All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.nimbusds.oauth2.sdk.auth.verifier.ClientCredentialsSelector Maven / Gradle / Ivy

Go to download

OAuth 2.0 SDK with OpenID Connection extensions for developing client and server applications.

There is a newer version: 11.19.1
Show newest version
/*
 * oauth2-oidc-sdk
 *
 * Copyright 2012-2016, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.oauth2.sdk.auth.verifier;


import java.security.PublicKey;
import java.util.List;

import com.nimbusds.jose.JWSHeader;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.auth.SelfSignedTLSClientAuthentication;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;


/**
 * Selector of client credential candidates for client authentication
 * verification. The select methods should typically return a single candidate,
 * but may also return multiple in case the client rotates its keys.
 *
 * 

Implementations must be tread-safe. * *

Selection of {@link com.nimbusds.oauth2.sdk.auth.ClientSecretBasic * client_secret_basic}, {@link com.nimbusds.oauth2.sdk.auth.ClientSecretPost * client_secret_post} and {@link com.nimbusds.oauth2.sdk.auth.ClientSecretJWT * client_secret_jwt} secrets is handled by the {@link #selectClientSecrets} * method. * *

Selection of {@link com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT * private_key_jwt} and * {@link SelfSignedTLSClientAuthentication pub_key_tls_client_auth} * keys is handled by the {@link #selectPublicKeys} method. * *

The generic {@link Context context object} may be used to return * {@link com.nimbusds.oauth2.sdk.client.ClientMetadata client metadata} or * other information to the caller. */ public interface ClientCredentialsSelector { /** * Selects one or more client secret candidates for * {@link com.nimbusds.oauth2.sdk.auth.ClientSecretBasic client_secret_basic}, * {@link com.nimbusds.oauth2.sdk.auth.ClientSecretPost client_secret_post} and * {@link com.nimbusds.oauth2.sdk.auth.ClientSecretJWT client_secret_jwt} * authentication. * * @param claimedClientID The client identifier (to be verified). Not * {@code null}. * @param authMethod The client authentication method. Not * {@code null}. * @param context Additional context. May be {@code null}. * * @return The selected client secret candidates, empty list if none. * * @throws InvalidClientException If the client is invalid. */ List selectClientSecrets(final ClientID claimedClientID, final ClientAuthenticationMethod authMethod, final Context context) throws InvalidClientException; /** * Selects one or more public key candidates (e.g. RSA or EC) for * {@link com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT private_key_jwt} * and {@link SelfSignedTLSClientAuthentication * pub_key_tls_client_auth} authentication. * * @param claimedClientID The client identifier (to be verified). Not * {@code null}. * @param authMethod The client authentication method. Not * {@code null}. * @param jwsHeader The JWS header, which may contain parameters * such as key ID to facilitate the key * selection. {@code null} for TLS client * authentication. * @param forceRefresh {@code true} to force refresh of the JWK set * (for a remote JWK set referenced by URL). * @param context Additional context. May be {@code null}. * * @return The selected public key candidates, empty list if none. * * @throws InvalidClientException If the client is invalid. */ List selectPublicKeys(final ClientID claimedClientID, final ClientAuthenticationMethod authMethod, final JWSHeader jwsHeader, final boolean forceRefresh, final Context context) throws InvalidClientException; }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy