All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.gravitee.am.common.oidc.ClientAuthenticationMethod Maven / Gradle / Ivy

There is a newer version: 4.6.0-alpha.2
Show newest version
/**
 * Copyright (C) 2015 The Gravitee team (http://gravitee.io)
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.gravitee.am.common.oidc;

import java.util.Arrays;
import java.util.List;

/**
 * OpenID Connect Client Authentication methods
 *
 * See 9. Client Authentication/a>
 * See 2.  Mutual TLS for OAuth Client Authentication
 *
 * @author Titouan COMPIEGNE (titouan.compiegne at graviteesource.com)
 * @author David BRASSELY (david.brassely at graviteesource.com)
 * @author GraviteeSource Team
 */
public interface ClientAuthenticationMethod {

    /**
     * Clients that have received a client_secret value from the Authorization Server authenticate with the Authorization Server
     * in accordance with Section 2.3.1 of OAuth 2.0 [RFC6749] using the HTTP Basic authentication scheme.
     */
    String CLIENT_SECRET_BASIC = "client_secret_basic";

    /**
     * Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server
     * in accordance with Section 2.3.1 of OAuth 2.0 [RFC6749] by including the Client Credentials in the request body.
     */
    String CLIENT_SECRET_POST = "client_secret_post";

    /**
     * Clients that have received a client_secret value from the Authorization Server create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256.
     * The HMAC (Hash-based Message Authentication Code) is calculated using the octets of the UTF-8 representation of the client_secret as the shared key.
     */
    String CLIENT_SECRET_JWT = "client_secret_jwt";

    /**
     * Clients that have registered a public key sign a JWT using that key.
     */
    String PRIVATE_KEY_JWT = "private_key_jwt";

    /**
     * The Client does not authenticate itself at the Token Endpoint, either because it uses only the Implicit Flow (and so does not use the Token Endpoint) or because it is a Public Client with no Client Secret or other authentication mechanism.
     */
    String NONE = "none";

    /**
     * Utilizing a PKI client certificate used in a TLS connection.
     */
    String TLS_CLIENT_AUTH = "tls_client_auth";

    /**
     * Utilizing a self-signed client certificate used in a TLS connection.
     */
    String SELF_SIGNED_TLS_CLIENT_AUTH = "self_signed_tls_client_auth";

    /**
     * URN to identify the ClientAssertion using JWT token
     */
    String JWT_BEARER = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";

    static List supportedValues() {
        return Arrays.asList(
                CLIENT_SECRET_BASIC,
                CLIENT_SECRET_POST,
                PRIVATE_KEY_JWT,
                CLIENT_SECRET_JWT,
                TLS_CLIENT_AUTH,
                SELF_SIGNED_TLS_CLIENT_AUTH);
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy