Package com.authlete.common.dto

Class UserInfoRequest

  • All Implemented Interfaces:
    Serializable
    public class UserInfoRequest
extends Object
implements Serializable
    Request to Authlete's /auth/userinfo API.
    token (REQUIRED)

    An access token to get user information.

    clientCertificate (OPTIONAL)

    The client certificate from the MTLS of the userinfo request from the client application. See RFC 8705 (OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens) for details.

    dpop (OPTIONAL)

    The value of the DPoP HTTP header. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.

    htm (OPTIONAL)

    The HTTP method of the userinfo request. In normal cases, the value should be either "GET" or "POST". See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.

    htu (OPTIONAL)

    The URL of the userinfo endpoint, without query or path components. If omitted, the userInfoEndpoint property of Service is used as the default value. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.

    uri (OPTIONAL; Authlete 2.3 onwards)

    The full URL of the userinfo endpoint. If omitted, the userInfoEndpoint property of Service is used as the default value.

    headers (OPTIONAL; Authlete 2.3 onwards)

    The HTTP headers to be included in processing the signature. If this is a signed request, this must include the Signature and Signature-Input headers, as well as any additional headers covered by the signature.

    message (OPTIONAL; Authlete 2.3 onwards)

    The HTTP message body of the request, if present. If supplied, this is used to validate the value of the Content-Digest header, which must in turn be covered in the HTTP Message Signature.

    dpopNonceRequired (OPTIONAL; Authlete 3.0 onwards)

    The flag indicating whether to require the DPoP proof JWT to include the nonce claim. Even if the service's dpopNonceRequired property is false, calling the /auth/userinfo API with this dpopNonceRequired parameter true will force the Authlete API to check whether the DPoP proof JWT includes the expected nonce value.

    Author:
    Takahiko Kawasaki
    See Also:
    Serialized Form

    • Constructor Detail

      • UserInfoRequest

        public UserInfoRequest()

    • Method Detail

      • getToken

        public String getToken()
        Get the access token which has come along with the userinfo request from the client application.

      • setToken

        public UserInfoRequest setToken​(String token)
        Set the access token which has been issued by Authlete. The access token is the one that has come along with the userinfo request from the client application.

      • getClientCertificate

        public String getClientCertificate()
        Get the client certificate used in the TLS connection established between the client application and the userinfo endpoint.
        Returns:
        The client certificate in PEM format.

      • setClientCertificate

        public UserInfoRequest setClientCertificate​(String certificate)
        Set the client certificate used in the TLS connection established between the client application and the userinfo endpoint.

        The value of this request parameter is referred to when the access token given to the userinfo endpoint was bound to a client certificate when it was issued. See RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens for details about the specification of certificate-bound access tokens.

        Parameters:
        certificate - The client certificate in PEM format.
        Returns:
        this object.
        Since:
        2.37

      • getUri

        public String getUri()
        Get the URL of the userinfo endpoint. This field is used to validate the HTTP Message Signature.

        If this parameter is omitted, the userInfoEndpoint property of the Service is used as the default value.

        Returns:
        The URL of the userinfo endpoint.
        Since:
        3.38, Authlete 2.3

      • setUri

        public UserInfoRequest setUri​(String uri)
        Set the URL of the userinfo endpoint. This field is used to validate the HTTP Message Signature.

        If this parameter is omitted, the userInfoEndpoint property of the Service is used as the default value.

        Parameters:
        uri - The URL of the userinfo endpoint.
        Returns:
        this object.
        Since:
        3.38, Authlete 2.3

      • getHeaders

        public Pair[] getHeaders()
        Get the HTTP headers to be included in processing the signature. If this is a signed request, this must include the Signature and Signature-Input headers, as well as any additional headers covered by the signature.
        Returns:
        The HTTP headers.
        Since:
        3.38, Authlete 2.3

      • setHeaders

        public UserInfoRequest setHeaders​(Pair[] headers)
        Set the HTTP headers to be included in processing the signature. If this is a signed request, this must include the Signature and Signature-Input headers, as well as any additional headers covered by the signature.
        Parameters:
        headers - The HTTP headers.
        Returns:
        this object.
        Since:
        3.38, Authlete 2.3

      • getMessage

        public String getMessage()
        Get the HTTP message body, if present. If provided, this will be used to calculate the expected value of the Content-Digest in the headers of the request covered by the HTTP Message Signature.
        Returns:
        The HTTP message body.
        Since:
        3.38, Authlete 2.3

      • setMessage

        public UserInfoRequest setMessage​(String message)
        Set the HTTP message body, if present. If provided, this will be used to calculate the expected value of the Content-Digest in the headers of the request covered by the HTTP Message Signature.
        Parameters:
        message - The HTTP message body.
        Returns:
        this object.
        Since:
        3.38, Authlete 2.3

      • isDpopNonceRequired

        public boolean isDpopNonceRequired()
        Get the flag indicating whether to check if the DPoP proof JWT includes the expected nonce value.

        If this request parameter is true or if the service's dpopNonceRequired property (Service.isDpopNonceRequired()) is true, the /auth/userinfo API checks if the DPoP proof JWT includes the expected nonce value. In this case, the response from the /auth/userinfo API will include the dpopNonce response parameter, which should be used as the value of the DPoP-Nonce HTTP header.

        Returns:
        true if the /auth/userinfo API checks whether the DPoP proof JWT includes the expected nonce value, even if the service's dpopNonceRequired property is false.
        Since:
        3.82, Authlete 3.0
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)

      • setDpopNonceRequired

        public UserInfoRequest setDpopNonceRequired​(boolean required)
        Set the flag indicating whether to check if the DPoP proof JWT includes the expected nonce value.

        If this request parameter is true or if the service's dpopNonceRequired property (Service.isDpopNonceRequired()) is true, the /auth/userinfo API checks if the DPoP proof JWT includes the expected nonce value. In this case, the response from the /auth/userinfo API will include the dpopNonce response parameter, which should be used as the value of the DPoP-Nonce HTTP header.

        Parameters:
        required - true to have the /auth/userinfo API check whether the DPoP proof JWT includes the expected nonce value, even if the service's dpopNonceRequired property is false.
        Returns:
        this object.
        Since:
        3.82, Authlete 3.0
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)