com.nimbusds.openid.connect.sdk

Class AuthenticationRequest

java.lang.Object

com.nimbusds.oauth2.sdk.AbstractRequest

com.nimbusds.oauth2.sdk.AuthorizationRequest

com.nimbusds.openid.connect.sdk.AuthenticationRequest

All Implemented Interfaces:

Message, Request

@Immutable
public class AuthenticationRequest
extends AuthorizationRequest

OpenID Connect authentication request. Intended to authenticate an end-user and request the end-user's authorisation to release information to the client.

Example HTTP request (code flow):

 https://server.example.com/op/authorize?
 response_type=code%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
 &scope=openid
 &nonce=n-0S6_WzA2Mj
 &state=af0ifjsldkj
 

Related specifications:

• OpenID Connect Core 1.0, section 3.1.2.1.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AuthenticationRequest.Builder Builder for constructing OpenID Connect authentication requests.

Constructor Summary

Constructors

Constructor and Description
AuthenticationRequest(URI uri, ResponseType rt, Scope scope, ClientID clientID, URI redirectURI, State state, Nonce nonce) Creates a new minimal OpenID Connect authentication request.
AuthenticationRequest(URI uri, ResponseType rt, Scope scope, ClientID clientID, URI redirectURI, State state, Nonce nonce, Display display, Prompt prompt, int maxAge, List<com.nimbusds.langtag.LangTag> uiLocales, List<com.nimbusds.langtag.LangTag> claimsLocales, com.nimbusds.jwt.JWT idTokenHint, String loginHint, List<ACR> acrValues, ClaimsRequest claims, com.nimbusds.jwt.JWT requestObject, URI requestURI) Creates a new OpenID Connect authentication request.

Method Summary

Methods

Modifier and Type	Method and Description
List<ACR>	getACRValues() Gets the requested Authentication Context Class Reference values.
ClaimsRequest	getClaims() Gets the individual claims to be returned.
List<com.nimbusds.langtag.LangTag>	getClaimsLocales() Gets the end-user's preferred languages and scripts for the claims being returned, ordered by preference.
Display	getDisplay() Gets the requested display type.
com.nimbusds.jwt.JWT	getIDTokenHint() Gets the ID Token hint.
String	getLoginHint() Gets the login hint.
int	getMaxAge() Gets the required maximum authentication age.
Nonce	getNonce() Gets the nonce.
Prompt	getPrompt() Gets the requested prompt.
com.nimbusds.jwt.JWT	getRequestObject() Gets the request object.
URI	getRequestURI() Gets the request object URI.
List<com.nimbusds.langtag.LangTag>	getUILocales() Gets the end-user's preferred languages and scripts for the user interface, ordered by preference.
static AuthenticationRequest	parse(HTTPRequest httpRequest) Parses an authentication request from the specified HTTP GET or HTTP POST request.
static AuthenticationRequest	parse(Map<String,String> params) Parses an OpenID Connect authentication request from the specified parameters.
static AuthenticationRequest	parse(String query) Parses an OpenID Connect authentication request from the specified URI query string.
static AuthenticationRequest	parse(URI uri) Parses an OpenID Connect authentication request from the specified URI.
static AuthenticationRequest	parse(URI uri, Map<String,String> params) Parses an OpenID Connect authentication request from the specified parameters.
static AuthenticationRequest	parse(URI uri, String query) Parses an OpenID Connect authentication request from the specified URI query string.
boolean	specifiesRequestObject() Returns true if this authentication request specifies an OpenID Connect request object (directly through the request parameter or by reference through the request_uri parameter).
Map<String,String>	toParameters() Returns the parameters for this authorisation request.

Methods inherited from class com.nimbusds.oauth2.sdk.AuthorizationRequest

getClientID, getRedirectionURI, getResponseType, getScope, getState, toHTTPRequest, toHTTPRequest, toQueryString, toURI

Methods inherited from class com.nimbusds.oauth2.sdk.AbstractRequest

getEndpointURI

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationRequest

public AuthenticationRequest(URI uri,
                     ResponseType rt,
                     Scope scope,
                     ClientID clientID,
                     URI redirectURI,
                     State state,
                     Nonce nonce)

Creates a new minimal OpenID Connect authentication request.

Parameters:

uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.

rt - The response type. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.

scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.

clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.

redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null.

state - The state. Corresponds to the state parameter. May be null.

nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.

