001package com.nimbusds.openid.connect.sdk.rp; 002 003 004import java.net.URL; 005 006import org.apache.commons.lang3.StringUtils; 007 008import net.minidev.json.JSONObject; 009 010import net.jcip.annotations.Immutable; 011 012import com.nimbusds.oauth2.sdk.ParseException; 013import com.nimbusds.oauth2.sdk.client.ClientRegistrationRequest; 014import com.nimbusds.oauth2.sdk.http.HTTPRequest; 015import com.nimbusds.oauth2.sdk.token.BearerAccessToken; 016 017 018/** 019 * OpenID Connect client registration request. This class is immutable. 020 * 021 * <p>Example HTTP request: 022 * 023 * <pre> 024 * POST /connect/register HTTP/1.1 025 * Content-Type: application/json 026 * Accept: application/json 027 * Host: server.example.com 028 * Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJ ... 029 * 030 * { 031 * "application_type" : "web", 032 * "redirect_uris" : [ "https://client.example.org/callback", 033 * "https://client.example.org/callback2" ], 034 * "client_name" : "My Example", 035 * "client_name#ja-Jpan-JP" : "クライアント名", 036 * "logo_uri" : "https://client.example.org/logo.png", 037 * "subject_type" : "pairwise", 038 * "sector_identifier_uri" : "https://other.example.net/file_of_redirect_uris.json", 039 * "token_endpoint_auth_method" : "client_secret_basic", 040 * "jwks_uri" : "https://client.example.org/my_public_keys.jwks", 041 * "userinfo_encrypted_response_alg" : "RSA1_5", 042 * "userinfo_encrypted_response_enc" : "A128CBC-HS256", 043 * "contacts" : [ "ve7jtb@example.org", "mary@example.org" ], 044 * "request_uris" : [ "https://client.example.org/rf.txt#qpXaRLh_n93TTR9F252ValdatUQvQiJi5BDub2BeznA" ] 045 * } 046 * </pre> 047 * 048 * <p>Related specifications: 049 * 050 * <ul> 051 * <li>OpenID Connect Dynamic Client Registration 1.0, section 3.1. 052 * <li>OAuth 2.0 Dynamic Client Registration Protocol 053 * (draft-ietf-oauth-dyn-reg-14), section 3.1. 054 * </ul> 055 * 056 * @author Vladimir Dzhuvinov 057 */ 058@Immutable 059public final class OIDCClientRegistrationRequest extends ClientRegistrationRequest { 060 061 062 /** 063 * Creates a new OpenID Connect client registration request. 064 * 065 * @param uri The URI of the client registration endpoint. May 066 * be {@code null} if the {@link #toHTTPRequest()} 067 * method will not be used. 068 * @param metadata The OpenID Connect client metadata. Must not be 069 * {@code null} and must specify one or more redirect 070 * URIs. 071 * @param accessToken An OAuth 2.0 Bearer access token for the request, 072 * {@code null} if none. 073 */ 074 public OIDCClientRegistrationRequest(final URL uri, 075 final OIDCClientMetadata metadata, 076 final BearerAccessToken accessToken) { 077 078 super(uri, metadata, accessToken); 079 } 080 081 082 /** 083 * Gets the associated OpenID Connect client metadata. 084 * 085 * @return The OpenID Connect client metadata. 086 */ 087 public OIDCClientMetadata getOIDCClientMetadata() { 088 089 return (OIDCClientMetadata)getClientMetadata(); 090 } 091 092 093 /** 094 * Parses an OpenID Connect client registration request from the 095 * specified HTTP POST request. 096 * 097 * @param httpRequest The HTTP request. Must not be {@code null}. 098 * 099 * @return The OpenID Connect client registration request. 100 * 101 * @throws ParseException If the HTTP request couldn't be parsed to an 102 * OpenID Connect client registration request. 103 */ 104 public static OIDCClientRegistrationRequest parse(final HTTPRequest httpRequest) 105 throws ParseException { 106 107 httpRequest.ensureMethod(HTTPRequest.Method.POST); 108 109 // Parse the client metadata 110 JSONObject jsonObject = httpRequest.getQueryAsJSONObject(); 111 112 OIDCClientMetadata metadata = OIDCClientMetadata.parse(jsonObject); 113 114 // Parse the optional bearer access token 115 BearerAccessToken accessToken = null; 116 117 String authzHeaderValue = httpRequest.getAuthorization(); 118 119 if (StringUtils.isNotBlank(authzHeaderValue)) 120 accessToken = BearerAccessToken.parse(authzHeaderValue); 121 122 return new OIDCClientRegistrationRequest(httpRequest.getURL(), metadata, accessToken); 123 } 124}