required maximum authentication age, in seconds. Corresponds to the optional max_age parameter. Zero if not specified.

uiLocales - The preferred languages and scripts for the user interface. Corresponds to the optional ui_locales parameter. null if not specified.

claimsLocales - The preferred languages and scripts for claims being returned. Corresponds to the optional claims_locales parameter. null if not specified.

idTokenHint - The ID Token hint. Corresponds to the optional id_token_hint parameter. null if not specified.

loginHint - The login hint. Corresponds to the optional login_hint parameter. null if not specified.

acrValues - The requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter. null if not specified.

claims - The individual claims to be returned. Corresponds to the optional claims parameter. null if not specified.

requestObject - The request object. Corresponds to the optional request parameter. null if not specified.

OIDCAuthorizationRequest

public OIDCAuthorizationRequest(URL uri,
                        ResponseType rt,
                        Scope scope,
                        ClientID clientID,
                        URL redirectURI,
                        State state,
                        Nonce nonce,
                        Display display,
                        Prompt prompt,
                        int maxAge,
                        List<com.nimbusds.langtag.LangTag> uiLocales,
                        List<com.nimbusds.langtag.LangTag> claimsLocales,
                        com.nimbusds.jwt.JWT idTokenHint,
                        String loginHint,
                        List<ACR> acrValues,
                        ClaimsRequest claims,
                        URL requestURI)

Creates a new OpenID Connect authorisation request with a request object specified by URL.

Parameters:

uri - The URI of the authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest() method will not be used.

rt - The response type. Corresponds to the response_type parameter. Must specify a a valid OpenID Connect response type. Must not be null.

scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.

clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.

redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null.

state - The state. Corresponds to the recommended state parameter. null if not specified.

nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.

display - The requested display type. Corresponds to the optional display parameter. null if not specified.

prompt - The requested prompt. Corresponds to the optional prompt parameter. null if not specified.

maxAge - The required maximum authentication age, in seconds. Corresponds to the optional max_age parameter. Zero if not specified.

uiLocales - The preferred languages and scripts for the user interface. Corresponds to the optional ui_locales parameter. null if not specified.

claimsLocales - The preferred languages and scripts for claims being returned. Corresponds to the optional claims_locales parameter. null if not specified.

idTokenHint - The ID Token hint. Corresponds to the optional id_token_hint parameter. null if not specified.

loginHint - The login hint. Corresponds to the optional login_hint parameter. null if not specified.

acrValues - The requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter. null if not specified.

claims - The individual claims to be returned. Corresponds to the optional claims parameter. null if not specified.

requestURI - The request object URL. Corresponds to the optional request_uri parameter. null if not specified.

Method Detail

getNonce

public Nonce getNonce()

Gets the nonce. Corresponds to the conditionally optional nonce parameter.

Returns:

The nonce, null if not specified.

getDisplay

public Display getDisplay()

Gets the requested display type. Corresponds to the optional display parameter.

Returns:

The requested display type, null if not specified.

getPrompt

public Prompt getPrompt()

Gets the requested prompt. Corresponds to the optional prompt parameter.

Returns:

The requested prompt, null if not specified.

getMaxAge

public int getMaxAge()

Gets the required maximum authentication age. Corresponds to the optional max_age parameter.

Returns:

The maximum authentication age, in seconds; 0 if not specified.

getUILocales

public List<com.nimbusds.langtag.LangTag> getUILocales()

Gets the end-user's preferred languages and scripts for the user interface, ordered by preference. Corresponds to the optional ui_locales parameter.

Returns:

The preferred UI locales, null if not specified.

getClaimsLocales

public List<com.nimbusds.langtag.LangTag> getClaimsLocales()

Gets the end-user's preferred languages and scripts for the claims being returned, ordered by preference. Corresponds to the optional claims_locales parameter.

Returns:

The preferred claims locales, null if not specified.

getIDTokenHint

public com.nimbusds.jwt.JWT getIDTokenHint()

Gets the ID Token hint. Corresponds to the conditionally optional id_token_hint parameter.

Returns:

The ID Token hint, null if not specified.

getLoginHint

public String getLoginHint()

Gets the login hint. Corresponds to the optional login_hint parameter.

Returns:

The login hint, null if not specified.

getACRValues

public List<ACR> getACRValues()

Gets the requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter.

Returns:

The requested ACR values, null if not specified.

getClaims

public ClaimsRequest getClaims()

Gets the individual claims to be returned. Corresponds to the optional claims parameter.

Returns:

The individual claims to be returned, null if not specified.

getRequestObject

public com.nimbusds.jwt.JWT getRequestObject()

Gets the request object. Corresponds to the optional request parameter.

Returns:

The request object, null if not specified.

getRequestURI

public URL getRequestURI()

Gets the request object URL. Corresponds to the optional request_uri parameter.

Returns:

The request object URL, null if not specified.

specifiesRequestObject

public boolean specifiesRequestObject()

Returns true if this authorisation request specifies an OpenID Connect request object (directly through the request parameter or by reference through the request_uri parameter).

Returns:

true if a request object is specified, else false.

toParameters

public Map<String,String> toParameters()
                                throws SerializeException

Description copied from class: AuthorizationRequest

Returns the parameters for this authorisation request.

Example parameters:

 response_type = code
 client_id     = s6BhdRkqt3
 state         = xyz
 redirect_uri  = https://client.example.com/cb
 

Overrides:

toParameters in class AuthorizationRequest

Returns:

The parameters.

Throws:

SerializeException - If this authorisation request couldn't be serialised to an parameters map.

parse

public static OIDCAuthorizationRequest parse(URL uri,
                             Map<String,String> params)
                                      throws ParseException

Parses an OpenID Connect authorisation request from the specified parameters.

Example parameters:

 response_type = token id_token
 client_id     = s6BhdRkqt3
 redirect_uri  = https://client.example.com/cb
 scope         = openid profile
 state         = af0ifjsldkj
 nonce         = -0S6_WzA2Mj
 

Parameters:

uri - The URI of the authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest() method will not be used.

params - The parameters. Must not be null.

Returns:

The OpenID Connect authorisation request.

Throws:

ParseException - If the parameters couldn't be parsed to an OpenID Connect authorisation request.

parse

public static OIDCAuthorizationRequest parse(URL uri,
                             String query)
                                      throws ParseException

Parses an OpenID Connect authorisation request from the specified URL query string.

Example URL query string:

 response_type=token%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb
 &scope=openid%20profile
 &state=af0ifjsldkj
 &nonce=n-0S6_WzA2Mj
 

Parameters:

uri - The URI of the authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest() method will not be used.

query - The URL query string. Must not be null.

Returns:

The OpenID Connect authorisation request.

Throws:

ParseException - If the query string couldn't be parsed to an OpenID Connect authorisation request.

parse

public static AuthorizationRequest parse(HTTPRequest httpRequest)
                                  throws ParseException

Parses an authorisation request from the specified HTTP GET or HTTP POST request.

Example HTTP request (GET):

 https://server.example.com/op/authorize?
 response_type=code%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb
 &scope=openid
 &nonce=n-0S6_WzA2Mj
 &state=af0ifjsldkj
 

Parameters:

httpRequest - The HTTP request. Must not be null.

Returns:

The OpenID Connect authorisation request.

Throws:

ParseException - If the HTTP request couldn't be parsed to an OpenID Connect authorisation request.