AuthenticationRequest

public AuthenticationRequest(URI uri,
                     ResponseType rt,
                     Scope scope,
                     ClientID clientID,
                     URI redirectURI,
                     State state,
                     Nonce nonce,
                     Display display,
                     Prompt prompt,
                     int maxAge,
                     List<com.nimbusds.langtag.LangTag> uiLocales,
                     List<com.nimbusds.langtag.LangTag> claimsLocales,
                     com.nimbusds.jwt.JWT idTokenHint,
                     String loginHint,
                     List<ACR> acrValues,
                     ClaimsRequest claims,
                     com.nimbusds.jwt.JWT requestObject,
                     URI requestURI)

Creates a new OpenID Connect authentication request.

Parameters:

uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.

rt - The response type set. Corresponds to the response_type parameter. Must specify a valid OpenID Connect response type. Must not be null.

scope - The request scope. Corresponds to the scope parameter. Must contain an openid value. Must not be null.

clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.

redirectURI - The redirection URI. Corresponds to the redirect_uri parameter. Must not be null.

state - The state. Corresponds to the recommended state parameter. null if not specified.

nonce - The nonce. Corresponds to the nonce parameter. May be null for code flow.

display - The requested display type. Corresponds to the optional display parameter. null if not specified.

prompt - The requested prompt. Corresponds to the optional prompt parameter. null if not specified.

maxAge - The required maximum authentication age, in seconds. Corresponds to the optional max_age parameter. Zero if not specified.

uiLocales - The preferred languages and scripts for the user interface. Corresponds to the optional ui_locales parameter. null if not specified.

claimsLocales - The preferred languages and scripts for claims being returned. Corresponds to the optional claims_locales parameter. null if not specified.

idTokenHint - The ID Token hint. Corresponds to the optional id_token_hint parameter. null if not specified.

loginHint - The login hint. Corresponds to the optional login_hint parameter. null if not specified.

acrValues - The requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter. null if not specified.

claims - The individual claims to be returned. Corresponds to the optional claims parameter. null if not specified.

requestObject - The request object. Corresponds to the optional request parameter. Must not be specified together with a request object URI. null if not specified.

requestURI - The request object URI. Corresponds to the optional request_uri parameter. Must not be specified together with a request object. null if not specified.

Method Detail

getNonce

public Nonce getNonce()

Gets the nonce. Corresponds to the conditionally optional nonce parameter.

Returns:

The nonce, null if not specified.

getDisplay

public Display getDisplay()

Gets the requested display type. Corresponds to the optional display parameter.

Returns:

The requested display type, null if not specified.

getPrompt

public Prompt getPrompt()

Gets the requested prompt. Corresponds to the optional prompt parameter.

Returns:

The requested prompt, null if not specified.

getMaxAge

public int getMaxAge()

Gets the required maximum authentication age. Corresponds to the optional max_age parameter.

Returns:

The maximum authentication age, in seconds; 0 if not specified.

getUILocales

public List<com.nimbusds.langtag.LangTag> getUILocales()

Gets the end-user's preferred languages and scripts for the user interface, ordered by preference. Corresponds to the optional ui_locales parameter.

Returns:

The preferred UI locales, null if not specified.

getClaimsLocales

public List<com.nimbusds.langtag.LangTag> getClaimsLocales()

Gets the end-user's preferred languages and scripts for the claims being returned, ordered by preference. Corresponds to the optional claims_locales parameter.

Returns:

The preferred claims locales, null if not specified.

getIDTokenHint

public com.nimbusds.jwt.JWT getIDTokenHint()

Gets the ID Token hint. Corresponds to the conditionally optional id_token_hint parameter.

Returns:

The ID Token hint, null if not specified.

getLoginHint

public String getLoginHint()

Gets the login hint. Corresponds to the optional login_hint parameter.

Returns:

The login hint, null if not specified.

getACRValues

public List<ACR> getACRValues()

Gets the requested Authentication Context Class Reference values. Corresponds to the optional acr_values parameter.

Returns:

The requested ACR values, null if not specified.

getClaims

public ClaimsRequest getClaims()

Gets the individual claims to be returned. Corresponds to the optional claims parameter.

Returns:

The individual claims to be returned, null if not specified.

getRequestObject

public com.nimbusds.jwt.JWT getRequestObject()

Gets the request object. Corresponds to the optional request parameter.

