All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.nimbusds.openid.connect.sdk.OIDCScopeValue Maven / Gradle / Ivy

The newest version!
/*
 * oauth2-oidc-sdk
 *
 * Copyright 2012-2016, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.openid.connect.sdk;


import java.util.*;

import net.minidev.json.JSONObject;

import com.nimbusds.oauth2.sdk.Scope;

import com.nimbusds.openid.connect.sdk.claims.ClaimRequirement;
import com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest;


/**
 * Standard OpenID Connect scope value.
 * 
 * 

Related specifications: * *

    *
  • OpenID Connect Core 1.0, section 5.2. *
*/ public class OIDCScopeValue extends Scope.Value { private static final long serialVersionUID = -652181533676125742L; /** * Informs the authorisation server that the client is making an OpenID * Connect request (REQUIRED). This scope value requests access to the * {@code sub} claim. */ public static final OIDCScopeValue OPENID = new OIDCScopeValue("openid", Scope.Value.Requirement.REQUIRED, new String[]{"sub"}); /** * Requests that access to the end-user's default profile claims at the * UserInfo endpoint be granted by the issued access token. These * claims are: {@code name}, {@code family_name}, {@code given_name}, * {@code middle_name}, {@code nickname}, {@code preferred_username}, * {@code profile}, {@code picture}, {@code website}, {@code gender}, * {@code birthdate}, {@code zoneinfo}, {@code locale}, and * {@code updated_at}. */ public static final OIDCScopeValue PROFILE = new OIDCScopeValue("profile", new String[]{"name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at"}); /** * Requests that access to the {@code email} and {@code email_verified} * claims at the UserInfo endpoint be granted by the issued access * token. */ public static final OIDCScopeValue EMAIL = new OIDCScopeValue("email", new String[]{"email", "email_verified"}); /** * Requests that access to {@code address} claim at the UserInfo * endpoint be granted by the issued access token. */ public static final OIDCScopeValue ADDRESS = new OIDCScopeValue("address", new String[]{"address"}); /** * Requests that access to the {@code phone_number} and * {@code phone_number_verified} claims at the UserInfo endpoint be * granted by the issued access token. */ public static final OIDCScopeValue PHONE = new OIDCScopeValue("phone", new String[]{"phone_number", "phone_number_verified"}); /** * Requests that an OAuth 2.0 refresh token be issued that can be used * to obtain an access token that grants access the end-user's UserInfo * endpoint even when the user is not present (not logged in). */ public static final OIDCScopeValue OFFLINE_ACCESS = new OIDCScopeValue("offline_access", null); /** * Returns the standard OpenID Connect scope values declared in this * class. * * @return The standard OpenID Connect scope values. */ public static OIDCScopeValue[] values() { return new OIDCScopeValue[]{ OPENID, PROFILE, EMAIL, ADDRESS, PHONE, OFFLINE_ACCESS }; } /** * The names of the associated claims, {@code null} if not applicable. */ private final Set claims; /** * Creates a new OpenID Connect scope value. * * @param value The scope value. Must not be {@code null}. * @param requirement The requirement. Must not be {@code null}. * @param claims The names of the associated claims, {@code null} * if not applicable. */ private OIDCScopeValue(final String value, final Scope.Value.Requirement requirement, final String[] claims) { super(value, requirement); if (claims != null) this.claims = Collections.unmodifiableSet(new LinkedHashSet<>(Arrays.asList(claims))); else this.claims = null; } /** * Creates a new OpenID Connect scope value. The requirement is set to * {@link OIDCScopeValue.Requirement#OPTIONAL optional}. * * @param value The scope value. Must not be {@code null}. * @param claims The names of the associated claims. Must not be * {@code null}. */ private OIDCScopeValue(final String value, final String[] claims) { this(value, Scope.Value.Requirement.OPTIONAL, claims); } /** * Returns the names of the associated claims. * * @return The names of the associated claims, {@code null} if not * applicable. */ public Set getClaimNames() { return claims; } /** * Gets the claims request JSON object for this OpenID Connect scope * value. * *

See OpenID Connect Core 1.0, section 5.1. * *

Example JSON object for "openid" scope value: * *

	 * {
	 *   "sub" : { "essential" : true }
	 * }
	 * 
* *

Example JSON object for "email" scope value: * *

	 * {
	 *   "email"          : null,
	 *   "email_verified" : null
	 * }
	 * 
* * @return The claims request JSON object, {@code null} if not * applicable. */ public JSONObject toClaimsRequestJSONObject() { JSONObject req = new JSONObject(); if (claims == null) return null; for (String claim: claims) { if (getRequirement() == Scope.Value.Requirement.REQUIRED) { // Essential (applies to OPENID - sub only) JSONObject details = new JSONObject(); details.put("essential", true); req.put(claim, details); } else { // Voluntary req.put(claim, null); } } return req; } /** * Gets the claims request entries for this OpenID Connect scope value. * *

See OpenID Connect Core 1.0, section 5.1. * * @see #toClaimsSetRequestEntries() * * @return The claims request entries, {@code null} if not applicable * (for scope values {@link #OPENID} and * {@link #OFFLINE_ACCESS}). */ @Deprecated public Set toClaimsRequestEntries() { Set entries = new HashSet<>(); if (this == OPENID || this == OFFLINE_ACCESS) return Collections.unmodifiableSet(entries); for (String claimName: getClaimNames()) entries.add(new ClaimsRequest.Entry(claimName).withClaimRequirement(ClaimRequirement.VOLUNTARY)); return Collections.unmodifiableSet(entries); } /** * Gets the OpenID claims request entries for this OpenID Connect scope * value. * *

See OpenID Connect Core 1.0, section 5.1. * * @return The OpenID claims request entries, {@code null} if not * applicable (for scope values {@link #OPENID} and * {@link #OFFLINE_ACCESS}). */ public List toClaimsSetRequestEntries() { List entries = new LinkedList<>(); if (this == OPENID || this == OFFLINE_ACCESS) return Collections.unmodifiableList(entries); for (String claimName: getClaimNames()) entries.add(new ClaimsSetRequest.Entry(claimName).withClaimRequirement(ClaimRequirement.VOLUNTARY)); return Collections.unmodifiableList(entries); } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy