io.gravitee.am.gateway.handler.oidc.service.clientregistration.DynamicClientRegistrationRequest Maven / Gradle / Ivy
/**
* Copyright (C) 2015 The Gravitee team (http://gravitee.io)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.gravitee.am.gateway.handler.oidc.service.clientregistration;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import io.gravitee.am.gateway.handler.oidc.service.jwk.converter.JWKSetDeserializer;
import io.gravitee.am.model.application.ApplicationScopeSettings;
import io.gravitee.am.model.oidc.Client;
import io.gravitee.am.model.oidc.JWKSet;
import io.gravitee.am.service.utils.SetterUtils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import static io.gravitee.am.common.oidc.Scope.SCOPE_DELIMITER;
/**
* @author Alexandre FARIA (contact at alexandrefaria.net)
* @author GraviteeSource Team
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class DynamicClientRegistrationRequest {
/*******************************************************************************
* Metadata in same order than the openid specification
* https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
********************************************************************************/
@JsonProperty("redirect_uris")
private Optional> redirectUris;
@JsonProperty("response_types")
private Optional> responseTypes;
@JsonProperty("grant_types")
private Optional> grantTypes;
@JsonProperty("application_type")
private Optional applicationType;
@JsonProperty("contacts")
private Optional> contacts;
@JsonProperty("client_name")
private Optional clientName;
@JsonProperty("logo_uri")
private Optional logoUri;
@JsonProperty("client_uri")
private Optional clientUri;
@JsonProperty("policy_uri")
private Optional policyUri;
@JsonProperty("tos_uri")
private Optional tosUri;
@JsonProperty("jwks_uri")
private Optional jwksUri;
@JsonProperty("jwks")
@JsonDeserialize(converter = JWKSetDeserializer.class)
private Optional jwks;
@JsonProperty("sector_identifier_uri")
private Optional sectorIdentifierUri;
@JsonProperty("subject_type")
private Optional subjectType;
@JsonProperty("id_token_signed_response_alg")
private Optional idTokenSignedResponseAlg;
@JsonProperty("id_token_encrypted_response_alg")
private Optional idTokenEncryptedResponseAlg;
@JsonProperty("id_token_encrypted_response_enc")
private Optional idTokenEncryptedResponseEnc;
@JsonProperty("userinfo_signed_response_alg")
private Optional userinfoSignedResponseAlg;
@JsonProperty("userinfo_encrypted_response_alg")
private Optional userinfoEncryptedResponseAlg;
@JsonProperty("userinfo_encrypted_response_enc")
private Optional userinfoEncryptedResponseEnc;
@JsonProperty("request_object_signing_alg")
private Optional requestObjectSigningAlg;
@JsonProperty("request_object_encryption_alg")
private Optional requestObjectEncryptionAlg;
@JsonProperty("request_object_encryption_enc")
private Optional requestObjectEncryptionEnc;
@JsonProperty("require_pushed_authorization_requests")
private Optional requireParRequest;
@JsonProperty("token_endpoint_auth_method")
private Optional tokenEndpointAuthMethod;
@JsonProperty("token_endpoint_auth_signing_alg")
private Optional tokenEndpointAuthSigningAlg;
@JsonProperty("default_max_age")
private Optional defaultMaxAge;
@JsonProperty("require_auth_time")
private Optional requireAuthTime;
@JsonProperty("default_acr_values")
private Optional> defaultACRvalues;
@JsonProperty("initiate_login_uri")
private Optional initiateLoginUri;
@JsonProperty("request_uris")
private Optional> requestUris;
/*******************************************************************************
* Oauth2 metadata in addition to RFC specification
* https://tools.ietf.org/html/rfc7591#section-2
* https://tools.ietf.org/html/rfc7591#section-3.1.1
********************************************************************************/
//https://tools.ietf.org/html/rfc7591#section-4.1.2 : scope is Optional space delimited
@JsonProperty("scope")
private Optional scope;
@JsonProperty("software_id")
private Optional softwareId; //Should be UUID
@JsonProperty("software_version")
private Optional softwareVersion;
@JsonProperty("software_statement")
private Optional softwareStatement; //Should be JWT
/*******************************************************************************
* Client certificate authentication metadata in addition to RFC specification
* https://tools.ietf.org/html/rfc8705#section-2.1.2
********************************************************************************/
@JsonProperty("tls_client_auth_subject_dn")
private Optional tlsClientAuthSubjectDn;
@JsonProperty("tls_client_auth_san_dns")
private Optional tlsClientAuthSanDns;
@JsonProperty("tls_client_auth_san_uri")
private Optional tlsClientAuthSanUri;
@JsonProperty("tls_client_auth_san_ip")
private Optional tlsClientAuthSanIp;
@JsonProperty("tls_client_auth_san_email")
private Optional tlsClientAuthSanEmail;
@JsonProperty("tls_client_certificate_bound_access_tokens")
private Optional tlsClientCertificateBoundAccessTokens;
/*******************************************************************************
* Metadata in same order than the openid JARM specification
* https://openid.net//specs/openid-financial-api-jarm.html#client-metadata
********************************************************************************/
@JsonProperty("authorization_signed_response_alg")
private Optional authorizationSignedResponseAlg;
@JsonProperty("authorization_encrypted_response_alg")
private Optional authorizationEncryptedResponseAlg;
@JsonProperty("authorization_encrypted_response_enc")
private Optional authorizationEncryptedResponseEnc;
/*******************************************************************************
* OpenID Connect RP-Initiated Logout metadata in addition to RFC specification
* https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ClientMetadata
********************************************************************************/
@JsonProperty("post_logout_redirect_uris")
private Optional> postLogoutRedirectUris;
/*******************************************************************************
* OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0
* https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#registration
********************************************************************************/
@JsonProperty("backchannel_token_delivery_mode")
private Optional backchannelTokenDeliveryMode;
@JsonProperty("backchannel_client_notification_endpoint")
private Optional backchannelClientNotificationEndpoint;
@JsonProperty("backchannel_authentication_request_signing_alg")
private Optional backchannelAuthRequestSignAlg;
@JsonProperty("backchannel_user_code_parameter")
private Optional backchannelUserCodeParameter;
// GETTER AND SETTERS //
public Optional> getRedirectUris() {
return redirectUris;
}
public void setRedirectUris(Optional> redirectUris) {
this.redirectUris = redirectUris;
}
public Optional> getResponseTypes() {
return responseTypes;
}
public void setResponseTypes(Optional> responseTypes) {
this.responseTypes = responseTypes;
}
public Optional> getGrantTypes() {
return grantTypes;
}
public void setGrantTypes(Optional> grantTypes) {
this.grantTypes = grantTypes;
}
public Optional getApplicationType() {
return applicationType;
}
public void setApplicationType(Optional applicationType) {
this.applicationType = applicationType;
}
public Optional> getContacts() {
return contacts;
}
public void setContacts(Optional> contacts) {
this.contacts = contacts;
}
public Optional getClientName() {
return clientName;
}
public void setClientName(Optional clientName) {
this.clientName = clientName;
}
public Optional getLogoUri() {
return logoUri;
}
public void setLogoUri(Optional logoUri) {
this.logoUri = logoUri;
}
public Optional getClientUri() {
return clientUri;
}
public void setClientUri(Optional clientUri) {
this.clientUri = clientUri;
}
public Optional getPolicyUri() {
return policyUri;
}
public void setPolicyUri(Optional policyUri) {
this.policyUri = policyUri;
}
public Optional getTosUri() {
return tosUri;
}
