All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod Maven / Gradle / Ivy

Go to download

OAuth 2.0 SDK with OpenID Connection extensions for developing client and server applications.

There is a newer version: 11.20.1
Show newest version
/*
 * oauth2-oidc-sdk
 *
 * Copyright 2012-2016, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.oauth2.sdk.auth;


import com.nimbusds.oauth2.sdk.id.Identifier;
import net.jcip.annotations.Immutable;


/**
 * Client authentication method at the Token endpoint.
 *
 * 

Constants are provided for four client authentication methods: * *

    *
  • {@link #CLIENT_SECRET_BASIC client_secret_basic} (default) *
  • {@link #CLIENT_SECRET_POST client_secret_post} *
  • {@link #CLIENT_SECRET_JWT client_secret_jwt} *
  • {@link #PRIVATE_KEY_JWT private_key_jwt} *
  • {@link #TLS_CLIENT_AUTH tls_client_auth} *
  • {@link #SELF_SIGNED_TLS_CLIENT_AUTH self_signed_tls_client_auth} *
  • {@link #REQUEST_OBJECT request_object} *
  • {@link #NONE none} *
* *

Use the constructor to define a custom client authentication method. * *

Related specifications: * *

    *
  • OAuth 2.0 (RFC 6749) *
  • OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591) *
  • OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound * Access Tokens (RFC 8705) *
  • OpenID Connect Federation 1.0. *
*/ @Immutable public final class ClientAuthenticationMethod extends Identifier { private static final long serialVersionUID = 1L; /** * Clients that have received a client secret from the authorisation * server authenticate with the authorisation server in accordance with * section 3.2.1 of OAuth 2.0 using HTTP Basic authentication. This is * the default if no method has been registered for the client. */ public static final ClientAuthenticationMethod CLIENT_SECRET_BASIC = new ClientAuthenticationMethod("client_secret_basic"); /** * Clients that have received a client secret from the authorisation * server authenticate with the authorisation server in accordance with * section 3.2.1 of OAuth 2.0 by including the client credentials in * the request body. */ public static final ClientAuthenticationMethod CLIENT_SECRET_POST = new ClientAuthenticationMethod("client_secret_post"); /** * Clients that have received a client secret from the authorisation * server, create a JWT using an HMAC SHA algorithm, such as HMAC * SHA-256. The HMAC (Hash-based Message Authentication Code) is * calculated using the value of client secret as the shared key. The * client authenticates in accordance with section 2.2 of (JWT) Bearer * Token Profiles and OAuth 2.0 Assertion Profile. */ public static final ClientAuthenticationMethod CLIENT_SECRET_JWT = new ClientAuthenticationMethod("client_secret_jwt"); /** * Clients that have registered a public key sign a JWT using the RSA * algorithm if a RSA key was registered or the ECDSA algorithm if an * Elliptic Curve key was registered (see JWA for the algorithm * identifiers). The client authenticates in accordance with section * 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile. */ public static final ClientAuthenticationMethod PRIVATE_KEY_JWT = new ClientAuthenticationMethod("private_key_jwt"); /** * PKI mutual TLS OAuth client authentication. See OAuth 2.0 Mutual TLS * Client Authentication and Certificate Bound Access Tokens (RFC * 8705), section 2.1. */ public static final ClientAuthenticationMethod TLS_CLIENT_AUTH = new ClientAuthenticationMethod("tls_client_auth"); /** * Self-signed certificate mutual TLS OAuth client authentication. See * OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound * Access Tokens (RFC 8705), section 2.2. */ public static final ClientAuthenticationMethod SELF_SIGNED_TLS_CLIENT_AUTH = new ClientAuthenticationMethod("self_signed_tls_client_auth"); /** * Client verification by means of a request object at the * authorisation or PAR endpoints. Intended for OpenID Connect * Federation 1.0 clients undertaking automatic registration. See * OpenID Connect Federation 1.0. */ public static final ClientAuthenticationMethod REQUEST_OBJECT = new ClientAuthenticationMethod("request_object"); /** * The client is a public client as defined in OAuth 2.0 and does not * have a client secret. */ public static final ClientAuthenticationMethod NONE = new ClientAuthenticationMethod("none"); /** * Gets the default client authentication method. * * @return {@link #CLIENT_SECRET_BASIC} */ public static ClientAuthenticationMethod getDefault() { return CLIENT_SECRET_BASIC; } /** * Creates a new client authentication method with the specified value. * * @param value The authentication method value. Must not be * {@code null} or empty string. */ public ClientAuthenticationMethod(final String value) { super(value); } /** * Parses a client authentication method from the specified value. * * @param value The authentication method value. Must not be * {@code null} or empty string. * * @return The client authentication method. */ public static ClientAuthenticationMethod parse(final String value) { if (value.equals(CLIENT_SECRET_BASIC.getValue())) { return CLIENT_SECRET_BASIC; } else if (value.equals(CLIENT_SECRET_POST.getValue())) { return CLIENT_SECRET_POST; } else if (value.equals(CLIENT_SECRET_JWT.getValue())) { return CLIENT_SECRET_JWT; } else if (value.equals(PRIVATE_KEY_JWT.getValue())) { return PRIVATE_KEY_JWT; } else if (value.equalsIgnoreCase(TLS_CLIENT_AUTH.getValue())) { return TLS_CLIENT_AUTH; } else if (value.equalsIgnoreCase(SELF_SIGNED_TLS_CLIENT_AUTH.getValue())) { return SELF_SIGNED_TLS_CLIENT_AUTH; } else if (value.equalsIgnoreCase(REQUEST_OBJECT.getValue())) { return REQUEST_OBJECT; } else if (value.equals(NONE.getValue())) { return NONE; } else { return new ClientAuthenticationMethod(value); } } @Override public boolean equals(final Object object) { return object instanceof ClientAuthenticationMethod && this.toString().equals(object.toString()); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy