Package io.micronaut.security.oauth2.client

Interface OpenIdProviderMetadata

All Superinterfaces:
io.micronaut.core.naming.Named
All Known Implementing Classes:
DefaultOpenIdProviderMetadata
public interface OpenIdProviderMetadata extends io.micronaut.core.naming.Named
Metadata describing the configuration of OpenID Providers.
Since:
1.2.0
Author:
Sergio del Amo
See Also:

  • Method Details

    • getIssuer

      @NonNull @NonNull String getIssuer()
      issuer. REQUIRED.
      Returns:
      URL using the https scheme with no query or fragment component that the Open ID Provider asserts as its Issuer Identifier.

    • getAuthorizationEndpoint

      @NonNull @NonNull String getAuthorizationEndpoint()
      authorization_endpoint. REQUIRED.
      Returns:
      URL of the Open ID Provider's OAuth 2.0 Authorization Endpoint

    • getTokenEndpoint

      @NonNull @NonNull String getTokenEndpoint()
      token_endpoint. This is REQUIRED unless only the Implicit Flow is used.
      Returns:
      URL of the Open ID Provider's OAuth 2.0 Token Endpoint

    • getUserinfoEndpoint

      @Nullable @Nullable String getUserinfoEndpoint()
      userinfo_endpoint. RECOMMENDED. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.
      Returns:
      URL of the Open ID Provider's UserInfo Endpoint

    • getJwksUri

      @NonNull @NonNull String getJwksUri()
      jwks_uri. REQUIRED
      Returns:
      URL of the Open ID Provider's JSON Web Key Set

    • getRegistrationEndpoint

      @Nullable @Nullable String getRegistrationEndpoint()
      registration_endpoint. RECOMMENDED
      Returns:
      URL of the Open ID Provider's Dynamic Client Registration Endpoint

    • getScopesSupported

      @Nullable @Nullable List<String> getScopesSupported()
      scopes_supported. RECOMMENDED.
      Returns:
      List of the OAuth 2.0 [RFC6749] scope values that this server supports.

    • getResponseTypesSupported

      @Nullable @Nullable List<String> getResponseTypesSupported()
      response_types_supported. REQUIRED
      Returns:
      List of the OAuth 2.0 response_type values that this Open ID Provider supports.

    • getResponseModesSupported

      @Nullable @Nullable List<String> getResponseModesSupported()
      response_modes_supported. OPTIONAL
      Returns:
      List of the OAuth 2.0 response_mode values that this Open ID Provider supports.

    • getGrantTypesSupported

      @Nullable @Nullable List<String> getGrantTypesSupported()
      grant_types_supported. OPTIONAL
      Returns:
      List of the OAuth 2.0 Grant Type values that this Open ID Provider supports.

    • getAcrValuesSupported

      @Nullable @Nullable List<String> getAcrValuesSupported()
      acr_values_supported. OPTIONAL.
      Returns:
      List of the Authentication Context Class References that this OP supports.

    • getSubjectTypesSupported

      @NonNull @NonNull List<String> getSubjectTypesSupported()
      subject_types_supported. REQUIRED
      Returns:
      List of the Subject Identifier types that this OP supports.

    • getIdTokenSigningAlgValuesSupported

      @NonNull @NonNull List<String> getIdTokenSigningAlgValuesSupported()
      id_token_signing_alg_values_supported REQUIRED.
      Returns:
      List of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].

    • getIdTokenEncryptionEncValuesSupported

      @Nullable @Nullable List<String> getIdTokenEncryptionEncValuesSupported()
      id_token_encryption_enc_values_supported OPTIONAL.
      Returns:
      List of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].

    • getUserInfoEncryptionAlgValuesSupported

      @Deprecated(forRemoval=true) @Nullable @Nullable List<String> getUserInfoEncryptionAlgValuesSupported()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use getUserinfoEncryptionAlgValuesSupported() instead.
      userinfo_encryption_alg_values_supported. OPTIONAL.
      Returns:
      List of the JWE [JWE] encryption algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].

    • getUserinfoEncryptionAlgValuesSupported

      @Nullable default @Nullable List<String> getUserinfoEncryptionAlgValuesSupported()
      userinfo_encryption_alg_values_supported. OPTIONAL.
      Returns:
      List of the JWE [JWE] encryption algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
      Since:
      4.0.2

    • getUserinfoEncryptionEncValuesSupported

      @Nullable @Nullable List<String> getUserinfoEncryptionEncValuesSupported()
      userinfo_encryption_enc_values_supported OPTIONAL.
      Returns:
      List of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].

    • getRequestObjectSigningAlgValuesSupported

      @Nullable @Nullable List<String> getRequestObjectSigningAlgValuesSupported()
      request_object_signing_alg_values_supported. OPTIONAL
      Returns:
      List of the JWS signing algorithms (alg values) supported by the OP for Request Objects.

    • getRequestObjectEncryptionAlgValuesSupported

      @Nullable @Nullable List<String> getRequestObjectEncryptionAlgValuesSupported()
      request_object_encryption_alg_values_supported OPTIONAL.
      Returns:
      list of the JWE encryption algorithms (alg values) supported by the OP for Request Objects.

