Class BackchannelAuthenticationRequest

  • All Implemented Interfaces:
    Serializable

    public class BackchannelAuthenticationRequest
    extends Object
    implements Serializable
    Request to Authlete's /api/backchannel/authentication API.

    When the implementation of the backchannel authentication endpoint of the authorization server receives a backchannel authentication request from a client application, the first step is to call Authlete's /api/backchannel/authentication API. The API will parse the backchannel authentication request on behalf of the implementation of the backchannel authentication endpoint.

    parameters (REQUIRED)

    Parameters of a backchannel authentication request which are the request parameters that the backchannel authentication endpoint of the OpenID provider implementation received from the client application.

    The value of "parameters" is the entire entity body (which is formatted in application/x-www-form-urlencoded) of the request from the client application.

    clientId (OPTIONAL)

    The client ID extracted from Authorization header of the backchannel authentication request from the client application.

    If the backchannel authentication endpoint of the OpenID provider implementation supports Basic Authentication as a means of client authentication, and the request from the client application contained its client ID in Authorization header, the value should be extracted and set to this parameter.

    clientSecret (OPTIONAL)

    The client secret extracted from Authorization header of the backchannel authentication request from the client application.

    If the backchannel authentication endpoint of the OpenID provider implementation supports Basic Authentication as a means of client authentication, and the request from the client application contained its client secret in Authorization header, the value should be extracted and set to this parameter.

    clientCertificate (OPTIONAL)

    The client certification used in the TLS connection between the client application and the backchannel authentication endpoint of the OpenID provider.

    clientCertificatePath (OPTIONAL)

    The client certificate path presented by the client during client authentication. Each element is a string in PEM format.

    oauthClientAttestation (OPTIONAL; Authlete 3.0 onwards)

    The value of the OAuth-Client-Attestation HTTP header, which is defined in the specification of OAuth 2.0 Attestation-Based Client Authentication.

    oauthClientAttestationPop (OPTIONAL; Authlete 3.0 onwards)

    The value of the OAuth-Client-Attestation-PoP HTTP header, which is defined in the specification of OAuth 2.0 Attestation-Based Client Authentication.

    Since:
    2.32
    See Also:
    Serialized Form
    • Constructor Detail

      • BackchannelAuthenticationRequest

        public BackchannelAuthenticationRequest()
    • Method Detail

      • getParameters

        public String getParameters()
        Get the value of parameters which are the request parameters that the backchannel authentication endpoint of the OpenID provider implementation received from the client application.
        Returns:
        Request parameters in application/x-www-form-urlencoded format.
      • setParameters

        public BackchannelAuthenticationRequest setParameters​(String parameters)
        Set the value of parameters which are the request parameters that the backchannel authentication endpoint of the OpenID provider implementation received from the client application.
        Parameters:
        parameters - Request parameters in application/x-www-form-urlencoded format.
        Returns:
        this object.
      • setParameters

        public BackchannelAuthenticationRequest setParameters​(Map<String,​String[]> parameters)
        Set the value of parameters which are the request parameters that the backchannel authentication endpoint of the OpenID provider implementation received from the client application.

        This method converts the given map into a string in application/x-www-form-urlencoded and passes it to setParameters(String) method.

        Parameters:
        parameters - Request parameters.
        Returns:
        this object.
      • getClientId

        public String getClientId()
        Get the client ID extracted from Authorization header of the backchannel authentication request from the client application.
        Returns:
        The client ID.
      • setClientId

        public BackchannelAuthenticationRequest setClientId​(String clientId)
        Set the client ID extracted from Authorization header of the backchannel authentication request from the client application.
        Parameters:
        clientId - The client ID.
        Returns:
        this object.
      • getClientSecret

        public String getClientSecret()
        Get the client secret extracted from Authorization header of the backchannel authentication request from the client application.
        Returns:
        The client secret.
      • setClientSecret

        public BackchannelAuthenticationRequest setClientSecret​(String clientSecret)
        Set the client secret extracted from Authorization header of the backchannel authentication request from the client application.
        Parameters:
        clientSecret - The client secret.
        Returns:
        this object.
      • getClientCertificate

        public String getClientCertificate()
        Get the client certificate used in the TLS connection between the client application and the backchannel authentication endpoint of the OpenID provider.
        Returns:
        The client certificate.
      • setClientCertificate

        public BackchannelAuthenticationRequest setClientCertificate​(String certificate)
        Set the client certificate used in the TLS connection between the client application and the backchannel authentication endpoint of the OpenID provider.
        Parameters:
        certificate - The client certificate
        Returns:
        this object.
      • getClientCertificatePath

        public String[] getClientCertificatePath()
        Get the client certificate path presented by the client during client authentication.
        Returns:
        The client certificate path. Each element is a string in PEM format.
      • setClientCertificatePath

        public BackchannelAuthenticationRequest setClientCertificatePath​(String[] path)
        Set the client certificate path presented by the client during client authentication.
        Parameters:
        path - The client certificate path.
        Returns:
        this object.
      • getOauthClientAttestation

        public String getOauthClientAttestation()
        Get the value of the OAuth-Client-Attestation HTTP header.
        Returns:
        The value of the OAuth-Client-Attestation HTTP header.
        Since:
        4.3, Authlete 3.0
        See Also:
        OAuth 2.0 Attestation-Based Client Authentication
      • getOauthClientAttestationPop

        public String getOauthClientAttestationPop()
        Get the value of the OAuth-Client-Attestation-PoP HTTP header.
        Returns:
        The value of the OAuth-Client-Attestation-PoP HTTP header.
        Since:
        4.3, Authlete 3.0
        See Also:
        OAuth 2.0 Attestation-Based Client Authentication