public void setTosUri(Optional tosUri) {
this.tosUri = tosUri;
}
public Optional getJwksUri() {
return jwksUri;
}
public void setJwksUri(Optional jwksUri) {
this.jwksUri = jwksUri;
}
public Optional getJwks() {
return jwks;
}
public void setJwks(Optional jwks) {
this.jwks = jwks;
}
public Optional getSectorIdentifierUri() {
return sectorIdentifierUri;
}
public void setSectorIdentifierUri(Optional sectorIdentifierUri) {
this.sectorIdentifierUri = sectorIdentifierUri;
}
public Optional getSubjectType() {
return subjectType;
}
public void setSubjectType(Optional subjectType) {
this.subjectType = subjectType;
}
public Optional getIdTokenSignedResponseAlg() {
return idTokenSignedResponseAlg;
}
public void setIdTokenSignedResponseAlg(Optional idTokenSignedResponseAlg) {
this.idTokenSignedResponseAlg = idTokenSignedResponseAlg;
}
public Optional getIdTokenEncryptedResponseAlg() {
return idTokenEncryptedResponseAlg;
}
public void setIdTokenEncryptedResponseAlg(Optional idTokenEncryptedResponseAlg) {
this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg;
}
public Optional getIdTokenEncryptedResponseEnc() {
return idTokenEncryptedResponseEnc;
}
public void setIdTokenEncryptedResponseEnc(Optional idTokenEncryptedResponseEnc) {
this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc;
}
public Optional getUserinfoSignedResponseAlg() {
return userinfoSignedResponseAlg;
}
public void setUserinfoSignedResponseAlg(Optional userinfoSignedResponseAlg) {
this.userinfoSignedResponseAlg = userinfoSignedResponseAlg;
}
public Optional getUserinfoEncryptedResponseAlg() {
return userinfoEncryptedResponseAlg;
}
public void setUserinfoEncryptedResponseAlg(Optional userinfoEncryptedResponseAlg) {
this.userinfoEncryptedResponseAlg = userinfoEncryptedResponseAlg;
}
public Optional getUserinfoEncryptedResponseEnc() {
return userinfoEncryptedResponseEnc;
}
public void setUserinfoEncryptedResponseEnc(Optional userinfoEncryptedResponseEnc) {
this.userinfoEncryptedResponseEnc = userinfoEncryptedResponseEnc;
}
public Optional getRequestObjectSigningAlg() {
return requestObjectSigningAlg;
}
public void setRequestObjectSigningAlg(Optional requestObjectSigningAlg) {
this.requestObjectSigningAlg = requestObjectSigningAlg;
}
public Optional getRequestObjectEncryptionAlg() {
return requestObjectEncryptionAlg;
}
public void setRequestObjectEncryptionAlg(Optional requestObjectEncryptionAlg) {
this.requestObjectEncryptionAlg = requestObjectEncryptionAlg;
}
public Optional getRequestObjectEncryptionEnc() {
return requestObjectEncryptionEnc;
}
public void setRequestObjectEncryptionEnc(Optional requestObjectEncryptionEnc) {
this.requestObjectEncryptionEnc = requestObjectEncryptionEnc;
}
public Optional getTokenEndpointAuthMethod() {
return tokenEndpointAuthMethod;
}
public void setTokenEndpointAuthMethod(Optional tokenEndpointAuthMethod) {
this.tokenEndpointAuthMethod = tokenEndpointAuthMethod;
}
public Optional getTokenEndpointAuthSigningAlg() {
return tokenEndpointAuthSigningAlg;
}
public void setTokenEndpointAuthSigningAlg(Optional tokenEndpointAuthSigningAlg) {
this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg;
}
public Optional getDefaultMaxAge() {
return defaultMaxAge;
}
public void setDefaultMaxAge(Optional defaultMaxAge) {
this.defaultMaxAge = defaultMaxAge;
}
public Optional getRequireAuthTime() {
return requireAuthTime;
}
public void setRequireAuthTime(Optional requireAuthTime) {
this.requireAuthTime = requireAuthTime;
}
public Optional> getDefaultACRvalues() {
return defaultACRvalues;
}
public void setDefaultACRvalues(Optional> defaultACRvalues) {
this.defaultACRvalues = defaultACRvalues;
}
public Optional getInitiateLoginUri() {
return initiateLoginUri;
}
public void setInitiateLoginUri(Optional initiateLoginUri) {
this.initiateLoginUri = initiateLoginUri;
}
public Optional> getRequestUris() {
return requestUris;
}
public void setRequestUris(Optional> requestUris) {
this.requestUris = requestUris;
}
public Optional> getScope() {
if (this.scope == null) return null; //Keep null to avoid patch...
