com.authlete.common.dto

Class AuthorizationIssueRequest

java.lang.Object

com.authlete.common.dto.AuthorizationIssueRequest

All Implemented Interfaces:

Serializable

public class AuthorizationIssueRequest
extends Object
implements Serializable

Request to Authlete's /auth/authorization/issue API.

ticket (REQUIRED)

The ticket issued by Authlete's /auth/authorization API to the service implementation. It is the value of "ticket" contained in the response from Authlete's /auth/authorization API (AuthorizationResponse).

subject (CONDITIONALLY REQUIRED)

The subject (= a user account managed by the service) who has granted authorization to the client application. This parameter is required unless the authorization request has come with response_type=none (which means the client application did not request any token to be returned). See "4. None Response Type" in OAuth 2.0 Multiple Response Type Encoding Practices for details about response_type=none.

authTime (OPTIONAL)

The time when the authentication of the end-user occurred.

acr (OPTIONAL)

The Authentication Context Class Reference performed for the end-user authentication.

claims (OPTIONAL)

The claims of the end-user (= pieces of information about the end-user) in JSON format. See OpenID Connect Core 1.0, 5.1. Standard Claims for details about the format.

properties (OPTIONAL)

Extra properties to associate with an access token and/or an authorization code that may be issued by this request. Note that properties parameter is accepted only when Content-Type of the request is application/json, so don't use application/x-www-form-urlencoded if you want to specify properties parameter.

Author:

Takahiko Kawasaki

See Also:

AuthorizationResponse, OpenID Connect Core 1.0, 5.1. Standard Claims, Serialized Form

Constructor Summary

Constructors

Constructor and Description
AuthorizationIssueRequest()

Method Summary

Modifier and Type	Method and Description
String	getAcr() Get the value of "acr" which is the authentication context class reference value which the end-user authentication satisfied.
long	getAuthTime() Get the value of "authTime" which is the time when the authentication of the end-user occurred.
String	getClaims() Get the value of "claims" which is the claims of the subject in JSON format.
Property[]	getProperties() Get the extra properties to associate with an access token and/or an authorization code which will be issued by this request.
String	getSubject() Get the value of "subject" which is the subject (= a user account managed by the service) who has granted authorization to the client application.
String	getTicket() Get the value of "ticket" which is the ticket issued by Authlete's /auth/authorization API to the service implementation.
AuthorizationIssueRequest	setAcr(String acr) Set the value of "acr" which is the authentication context class reference value which the end-user authentication satisfied.
AuthorizationIssueRequest	setAuthTime(long authTime) Set the value of "authTime" which is the time when the authentication of the end-user occurred.
AuthorizationIssueRequest	setClaims(Map<String,Object> claims) Set the value of "claims" which is the claims of the subject.
AuthorizationIssueRequest	setClaims(String claims) Set the value of "claims" which is the claims of the subject in JSON format.
AuthorizationIssueRequest	setProperties(Property[] properties) Set extra properties to associate with an access token and/or an authorization code which will be issued by this request.
AuthorizationIssueRequest	setSubject(String subject) Set the value of "subject" which is the subject (= a user account managed by the service) who has granted authorization to the client application.
AuthorizationIssueRequest	setTicket(String ticket) Set the value of "ticket" which is the ticket issued by Authlete's /auth/authorization API to the service implementation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationIssueRequest

public AuthorizationIssueRequest()

Method Detail

getTicket

public String getTicket()

Get the value of "ticket" which is the ticket issued by Authlete's /auth/authorization API to the service implementation.

Returns:

The ticket.

setTicket

public AuthorizationIssueRequest setTicket(String ticket)

Set the value of "ticket" which is the ticket issued by Authlete's /auth/authorization API to the service implementation.

Parameters:

ticket - The ticket.

Returns:

this object.

getSubject

public String getSubject()

Get the value of "subject" which is the subject (= a user account managed by the service) who has granted authorization to the client application.

Returns:

The subject.

setSubject

public AuthorizationIssueRequest setSubject(String subject)

Set the value of "subject" which is the subject (= a user account managed by the service) who has granted authorization to the client application.

Parameters:

subject - The subject.

Returns:

this object.

getAuthTime

public long getAuthTime()

Get the value of "authTime" which is the time when the authentication of the end-user occurred.

Returns:

The time when the end-user authentication occurred. It is the number of seconds since 1970-01-01.

setAuthTime

public AuthorizationIssueRequest setAuthTime(long authTime)

Set the value of "authTime" which is the time when the authentication of the end-user occurred.

Parameters:

authTime - The time when the end-user authentication occurred. It is the number of seconds since 1970-01-01.

Returns:

this object.

getAcr

public String getAcr()

Get the value of "acr" which is the authentication context class reference value which the end-user authentication satisfied.

Returns:

The authentication context class reference.

setAcr

public AuthorizationIssueRequest setAcr(String acr)

Set the value of "acr" which is the authentication context class reference value which the end-user authentication satisfied.

Parameters:

acr - The authentication context class reference.

Returns:

this object.

getClaims

public String getClaims()

Get the value of "claims" which is the claims of the subject in JSON format.

Returns:

The claims of the subject in JSON format. See the description of setClaims(String) for details about the format.

See Also:

setClaims(String)

setClaims

public AuthorizationIssueRequest setClaims(String claims)

Set the value of "claims" which is the claims of the subject in JSON format.

The service implementation is required to retrieve claims of the subject (= information about the end-user) from its database and format them in JSON format.

For example, if "given_name" claim, "family_name" claim and "email" claim are requested, the service implementation should generate a JSON object like the following:

 {
   "given_name": "Takahiko",
   "family_name": "Kawasaki",
   "email": "takahiko.kawasaki@example.com"
 }
 

and set its String representation by this method.

See OpenID Connect Core 1.0, 5.1. Standard Claims for further details about the format.

Parameters:

claims - The claims of the subject in JSON format.

Returns:

this object.

See Also:

OpenID Connect Core 1.0, 5.1. Standard Claims

setClaims

public AuthorizationIssueRequest setClaims(Map<String,Object> claims)

Set the value of "claims" which is the claims of the subject. The argument is converted into a JSON string and passed to setClaims(String) method.

Parameters:

claims - The claims of the subject. Keys are claim names.

Returns:

this object.

Since:

1.24

getProperties

public Property[] getProperties()

Get the extra properties to associate with an access token and/or an authorization code which will be issued by this request.

Returns:

Extra properties.

Since:

1.30

setProperties

public AuthorizationIssueRequest setProperties(Property[] properties)

Set extra properties to associate with an access token and/or an authorization code which will be issued by this request.

Keys of extra properties will be used as labels of top-level entries in a JSON response containing an access token which is returned from an authorization server. An example is example_parameter, which you can find in 5.1. Successful Response in RFC 6749. The following code snippet is an example to set one extra property having example_parameter as its key and example_value as its value.

 Property[] properties = { new Property("example_parameter", "example_value") };
 request.setProperties(properties);
 

Keys listed below should not be used and they would be ignored on the server side even if they were used. It's because they are reserved in RFC 6749 and OpenID Connect Core 1.0.

• access_token
• token_type
• expires_in
• refresh_token
• scope
• error
• error_description
• error_uri
• id_token

Note that there is an upper limit on the total size of extra properties. On the server side, the properties will be (1) converted to JSON, (2) encrypted by AES/CBC/PKCS5Padding, (3) encoded by base64url, and then stored into the database. The length of the resultant string must not exceed 65,535 in bytes. This is the upper limit, but we think it is big enough.

Parameters:

properties - Extra properties.

Returns:

this object.

Since:

1.30