Returns:

The request object, null if not specified.

getRequestURI

public URI getRequestURI()

Gets the request object URI. Corresponds to the optional request_uri parameter.

Returns:

The request object URI, null if not specified.

specifiesRequestObject

public boolean specifiesRequestObject()

Returns true if this authentication request specifies an OpenID Connect request object (directly through the request parameter or by reference through the request_uri parameter).

Returns:

true if a request object is specified, else false.

toParameters

public Map<String,String> toParameters()
                                throws SerializeException

Description copied from class: AuthorizationRequest

Returns the parameters for this authorisation request.

Example parameters:

 response_type = code
 client_id     = s6BhdRkqt3
 state         = xyz
 redirect_uri  = https://client.example.com/cb
 

Overrides:

toParameters in class AuthorizationRequest

Returns:

The parameters.

Throws:

SerializeException - If this authorisation request couldn't be serialised to an parameters map.

parse

public static AuthenticationRequest parse(Map<String,String> params)
                                   throws ParseException

Parses an OpenID Connect authentication request from the specified parameters.

Example parameters:

 response_type = token id_token
 client_id     = s6BhdRkqt3
 redirect_uri  = https://client.example.com/cb
 scope         = openid profile
 state         = af0ifjsldkj
 nonce         = -0S6_WzA2Mj
 

Parameters:

params - The parameters. Must not be null.

Returns:

The OpenID Connect authentication request.

Throws:

ParseException - If the parameters couldn't be parsed to an OpenID Connect authentication request.

parse

public static AuthenticationRequest parse(URI uri,
                          Map<String,String> params)
                                   throws ParseException

Parses an OpenID Connect authentication request from the specified parameters.

Example parameters:

 response_type = token id_token
 client_id     = s6BhdRkqt3
 redirect_uri  = https://client.example.com/cb
 scope         = openid profile
 state         = af0ifjsldkj
 nonce         = -0S6_WzA2Mj
 

Parameters:

uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.

params - The parameters. Must not be null.

Returns:

The OpenID Connect authentication request.

Throws:

ParseException - If the parameters couldn't be parsed to an OpenID Connect authentication request.

parse

public static AuthenticationRequest parse(String query)
                                   throws ParseException

Parses an OpenID Connect authentication request from the specified URI query string.

Example URI query string:

 response_type=token%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb
 &scope=openid%20profile
 &state=af0ifjsldkj
 &nonce=n-0S6_WzA2Mj
 

Parameters:

query - The URI query string. Must not be null.

Returns:

The OpenID Connect authentication request.

Throws:

ParseException - If the query string couldn't be parsed to an OpenID Connect authentication request.

parse

public static AuthenticationRequest parse(URI uri,
                          String query)
                                   throws ParseException

Parses an OpenID Connect authentication request from the specified URI query string.

Example URI query string:

 response_type=token%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb
 &scope=openid%20profile
 &state=af0ifjsldkj
 &nonce=n-0S6_WzA2Mj
 

Parameters:

uri - The URI of the OAuth 2.0 authorisation endpoint. May be null if the AuthorizationRequest.toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.

query - The URI query string. Must not be null.

Returns:

The OpenID Connect authentication request.

Throws:

ParseException - If the query string couldn't be parsed to an OpenID Connect authentication request.

parse

public static AuthenticationRequest parse(URI uri)
                                   throws ParseException

Parses an OpenID Connect authentication request from the specified URI.

Example URI:

 https://server.example.com/authorize?
 response_type=token%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb
 &scope=openid%20profile
 &state=af0ifjsldkj
 &nonce=n-0S6_WzA2Mj
 

Parameters:

uri - The URI. Must not be null.

Returns:

The OpenID Connect authentication request.

Throws:

ParseException - If the query string couldn't be parsed to an OpenID Connect authentication request.

parse

public static AuthenticationRequest parse(HTTPRequest httpRequest)
                                   throws ParseException

Parses an authentication request from the specified HTTP GET or HTTP POST request.

Example HTTP request (GET):

 https://server.example.com/op/authorize?
 response_type=code%20id_token
 &client_id=s6BhdRkqt3
 &redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb
 &scope=openid
 &nonce=n-0S6_WzA2Mj
 &state=af0ifjsldkj
 

Parameters:

httpRequest - The HTTP request. Must not be null.

Returns:

The OpenID Connect authentication request.

Throws:

ParseException - If the HTTP request couldn't be parsed to an OpenID Connect authentication request.