if (this.scope.isEmpty() || this.scope.get().trim().isEmpty()) {
return Optional.empty();
}
return Optional.of(Arrays.asList(scope.get().split(SCOPE_DELIMITER)));
}
public void setScope(Optional scope) {
this.scope = scope;
}
public Optional getSoftwareId() {
return softwareId;
}
public void setSoftwareId(Optional softwareId) {
this.softwareId = softwareId;
}
public Optional getSoftwareVersion() {
return softwareVersion;
}
public void setSoftwareVersion(Optional softwareVersion) {
this.softwareVersion = softwareVersion;
}
public Optional getSoftwareStatement() {
return softwareStatement;
}
public void setSoftwareStatement(Optional softwareStatement) {
this.softwareStatement = softwareStatement;
}
public Optional getTlsClientAuthSubjectDn() {
return tlsClientAuthSubjectDn;
}
public void setTlsClientAuthSubjectDn(Optional tlsClientAuthSubjectDn) {
this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn;
}
public Optional getTlsClientAuthSanDns() {
return tlsClientAuthSanDns;
}
public void setTlsClientAuthSanDns(Optional tlsClientAuthSanDns) {
this.tlsClientAuthSanDns = tlsClientAuthSanDns;
}
public Optional getTlsClientAuthSanUri() {
return tlsClientAuthSanUri;
}
public void setTlsClientAuthSanUri(Optional tlsClientAuthSanUri) {
this.tlsClientAuthSanUri = tlsClientAuthSanUri;
}
public Optional getTlsClientAuthSanIp() {
return tlsClientAuthSanIp;
}
public void setTlsClientAuthSanIp(Optional tlsClientAuthSanIp) {
this.tlsClientAuthSanIp = tlsClientAuthSanIp;
}
public Optional getTlsClientAuthSanEmail() {
return tlsClientAuthSanEmail;
}
public void setTlsClientAuthSanEmail(Optional tlsClientAuthSanEmail) {
this.tlsClientAuthSanEmail = tlsClientAuthSanEmail;
}
public Optional getTlsClientCertificateBoundAccessTokens() {
return tlsClientCertificateBoundAccessTokens;
}
public void setTlsClientCertificateBoundAccessTokens(Optional tlsClientCertificateBoundAccessTokens) {
this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens;
}
public Optional getAuthorizationSignedResponseAlg() {
return authorizationSignedResponseAlg;
}
public void setAuthorizationSignedResponseAlg(Optional authorizationSignedResponseAlg) {
this.authorizationSignedResponseAlg = authorizationSignedResponseAlg;
}
public Optional getAuthorizationEncryptedResponseAlg() {
return authorizationEncryptedResponseAlg;
}
public void setAuthorizationEncryptedResponseAlg(Optional authorizationEncryptedResponseAlg) {
this.authorizationEncryptedResponseAlg = authorizationEncryptedResponseAlg;
}
public Optional getAuthorizationEncryptedResponseEnc() {
return authorizationEncryptedResponseEnc;
}
public void setAuthorizationEncryptedResponseEnc(Optional authorizationEncryptedResponseEnc) {
this.authorizationEncryptedResponseEnc = authorizationEncryptedResponseEnc;
}
public Optional> getPostLogoutRedirectUris() {
return postLogoutRedirectUris;
}
public void setPostLogoutRedirectUris(Optional> postLogoutRedirectUris) {
this.postLogoutRedirectUris = postLogoutRedirectUris;
}
public Optional getRequireParRequest() {
return requireParRequest;
}
public void setRequireParRequest(Optional requireParRequest) {
this.requireParRequest = requireParRequest;
}
public Optional getBackchannelTokenDeliveryMode() {
return backchannelTokenDeliveryMode;
}
public void setBackchannelTokenDeliveryMode(Optional backchannelTokenDeliveryMode) {
this.backchannelTokenDeliveryMode = backchannelTokenDeliveryMode;
}
public Optional getBackchannelClientNotificationEndpoint() {
return backchannelClientNotificationEndpoint;