    • getRequestObjectEncryptionEncValuesSupported

      @Nullable @Nullable List<String> getRequestObjectEncryptionEncValuesSupported()
      request_object_encryption_enc_values_supported OPTIONAL.
      Returns:
      List of the JWE encryption algorithms (enc values) supported by the OP for Request Objects.

    • getTokenEndpointAuthMethodsSupported

      @Nullable @Nullable List<String> getTokenEndpointAuthMethodsSupported()
      token_endpoint_auth_methods_supported OPTIONAL.
      Returns:
      List of Client Authentication methods supported by this Token Endpoint.

    • getTokenEndpointAuthSigningAlgValuesSupported

      @Nullable @Nullable List<String> getTokenEndpointAuthSigningAlgValuesSupported()
      token_endpoint_auth_signing_alg_values_supported OPTIONAL.
      Returns:
      List of the JWS signing algorithms (alg values) supported by the Token Endpoint.

    • getDisplayValuesSupported

      @Nullable @Nullable List<String> getDisplayValuesSupported()
      display_values_supported OPTIONAL.
      Returns:
      List of the display parameter values that the OpenID Provider supports.

    • getClaimTypesSupported

      @Nullable @Nullable List<String> getClaimTypesSupported()
      claim_types_supported OPTIONAL.
      Returns:
      List of the Claim Types that the OpenID Provider supports.

    • getClaimsSupported

      @Nullable @Nullable List<String> getClaimsSupported()
      claims_supported RECOMMENDED.
      Returns:
      List of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for.

    • getServiceDocumentation

      @Nullable @Nullable String getServiceDocumentation()
      service_documentation OPTIONAL.
      Returns:
      URL of a page containing human-readable information that developers might want or need to know when using the OpenID Provider.

    • getClaimsLocalesSupported

      @Nullable @Nullable List<String> getClaimsLocalesSupported()
      claims_locales_supported OPTIONAL.
      Returns:
      Languages and scripts supported for values in Claims

    • getUriLocalesSupported

      @Nullable @Nullable List<String> getUriLocalesSupported()
      ui_locales_supported OPTIONAL.
      Returns:
      Languages and scripts supported for the user interface

    • getClaimsParameterSupported

      @Nullable @Nullable Boolean getClaimsParameterSupported()
      claims_parameter_supported OPTIONAL.
      Returns:
      Boolean value specifying whether the OP supports use of the claims parameter.

    • getRequestParameterSupported

      @Nullable @Nullable Boolean getRequestParameterSupported()
      request_parameter_supported OPTIONAL.
      Returns:
      Boolean value specifying whether the OP supports use of the request parameter, with true indicating support.

    • getRequestUriParameterSupported

      @Nullable @Nullable Boolean getRequestUriParameterSupported()
      request_uri_parameter_supported OPTIONAL.
      Returns:
      Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support.

    • getRequireRequestUriRegistration

      @Nullable @Nullable Boolean getRequireRequestUriRegistration()
      require_request_uri_registration OPTIONAL.
      Returns:
      Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter. Pre-registration is REQUIRED when the value is true. If omitted, the default value is false.

    • getOpPolicyUri

      @Nullable @Nullable String getOpPolicyUri()
      op_policy_uri OPTIONAL.
      Returns:
      URL that the OpenID Provider provides to the person registering the Client to read about the OP's requirements on how the Relying Party can use the data provided by the OP.

    • getOpTosUri

      @Nullable @Nullable String getOpTosUri()
      op_tos_uri. OPTIONAL.
      Returns:
      URL that the OpenID Provider provides to the person registering the Client to read about OpenID Provider's terms of service.

    • getCodeChallengeMethodsSupported

      @Nullable @Nullable List<String> getCodeChallengeMethodsSupported()
      code_challenge_methods_supported.
      Returns:
      List of the supported transformation methods by the authorisation code verifier for Proof Key for Code Exchange (PKCE).

    • getIntrospectionEndpointAuthMethodsSupported

      @Nullable @Nullable List<String> getIntrospectionEndpointAuthMethodsSupported()
      Returns:
      List of Client Authentication methods supported by Introspection Endpoint

    • getRevocationEndpointAuthMethodsSupported

      @Nullable @Nullable List<String> getRevocationEndpointAuthMethodsSupported()
      Returns:
      List of Client Authentication methods supported by Revocation Endpoint

    • getIntrospectionEndpoint

      @Nullable @Nullable String getIntrospectionEndpoint()
      Returns:
      The fully qualified URL of the server's introspection endpoint defined by OAuth Token Introspection [RFC7662]
      See Also:

    • getRevocationEndpoint

      @Nullable @Nullable String getRevocationEndpoint()
      Returns:
      The fully qualified URL of the server's revocation endpoint defined by Oauth Token Revocation.
      See Also:

    • getCheckSessionIframe

      @Nullable @Nullable String getCheckSessionIframe()
      check_session_iframe. REQUIRED
      Returns:
      URL of an OP iframe that supports cross-origin communications for session state information with the RP Client, using the HTML5 postMessage API.

    • getEndSessionEndpoint

      @Nullable @Nullable String getEndSessionEndpoint()
      end_session_endpoint. REQUIRED
      Returns:
      URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.

    • getTokenEndpointAuthMethods

      @NonNull default @NonNull Optional<List<AuthenticationMethod>> getTokenEndpointAuthMethods()