}
public void setBackchannelClientNotificationEndpoint(Optional backchannelClientNotificationEndpoint) {
this.backchannelClientNotificationEndpoint = backchannelClientNotificationEndpoint;
}
public Optional getBackchannelAuthRequestSignAlg() {
return backchannelAuthRequestSignAlg;
}
public void setBackchannelAuthRequestSignAlg(Optional backchannelAuthRequestSignAlg) {
this.backchannelAuthRequestSignAlg = backchannelAuthRequestSignAlg;
}
public Optional getBackchannelUserCodeParameter() {
return backchannelUserCodeParameter;
}
public void setBackchannelUserCodeParameter(Optional backchannelUserCodeParameter) {
this.backchannelUserCodeParameter = backchannelUserCodeParameter;
}
@Override
public String toString() {
return "ClientPayload{clientName='" + (clientName != null ? clientName.orElse("") : "") + "\'}";
}
public Client patch(Client client) {
/* set openid request metadata */
SetterUtils.safeSet(client::setRedirectUris, this.getRedirectUris());
SetterUtils.safeSet(client::setResponseTypes, this.getResponseTypes());
SetterUtils.safeSet(client::setAuthorizedGrantTypes, this.getGrantTypes());
SetterUtils.safeSet(client::setApplicationType, this.getApplicationType());
SetterUtils.safeSet(client::setContacts, this.getContacts());
SetterUtils.safeSet(client::setClientName, this.getClientName());
SetterUtils.safeSet(client::setLogoUri, this.getLogoUri());
SetterUtils.safeSet(client::setClientUri, this.getClientUri());
SetterUtils.safeSet(client::setPolicyUri, this.getPolicyUri());
SetterUtils.safeSet(client::setTosUri, this.getTosUri());
SetterUtils.safeSet(client::setJwksUri, this.getJwksUri());
SetterUtils.safeSet(client::setJwks, this.getJwks());
SetterUtils.safeSet(client::setSectorIdentifierUri, this.getSectorIdentifierUri());
SetterUtils.safeSet(client::setSubjectType, this.getSubjectType());
SetterUtils.safeSet(client::setIdTokenSignedResponseAlg, this.getIdTokenSignedResponseAlg());
SetterUtils.safeSet(client::setIdTokenEncryptedResponseAlg, this.getIdTokenEncryptedResponseAlg());
SetterUtils.safeSet(client::setIdTokenEncryptedResponseEnc, this.getIdTokenEncryptedResponseEnc());
SetterUtils.safeSet(client::setUserinfoSignedResponseAlg, this.getUserinfoSignedResponseAlg());
SetterUtils.safeSet(client::setUserinfoEncryptedResponseAlg, this.getUserinfoEncryptedResponseAlg());
SetterUtils.safeSet(client::setUserinfoEncryptedResponseEnc, this.getUserinfoEncryptedResponseEnc());
SetterUtils.safeSet(client::setRequestObjectSigningAlg, this.getRequestObjectSigningAlg());
SetterUtils.safeSet(client::setRequestObjectEncryptionAlg, this.getRequestObjectEncryptionAlg());
SetterUtils.safeSet(client::setRequestObjectEncryptionEnc, this.getRequestObjectEncryptionEnc());
SetterUtils.safeSet(client::setTokenEndpointAuthMethod, this.getTokenEndpointAuthMethod());
SetterUtils.safeSet(client::setTokenEndpointAuthSigningAlg, this.getTokenEndpointAuthSigningAlg());
SetterUtils.safeSet(client::setDefaultMaxAge, this.getDefaultMaxAge());
SetterUtils.safeSet(client::setRequireAuthTime, this.getRequireAuthTime(), boolean.class);
SetterUtils.safeSet(client::setDefaultACRvalues, this.getDefaultACRvalues());
SetterUtils.safeSet(client::setInitiateLoginUri, this.getInitiateLoginUri());
SetterUtils.safeSet(client::setRequestUris, this.getRequestUris());
SetterUtils.safeSet(client::setAuthorizationSignedResponseAlg, this.getAuthorizationSignedResponseAlg());
SetterUtils.safeSet(client::setAuthorizationEncryptedResponseAlg, this.getAuthorizationEncryptedResponseAlg());
SetterUtils.safeSet(client::setAuthorizationEncryptedResponseEnc, this.getAuthorizationEncryptedResponseEnc());
/* set oauth2 request metadata */
updateScopeSettings(client);
SetterUtils.safeSet(client::setSoftwareId, this.getSoftwareId());
SetterUtils.safeSet(client::setSoftwareVersion, this.getSoftwareVersion());
SetterUtils.safeSet(client::setSoftwareStatement, this.getSoftwareStatement());
/* set client certificate-based authentication */
SetterUtils.safeSet(client::setTlsClientAuthSubjectDn, this.getTlsClientAuthSubjectDn());
SetterUtils.safeSet(client::setTlsClientAuthSanDns, this.getTlsClientAuthSanDns());
SetterUtils.safeSet(client::setTlsClientAuthSanEmail, this.getTlsClientAuthSanEmail());
SetterUtils.safeSet(client::setTlsClientAuthSanIp, this.getTlsClientAuthSanIp());
SetterUtils.safeSet(client::setTlsClientAuthSanUri, this.getTlsClientAuthSanUri());
SetterUtils.safeSet(client::setTlsClientCertificateBoundAccessTokens, this.getTlsClientCertificateBoundAccessTokens());
/* set client require_pushed_authorization_requests : https://datatracker.ietf.org/doc/html/draft-ietf-oauth-par#page-16 */
SetterUtils.safeSet(client::setRequireParRequest, this.getRequireParRequest());
/* set OpenID Connect RP-Initiated Logout metadata */
SetterUtils.safeSet(client::setPostLogoutRedirectUris, this.getPostLogoutRedirectUris());
SetterUtils.safeSet(client::setBackchannelTokenDeliveryMode, this.getBackchannelTokenDeliveryMode());
SetterUtils.safeSet(client::setBackchannelUserCodeParameter, this.getBackchannelUserCodeParameter());
SetterUtils.safeSet(client::setBackchannelAuthRequestSignAlg, this.getBackchannelAuthRequestSignAlg());
SetterUtils.safeSet(client::setBackchannelClientNotificationEndpoint, this.getBackchannelClientNotificationEndpoint());
return client;
}
private Optional getScopeSettings(List currentClientScopeSettings, String lookup) {
return currentClientScopeSettings.stream().filter(setting -> setting.getScope().equalsIgnoreCase(lookup)).findFirst();
}
public Client update(Client client) {
/* set openid request metadata */
SetterUtils.set(client::setRedirectUris, this.getRedirectUris());
SetterUtils.set(client::setResponseTypes, this.getResponseTypes());
SetterUtils.set(client::setAuthorizedGrantTypes, this.getGrantTypes());
SetterUtils.set(client::setApplicationType, this.getApplicationType());
SetterUtils.set(client::setContacts, this.getContacts());
SetterUtils.set(client::setClientName, this.getClientName());
SetterUtils.set(client::setLogoUri, this.getLogoUri());
SetterUtils.set(client::setClientUri, this.getClientUri());
SetterUtils.set(client::setPolicyUri, this.getPolicyUri());
SetterUtils.set(client::setTosUri, this.getTosUri());
SetterUtils.set(client::setJwksUri, this.getJwksUri());
SetterUtils.set(client::setJwks, this.getJwks());
SetterUtils.set(client::setSectorIdentifierUri, this.getSectorIdentifierUri());
SetterUtils.set(client::setSubjectType, this.getSubjectType());
SetterUtils.set(client::setIdTokenSignedResponseAlg, this.getIdTokenSignedResponseAlg());
SetterUtils.set(client::setIdTokenEncryptedResponseAlg, this.getIdTokenEncryptedResponseAlg());
SetterUtils.set(client::setIdTokenEncryptedResponseEnc, this.getIdTokenEncryptedResponseEnc());
SetterUtils.set(client::setUserinfoSignedResponseAlg, this.getUserinfoSignedResponseAlg());
SetterUtils.set(client::setUserinfoEncryptedResponseAlg, this.getUserinfoEncryptedResponseAlg());
SetterUtils.set(client::setUserinfoEncryptedResponseEnc, this.getUserinfoEncryptedResponseEnc());
SetterUtils.set(client::setRequestObjectSigningAlg, this.getRequestObjectSigningAlg());
SetterUtils.set(client::setRequestObjectEncryptionAlg, this.getRequestObjectEncryptionAlg());
SetterUtils.set(client::setRequestObjectEncryptionEnc, this.getRequestObjectEncryptionEnc());
SetterUtils.set(client::setTokenEndpointAuthMethod, this.getTokenEndpointAuthMethod());
SetterUtils.set(client::setTokenEndpointAuthSigningAlg, this.getTokenEndpointAuthSigningAlg());
SetterUtils.set(client::setDefaultMaxAge, this.getDefaultMaxAge());
SetterUtils.set(client::setRequireAuthTime, this.getRequireAuthTime());
SetterUtils.set(client::setDefaultACRvalues, this.getDefaultACRvalues());
SetterUtils.set(client::setInitiateLoginUri, this.getInitiateLoginUri());
SetterUtils.set(client::setRequestUris, this.getRequestUris());
SetterUtils.set(client::setAuthorizationSignedResponseAlg, this.getAuthorizationSignedResponseAlg());
SetterUtils.set(client::setAuthorizationEncryptedResponseAlg, this.getAuthorizationEncryptedResponseAlg());
SetterUtils.set(client::setAuthorizationEncryptedResponseEnc, this.getAuthorizationEncryptedResponseEnc());
/* set oauth2 request metadata */
updateScopeSettings(client);
SetterUtils.set(client::setSoftwareId, this.getSoftwareId());
SetterUtils.set(client::setSoftwareVersion, this.getSoftwareVersion());
SetterUtils.set(client::setSoftwareStatement, this.getSoftwareStatement());
/* set client certificate-based authentication */
SetterUtils.safeSet(client::setTlsClientAuthSubjectDn, this.getTlsClientAuthSubjectDn());
SetterUtils.safeSet(client::setTlsClientAuthSanDns, this.getTlsClientAuthSanDns());
SetterUtils.safeSet(client::setTlsClientAuthSanEmail, this.getTlsClientAuthSanEmail());
SetterUtils.safeSet(client::setTlsClientAuthSanIp, this.getTlsClientAuthSanIp());
SetterUtils.safeSet(client::setTlsClientAuthSanUri, this.getTlsClientAuthSanUri());
SetterUtils.safeSet(client::setTlsClientCertificateBoundAccessTokens, this.getTlsClientCertificateBoundAccessTokens());
/* set client require_pushed_authorization_requests : https://datatracker.ietf.org/doc/html/draft-ietf-oauth-par#page-16 */
SetterUtils.safeSet(client::setRequireParRequest, this.getRequireParRequest());
/* set OpenID Connect RP-Initiated Logout metadata */
SetterUtils.safeSet(client::setPostLogoutRedirectUris, this.getPostLogoutRedirectUris());
/* set OpenID Connect Client-Initiated Backchannel Authentication Flow - Client Metadata */
SetterUtils.safeSet(client::setBackchannelTokenDeliveryMode, this.getBackchannelTokenDeliveryMode());
SetterUtils.safeSet(client::setBackchannelUserCodeParameter, this.getBackchannelUserCodeParameter());
SetterUtils.safeSet(client::setBackchannelAuthRequestSignAlg, this.getBackchannelAuthRequestSignAlg());
SetterUtils.safeSet(client::setBackchannelClientNotificationEndpoint, this.getBackchannelClientNotificationEndpoint());
return client;
}
private void updateScopeSettings(Client client) {
if (this.getScope() != null) {
final List currentClientScopeSettings = client.getScopeSettings() == null ? new ArrayList<>() : client.getScopeSettings();
final Optional> scopeSettingsToUpdate = this.getScope().map(scopes -> scopes.stream().map(s -> {
ApplicationScopeSettings newSetting = new ApplicationScopeSettings();
newSetting.setScope(s);
return getScopeSettings(currentClientScopeSettings, s).orElse(newSetting);
}).toList());
SetterUtils.safeSet(client::setScopeSettings, scopeSettingsToUpdate);
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy