public class Client extends Object implements Serializable
Some properties correspond to the ones listed in Client Metadata in OpenID Connect Dynamic Client Registration 1.0.
Constructor and Description |
---|
Client() |
Modifier and Type | Method and Description |
---|---|
ApplicationType |
getApplicationType()
Get the application type.
|
Pair[] |
getAttributes()
Get attributes.
|
String[] |
getAuthorizationDetailsTypes()
Get the authorization details types that this client may use as values
of the
"type" field in "authorization_details" . |
JWEAlg |
getAuthorizationEncryptionAlg()
Get the JWE
alg algorithm for encrypting authorization responses. |
JWEEnc |
getAuthorizationEncryptionEnc()
Get the JWE
enc algorithm for encrypting authorization responses. |
JWSAlg |
getAuthorizationSignAlg()
Get the JWS
alg algorithm for signing authorization responses. |
DeliveryMode |
getBcDeliveryMode()
Get the backchannel token delivery mode.
|
URI |
getBcNotificationEndpoint()
Get the backchannel client notification endpoint.
|
JWSAlg |
getBcRequestSignAlg()
Get the signature algorithm of the request to the backchannel
authentication endpoint.
|
long |
getClientId()
Get the client ID.
|
String |
getClientIdAlias()
Get the alias of the client ID.
|
String |
getClientName()
Get the client name.
|
TaggedValue[] |
getClientNames()
Get the client names each of which has a language tag.
|
String |
getClientSecret()
Get the client secret.
|
ClientType |
getClientType()
Get the client type.
|
URI |
getClientUri()
Get the URI of the home page.
|
TaggedValue[] |
getClientUris()
Get the URIs of the home pages for specific languages.
|
String[] |
getContacts()
Get the email addresses of contacts.
|
long |
getCreatedAt()
Get the time at which this client was created.
|
String |
getCustomMetadata()
Get the custom client metadata in JSON format.
|
String[] |
getDefaultAcrs()
Get the default list of authentication context class references.
|
int |
getDefaultMaxAge()
Get the default value of the maximum authentication age in seconds.
|
String |
getDerivedSectorIdentifier()
Get the sector identifier host component as derived from either the
sector_identifier_uri or the registered redirect_uri . |
String |
getDescription()
Get the description.
|
TaggedValue[] |
getDescriptions()
Get the descriptions for specific languages.
|
String |
getDeveloper()
Get the unique ID of the developer of this client application.
|
String |
getDigestAlgorithm()
Get the digest algorithm that this client requests the server to use
when it computes digest values of external attachments, which may be referenced from within ID tokens
or userinfo responses (or any place that can have the
verified_claims claim). |
ClientExtension |
getExtension()
Get the extended information about this client.
|
GrantType[] |
getGrantTypes()
Get
grant_type values that the client is declaring
that it will restrict itself to using. |
JWEAlg |
getIdTokenEncryptionAlg()
Get the JWE
alg algorithm for encrypting the ID token
issued to this client. |
JWEEnc |
getIdTokenEncryptionEnc()
Get the JWE
enc algorithm for encrypting the ID token
issued to this client. |
JWSAlg |
getIdTokenSignAlg()
Get the JWS
alg algorithm for signing the ID token
issued to this client. |
String |
getJwks()
Get the JSON Web Key Set.
|
URI |
getJwksUri()
Get the URI of the JSON Web Key Set of the client application.
|
URI |
getLoginUri()
Get the URL that can initiate a login for this client application.
|
URI |
getLogoUri()
Get the URI of the logo image.
|
TaggedValue[] |
getLogoUris()
Get the logo URIs each of which has a language tag.
|
long |
getModifiedAt()
Get the time at which this client was last modified.
|
int |
getNumber()
Get the client number.
|
URI |
getPolicyUri()
Get the URI of the policy page which describes how
the client application uses the profile data of the
end-user.
|
TaggedValue[] |
getPolicyUris()
Get the URIs of the policy pages for specific languages.
|
String[] |
getRedirectUris()
Get the redirect URIs.
|
String |
getRegistrationAccessTokenHash()
Get the hash of the registration access token for this client.
|
JWEAlg |
getRequestEncryptionAlg()
Get the JWE
alg algorithm for encrypting request objects. |
JWEEnc |
getRequestEncryptionEnc()
Get the JWE
enc algorithm for encrypting request objects. |
JWSAlg |
getRequestSignAlg()
Get the JWS
alg algorithm for signing request objects. |
String[] |
getRequestUris()
Get the request URIs that this client declares it may use.
|
ResponseType[] |
getResponseTypes()
Get
response_type values that the client is declaring
that it will restrict itself to using. |
URI |
getSectorIdentifier()
Deprecated.
Since Authlete 2.2. Use
getSectorIdentifierUri() instead. |
URI |
getSectorIdentifierUri()
Get the value of the sector identifier URI.
|
String |
getSelfSignedCertificateKeyId()
Get the key ID of a JWK containing a self-signed certificate of this client.
|
int |
getServiceNumber()
Get the number of the service which this client belongs to.
|
String |
getSoftwareId()
Get the unique identifier string assigned by the client developer or
software publisher used by registration endpoints to identify the client
software to be dynamically registered.
|
String |
getSoftwareVersion()
Get the version identifier string for the client software identified by
the software ID.
|
SubjectType |
getSubjectType()
Get the subject type that this client application requests.
|
String |
getTlsClientAuthSanDns()
Get the string representation of the expected DNS subject
alternative name of the certificate this client will
use in mutual TLS authentication.
|
String |
getTlsClientAuthSanEmail()
Get the string representation of the expected email address
subject alternative name of the certificate this client will
use in mutual TLS authentication.
|
String |
getTlsClientAuthSanIp()
Get the string representation of the expected IP address
subject alternative name of the certificate this client will
use in mutual TLS authentication.
|
URI |
getTlsClientAuthSanUri()
Get the string representation of the expected URI subject
alternative name of the certificate this client will
use in mutual TLS authentication.
|
String |
getTlsClientAuthSubjectDn()
Get the string representation of the expected subject
distinguished name of the certificate this client will
use in mutual TLS authentication.
|
ClientAuthMethod |
getTokenAuthMethod()
Get the client authentication method for the token endpoint.
|
JWSAlg |
getTokenAuthSignAlg()
Get the JWS
alg algorithm for signing the JWT used to
authenticate the client at the token endpoint. |
URI |
getTosUri()
Get the URI of the "Terms Of Service" page.
|
TaggedValue[] |
getTosUris()
Get the URIs of the "Terms Of Service" pages for specific languages.
|
JWEAlg |
getUserInfoEncryptionAlg()
Get the JWE
alg algorithm for encrypting UserInfo responses. |
JWEEnc |
getUserInfoEncryptionEnc()
Get the JWE
enc algorithm for encrypting UserInfo responses. |
JWSAlg |
getUserInfoSignAlg()
Get the JWS
alg algorithm for signing UserInfo responses. |
boolean |
isAuthTimeRequired()
Get the flag which indicates whether this client requires
auth_time
claim to be embedded in the ID token. |
boolean |
isBcUserCodeRequired()
Get the boolean flag which indicates whether a user code is required
when this client makes a backchannel authentication request.
|
boolean |
isClientIdAliasEnabled()
Get the flag which indicates whether the client ID alias
is enabled or not.
|
boolean |
isDynamicallyRegistered()
Get the flag which indicates whether this client has been registered dynamically.
|
boolean |
isFrontChannelRequestObjectEncryptionRequired()
Get the flag indicating whether encryption of request object is required
when the request object is passed through the front channel.
|
boolean |
isParRequired()
Get the flag indicating whether this client is required to use the
pushed authorization request endpoint.
|
boolean |
isPkceRequired()
Get the flag indicating whether PKCE (RFC 7636) is required
whenever this client makes an authorization request by the authorization
code flow.
|
boolean |
isPkceS256Required()
Get the flag indicating whether
S256 must be used as the code
challenge method whenever this client uses PKCE (RFC 7636). |
boolean |
isRequestObjectEncryptionAlgMatchRequired()
Get the flag indicating whether the JWE
alg of encrypted request
object must match the request_object_encryption_alg client metadata. |
boolean |
isRequestObjectEncryptionEncMatchRequired()
Get the flag indicating whether the JWE
enc of encrypted request
object must match the request_object_encryption_enc client metadata. |
boolean |
isRequestObjectRequired()
Get the flag indicating whether authorization requests from this client
are always required to utilize a request object by using either
request or request_uri request parameter. |
boolean |
isSingleAccessTokenPerSubject()
Get the flag which indicates whether the number of access tokens
per subject (and per client) is at most one or can be more.
|
boolean |
isTlsClientCertificateBoundAccessTokens()
Does this client use TLS client certificate bound access tokens?
|
Client |
loadAttributes(Iterable<Pair> attributes)
Load attributes from an iterable.
|
Client |
setApplicationType(ApplicationType applicationType)
Set the application type.
|
Client |
setAttributes(Pair[] attributes)
Set attributes.
|
Client |
setAuthorizationDetailsTypes(String[] types)
Set the authorization details types that this client may use as values
of the
"type" field in "authorization_details" . |
Client |
setAuthorizationEncryptionAlg(JWEAlg alg)
Set the JWE
alg algorithm for encrypting authorization responses. |
Client |
setAuthorizationEncryptionEnc(JWEEnc enc)
Set the JWE
enc algorithm for encrypting authorization responses. |
Client |
setAuthorizationSignAlg(JWSAlg alg)
Set the JWS
alg algorithm for signing authorization responses. |
Client |
setAuthTimeRequired(boolean required)
Set the flag which indicates whether this client requires
auth_time
claim to be embedded in the ID token. |
Client |
setBcDeliveryMode(DeliveryMode mode)
Set the backchannel token delivery mode.
|
Client |
setBcNotificationEndpoint(URI endpoint)
Set the backchannel client notification endpoint.
|
Client |
setBcRequestSignAlg(JWSAlg alg)
Set the signature algorithm of the request to the backchannel
authentication endpoint.
|
Client |
setBcUserCodeRequired(boolean required)
Set the boolean flag which indicates whether a user code is required
when this client makes a backchannel authentication request.
|
Client |
setClientId(long clientId)
Set the client ID.
|
Client |
setClientIdAlias(String alias)
Set the alias of the client ID.
|
Client |
setClientIdAliasEnabled(boolean enabled)
Enable/disable the client ID alias.
|
Client |
setClientName(String clientName)
Set the client name.
|
Client |
setClientNames(TaggedValue[] clientNames)
Set the client names each of which has a language tag.
|
Client |
setClientSecret(String clientSecret)
Set the client secret.
|
Client |
setClientType(ClientType clientType)
Set the client type.
|
Client |
setClientUri(URI uri)
Set the URI of the home page.
|
Client |
setClientUris(TaggedValue[] uris)
Set the URIs of the home pages for specific languages.
|
Client |
setContacts(String[] contacts)
Set the email addresses of contacts.
|
Client |
setCreatedAt(long createdAt)
Set the time at which this client was created.
|
Client |
setCustomMetadata(String metadata)
Set the custom client metadata in JSON format.
|
Client |
setDefaultAcrs(String[] defaultAcrs)
Set the default list of authentication context class references.
|
Client |
setDefaultMaxAge(int defaultMaxAge)
Set the default value of the maximum authentication age in seconds.
|
Client |
setDerivedSectorIdentifier(String derivedSectorIdentifier)
Set the sector identifier host component as derived from either the
sector_identifier_uri or the registered redirect_uri . |
Client |
setDescription(String description)
Set the description.
|
Client |
setDescriptions(TaggedValue[] descriptions)
Set the descriptions for specific languages.
|
Client |
setDeveloper(String developer)
Set the unique ID of the developer of this client application.
|
Client |
setDigestAlgorithm(String algorithm)
Set the digest algorithm that this client requests the server to use
when it computes digest values of external attachments, which may be referenced from within ID tokens
or userinfo responses (or any place that can have the
verified_claims claim). |
Client |
setDynamicallyRegistered(boolean dynamicallyRegistered)
Set the flag which indicates whether this client has been registered dynamically.
|
Client |
setExtension(ClientExtension extension)
Set the extended information about this client.
|
Client |
setFrontChannelRequestObjectEncryptionRequired(boolean required)
Set the flag indicating whether encryption of request object is required
when the request object is passed through the front channel.
|
Client |
setGrantTypes(GrantType[] grantTypes)
Set
grant_type values that the client is declaring
that it will restrict itself to using. |
Client |
setIdTokenEncryptionAlg(JWEAlg alg)
Set the JWE
alg algorithm for encrypting the ID token
issued to this client. |
Client |
setIdTokenEncryptionEnc(JWEEnc enc)
Set the JWE
enc algorithm for encrypting the ID token
issued to this client. |
Client |
setIdTokenSignAlg(JWSAlg alg)
Set the JWS
alg algorithm for signing the ID token
issued to this client. |
Client |
setJwks(String jwks)
Set the JSON Web Key Set.
|
Client |
setJwksUri(URI uri)
Set the URI of the JSON Web Key Set of the client application.
|
Client |
setLoginUri(URI uri)
Set the URL that can initiate a login for this client application.
|
Client |
setLogoUri(URI uri)
Set the URI of the logo image.
|
Client |
setLogoUris(TaggedValue[] uris)
Set the logo URIs each of which has a language tag.
|
Client |
setModifiedAt(long modifiedAt)
Set the time at which this client was last modified.
|
Client |
setNumber(int number)
Set the client number.
|
Client |
setParRequired(boolean required)
Set the flag indicating whether this client is required to use the
pushed authorization request endpoint.
|
Client |
setPkceRequired(boolean required)
Set the flag indicating whether PKCE (RFC 7636) is required
whenever this client makes an authorization request by the authorization
code flow.
|
Client |
setPkceS256Required(boolean required)
Set the flag indicating whether
S256 must be used as the code
challenge method whenever this client uses PKCE (RFC 7636). |
Client |
setPolicyUri(URI uri)
Set the URI of the policy page which describes how
the client application uses the profile data of the
end-user.
|
Client |
setPolicyUris(TaggedValue[] uris)
Set the URIs of the policy pages for specific languages.
|
Client |
setRedirectUris(String[] uris)
Set the redirect URIs.
|
Client |
setRegistrationAccessTokenHash(String registrationAccessToken)
Set the hash of the registration access token for this client.
|
Client |
setRequestEncryptionAlg(JWEAlg alg)
Set the JWE
alg algorithm for encrypting request objects. |
Client |
setRequestEncryptionEnc(JWEEnc enc)
Set the JWE
enc algorithm for encrypting request objects. |
Client |
setRequestObjectEncryptionAlgMatchRequired(boolean required)
Set the flag indicating whether the JWE
alg of encrypted request
object must match the request_object_encryption_alg client metadata. |
Client |
setRequestObjectEncryptionEncMatchRequired(boolean required)
Set the flag indicating whether the JWE
enc of encrypted request
object must match the request_object_encryption_enc client metadata. |
Client |
setRequestObjectRequired(boolean required)
Set the flag indicating whether authorization requests from this client
are always required to utilize a request object by using either
request or request_uri request parameter. |
Client |
setRequestSignAlg(JWSAlg alg)
Set the JWS
alg algorithm for signing request objects. |
Client |
setRequestUris(String[] uris)
Set the request URIs that this client declares it may use.
|
Client |
setResponseTypes(ResponseType[] responseTypes)
Set
response_type values that the client is declaring
that it will restrict itself to using. |
Client |
setSectorIdentifier(URI sectorIdentifier)
Deprecated.
Since Authlete 2.2. Use
setSectorIdentifierUri(URI) instead. |
Client |
setSectorIdentifierUri(URI uri)
Set the value of the sector identifier URI.
|
Client |
setSelfSignedCertificateKeyId(String keyId)
Set the key ID of a JWK containing a self-signed certificate of this client.
|
Client |
setServiceNumber(int number)
Set the number of the service which this client belongs to.
|
Client |
setSingleAccessTokenPerSubject(boolean single)
Set the flag which indicates whether the number of access tokens
per subject (and per client) is at most one or can be more.
|
Client |
setSoftwareId(String softwareId)
Set a unique identifier string assigned by the client developer or
software publisher used by registration endpoints to identify the client
software to be dynamically registered.
|
Client |
setSoftwareVersion(String softwareVersion)
Set a version identifier string for the client software identified by
the software ID.
|
Client |
setSubjectType(SubjectType subjectType)
Set the subject type that this client application requests.
|
Client |
setTlsClientAuthSanDns(String tlsClientAuthSanDns)
Set the string representation of the expected DNS subject
alternative name of the certificate this client will
use in mutual TLS authentication.
|
Client |
setTlsClientAuthSanEmail(String tlsClientAuthSanEmail)
Set the string representation of the expected email address
subject alternative name of the certificate this client will
use in mutual TLS authentication.
|
Client |
setTlsClientAuthSanIp(String tlsClientAuthSanIp)
Set the string representation of the expected IP address
subject alternative name of the certificate this client will
use in mutual TLS authentication.
|
Client |
setTlsClientAuthSanUri(URI tlsClientAuthSanUri)
Set the string representation of the expected URI subject
alternative name of the certificate this client will
use in mutual TLS authentication.
|
Client |
setTlsClientAuthSubjectDn(String name)
Set the string representation of the expected subject
distinguished name of the certificate this client will
use in mutual TLS authentication.
|
Client |
setTlsClientCertificateBoundAccessTokens(boolean use)
Set whether this client uses TLS client certificate bound access tokens
or not.
|
Client |
setTokenAuthMethod(ClientAuthMethod method)
Set the client authentication method for the token endpoint.
|
Client |
setTokenAuthSignAlg(JWSAlg alg)
Set the JWS
alg algorithm for signing the JWT used to
authenticate the client at the token endpoint. |
Client |
setTosUri(URI uri)
Set the URI of the "Terms Of Service" page.
|
Client |
setTosUris(TaggedValue[] uris)
Set the URIs of the "Terms Of Service" pages for specific languages.
|
Client |
setUserInfoEncryptionAlg(JWEAlg alg)
Set the JWE
alg algorithm for encrypting UserInfo responses. |
Client |
setUserInfoEncryptionEnc(JWEEnc enc)
Set the JWE
enc algorithm for encrypting UserInfo responses. |
Client |
setUserInfoSignAlg(JWSAlg alg)
Set the JWS
alg algorithm for signing UserInfo responses. |
public int getNumber()
public Client setNumber(int number)
number
- The client number.this
object.public int getServiceNumber()
public Client setServiceNumber(int number)
number
- The service number.this
object.public String getDeveloper()
public Client setDeveloper(String developer)
developer
- The developer unique ID.this
object.public long getClientId()
public Client setClientId(long clientId)
clientId
- The client ID.this
object.public String getClientIdAlias()
Note that the client ID alias is recognized only when this
client's clientIdAliasEnabled
property is true
AND the service
's clientIdAliasEnabled
property is also true
.
null
.public Client setClientIdAlias(String alias)
Note that the client ID alias is recognized only when this
client's clientIdAliasEnabled
property is true
AND the service
's clientIdAliasEnabled
property is also true
.
alias
- The alias of the client ID.this
object.public boolean isClientIdAliasEnabled()
Note that Service
class also has
clientIdAliasEnabled
property. If the service's
clientIdAliasEnabled
property is false
,
the client ID alias of this client is not recognized even
if this client's clientIdAliasEnabled
property is
true
.
true
if the client ID alias is enabled.public Client setClientIdAliasEnabled(boolean enabled)
Note that Service
class also has
clientIdAliasEnabled
property. If the service's
clientIdAliasEnabled
property is false
,
the client ID alias of this client is not recognized even
if this client's clientIdAliasEnabled
property is
true
.
enabled
- true
to enable the client ID alias.
false
to disable it.this
object.public String getClientSecret()
public Client setClientSecret(String clientSecret)
clientSecret
- The client secret.this
object.public ClientType getClientType()
public Client setClientType(ClientType clientType)
clientType
- The client type.this
object.public String[] getRedirectUris()
public Client setRedirectUris(String[] uris)
uris
- The redirect URIs.this
object.public ResponseType[] getResponseTypes()
response_type
values that the client is declaring
that it will restrict itself to using.public Client setResponseTypes(ResponseType[] responseTypes)
response_type
values that the client is declaring
that it will restrict itself to using.responseTypes
- The response types.this
object.public GrantType[] getGrantTypes()
grant_type
values that the client is declaring
that it will restrict itself to using.public Client setGrantTypes(GrantType[] grantTypes)
grant_type
values that the client is declaring
that it will restrict itself to using.grantTypes
- The grant types.this
object.public ApplicationType getApplicationType()
public Client setApplicationType(ApplicationType applicationType)
applicationType
- The application type.this
object.public String[] getContacts()
public Client setContacts(String[] contacts)
contacts
- Email addresses of contacts.this
object.public String getClientName()
public Client setClientName(String clientName)
clientName
- The client name.this
object.public TaggedValue[] getClientNames()
public Client setClientNames(TaggedValue[] clientNames)
clientNames
- The client names.this
object.public URI getLogoUri()
public Client setLogoUri(URI uri)
uri
- The URI of the logo image.this
object.public TaggedValue[] getLogoUris()
public Client setLogoUris(TaggedValue[] uris)
uris
- The logo URIs.this
object.public URI getClientUri()
public Client setClientUri(URI uri)
uri
- The URI of the home page.this
object.public TaggedValue[] getClientUris()
public Client setClientUris(TaggedValue[] uris)
uris
- The URIs of the home page for specific languages.this
object.public URI getPolicyUri()
public Client setPolicyUri(URI uri)
uri
- The URI of the policy page.this
object.public TaggedValue[] getPolicyUris()
public Client setPolicyUris(TaggedValue[] uris)
uris
- The URIs of the policy pages for specific languages.this
object.public URI getTosUri()
public Client setTosUri(URI uri)
uri
- The URI of the "Terms Of Service" page.this
object.public TaggedValue[] getTosUris()
public Client setTosUris(TaggedValue[] uris)
uris
- The URIs of the "Terms Of Service" pages for specific languages.this
object.public URI getJwksUri()
public Client setJwksUri(URI uri)
uri
- The URI of the JSON Web Key Set of the client application.this
object.public String getJwks()
public Client setJwks(String jwks)
jwks
- The JSON Web Key Set.this
object.@Deprecated public URI getSectorIdentifier()
getSectorIdentifierUri()
instead.@Deprecated public Client setSectorIdentifier(URI sectorIdentifier)
setSectorIdentifierUri(URI)
instead.sectorIdentifier
- The sector identifier.this
object.public URI getSectorIdentifierUri()
This represents the sector_identifier_uri
client metadata which
is defined in 2. Client Metadata of OpenID Connect
Dynamic Client Registration 1.0.
public Client setSectorIdentifierUri(URI uri)
This represents the sector_identifier_uri
client metadata which
is defined in 2. Client Metadata of OpenID Connect
Dynamic Client Registration 1.0.
uri
- The sector identifier URI.this
object.public String getDerivedSectorIdentifier()
sector_identifier_uri
or the registered redirect_uri
.
If no sector_identifier_uri
is registered and multiple
redirect_uri
s are also registered, this value is undefined
and the field returns null
.null
otherwise.public Client setDerivedSectorIdentifier(String derivedSectorIdentifier)
sector_identifier_uri
or the registered redirect_uri
.
If no sector_identifier_uri
is registered and multiple
redirect_uri
s are also registered, this value is undefined
and the field is null
.derivedSectorIdentifier
- The derived sector identifier, if available, or null
otherwise.this
object.public SubjectType getSubjectType()
public Client setSubjectType(SubjectType subjectType)
subjectType
- The subject type.this
object.public JWSAlg getIdTokenSignAlg()
alg
algorithm for signing the ID token
issued to this client. This property corresponds to
id_token_signed_response_alg
in Client Metadata.alg
algorithm for signing the ID
token issued to this client.public Client setIdTokenSignAlg(JWSAlg alg)
alg
algorithm for signing the ID token
issued to this client. This property corresponds to
id_token_signed_response_alg
in Client Metadata.alg
- The JWS alg
algorithm for signing the
ID token issued to this client.this
object.public JWEAlg getIdTokenEncryptionAlg()
alg
algorithm for encrypting the ID token
issued to this client. This property corresponds to
id_token_encrypted_response_alg
in Client Metadata.alg
algorithm for encrypting the
ID token issued to this client.public Client setIdTokenEncryptionAlg(JWEAlg alg)
alg
algorithm for encrypting the ID token
issued to this client. This property corresponds to
id_token_encrypted_response_alg
in Client Metadata.alg
- The JWE alg
algorithm for encrypting the
ID token issued to this client.this
object.public JWEEnc getIdTokenEncryptionEnc()
enc
algorithm for encrypting the ID token
issued to this client. This property corresponds to
id_token_encrypted_response_enc
in Client Metadata.enc
algorithm for encrypting the
ID token issued to this client.public Client setIdTokenEncryptionEnc(JWEEnc enc)
enc
algorithm for encrypting the ID token
issued to this client. This property corresponds to
id_token_encrypted_response_enc
in Client Metadata.enc
- The JWE enc
algorithm for encrypting the
ID token issued to this client.this
object.public JWSAlg getUserInfoSignAlg()
alg
algorithm for signing UserInfo responses.
This property corresponds to userinfo_signed_response_alg
in Client Metadata.alg
algorithm for signing UserInfo responses.public Client setUserInfoSignAlg(JWSAlg alg)
alg
algorithm for signing UserInfo responses.
This property corresponds to userinfo_signed_response_alg
in Client Metadata.alg
- The JWS alg
algorithm for signing UserInfo responses.this
object.public JWEAlg getUserInfoEncryptionAlg()
alg
algorithm for encrypting UserInfo responses.
This property corresponds to userinfo_encrypted_response_alg
in Client Metadata.alg
algorithm for encrypting UserInfo responses.public Client setUserInfoEncryptionAlg(JWEAlg alg)
alg
algorithm for encrypting UserInfo responses.
This property corresponds to userinfo_encrypted_response_alg
in Client Metadata.alg
- The JWE alg
algorithm for encrypting UserInfo responses.this
object.public JWEEnc getUserInfoEncryptionEnc()
enc
algorithm for encrypting UserInfo responses.
This property corresponds to userinfo_encrypted_response_enc
in Client Metadata.enc
algorithm for encrypting UserInfo responses.public Client setUserInfoEncryptionEnc(JWEEnc enc)
enc
algorithm for encrypting UserInfo responses.
This property corresponds to userinfo_encrypted_response_enc
in Client Metadata.enc
- The JWE enc
algorithm for encrypting UserInfo responses.this
object.public JWSAlg getRequestSignAlg()
alg
algorithm for signing request objects.
This property corresponds to request_object_signing_alg
in Client Metadata.alg
algorithm for signing request objects.public Client setRequestSignAlg(JWSAlg alg)
alg
algorithm for signing request objects.
This property corresponds to request_object_signing_alg
in Client Metadata.alg
- The JWS alg
algorithm for signing request objects.this
object.public JWEAlg getRequestEncryptionAlg()
alg
algorithm for encrypting request objects.
This property corresponds to request_object_encryption_alg
in Client Metadata.alg
algorithm for encrypting request objects.public Client setRequestEncryptionAlg(JWEAlg alg)
alg
algorithm for encrypting request objects.
This property corresponds to request_object_encryption_alg
in Client Metadata.alg
- The JWE alg
algorithm for encrypting request objects.this
object.public JWEEnc getRequestEncryptionEnc()
enc
algorithm for encrypting request objects.
This property corresponds to request_object_encryption_enc
in Client Metadata.enc
algorithm for encrypting request objects.public Client setRequestEncryptionEnc(JWEEnc enc)
enc
algorithm for encrypting request objects.
This property corresponds to request_object_encryption_enc
in Client Metadata.enc
- The JWE enc
algorithm for encrypting request objects.this
object.public ClientAuthMethod getTokenAuthMethod()
token_endpoint_auth_method
in Client Metadata.public Client setTokenAuthMethod(ClientAuthMethod method)
token_endpoint_auth_method
in Client Metadata.method
- The client authentication method for the token endpoint.this
object.public JWSAlg getTokenAuthSignAlg()
alg
algorithm for signing the JWT used to
authenticate the client at the token endpoint. This property corresponds
to token_endpoint_auth_signing_alg
in Client Metadata.alg
algorithm for signing the JWT used to
authenticate the client at the token endpoint.public Client setTokenAuthSignAlg(JWSAlg alg)
alg
algorithm for signing the JWT used to
authenticate the client at the token endpoint. This property corresponds
to token_endpoint_auth_signing_alg
in Client Metadata.alg
- The JWS alg
algorithm for signing the JWT used to
authenticate the client at the token endpoint.this
object.public int getDefaultMaxAge()
default_max_age
in Client Metadata.public Client setDefaultMaxAge(int defaultMaxAge)
default_max_age
in Client Metadata.
This value is used when the request from the client application does
not contain the max_age
request parameter.
defaultMaxAge
- The default value of the maximum authentication age in seconds.
0 means that no default value is set.this
object.public boolean isAuthTimeRequired()
auth_time
claim to be embedded in the ID token. This property corresponds to
require_auth_time
in Client Metadata.auth_time
claim to be embedded in the ID token.public Client setAuthTimeRequired(boolean required)
auth_time
claim to be embedded in the ID token. This property corresponds to
require_auth_time
in Client Metadata.required
- The flag which indicates whether this client requires auth_time
claim to be embedded in the ID token.this
object.public String[] getDefaultAcrs()
default_acr_values
in Client Metadata.public Client setDefaultAcrs(String[] defaultAcrs)
default_max_age
in Client Metadata.
This value is used when the request from the client application does
not contain the acr_values
request parameter.
defaultAcrs
- The default list of authentication context class references.this
object.public URI getLoginUri()
initiate_login_uri
in Client Metadata.public Client setLoginUri(URI uri)
initiate_login_uri
in Client Metadata.uri
- The URL that can initiate a login for this client application.this
object.public String[] getRequestUris()
request_uris
in Client Metadata.public Client setRequestUris(String[] uris)
request_uris
in Client Metadata.uris
- The request URIs that this client declares it may use.this
object.public String getDescription()
public Client setDescription(String description)
description
- The description.this
object.public TaggedValue[] getDescriptions()
public Client setDescriptions(TaggedValue[] descriptions)
descriptions
- The descriptions for specific languages.this
object.public long getCreatedAt()
public Client setCreatedAt(long createdAt)
createdAt
- The time at which this client was created.this
object.public long getModifiedAt()
public Client setModifiedAt(long modifiedAt)
modifiedAt
- The time at which this client was modified.this
object.public ClientExtension getExtension()
public Client setExtension(ClientExtension extension)
extension
- The extended information about this client.this
object.public String getTlsClientAuthSubjectDn()
See tls_client_auth_subject_dn
in "2.3. Dynamic
Client Registration" in "Mutual TLS Profiles for
OAuth Clients" for details.
public Client setTlsClientAuthSubjectDn(String name)
See tls_client_auth_subject_dn
in "2.3. Dynamic
Client Registration" in "Mutual TLS Profiles for
OAuth Clients" for details.
name
- The expected subject distinguished name of the
client certificate.this
object.public String getTlsClientAuthSanDns()
See tls_client_auth_san_dns
in "2.3. Dynamic
Client Registration" in "Mutual TLS Profiles for
OAuth Clients" for details.
public Client setTlsClientAuthSanDns(String tlsClientAuthSanDns)
See tls_client_auth_san_dns
in "2.3. Dynamic
Client Registration" in "Mutual TLS Profiles for
OAuth Clients" for details.
name
- The expected DNS subject alternative name of the
client certificate.this
object.public URI getTlsClientAuthSanUri()
See tls_client_auth_san_uri
in "2.3. Dynamic
Client Registration" in "Mutual TLS Profiles for
OAuth Clients" for details.
public Client setTlsClientAuthSanUri(URI tlsClientAuthSanUri)
See tls_client_auth_san_uri
in "2.3. Dynamic
Client Registration" in "Mutual TLS Profiles for
OAuth Clients" for details.
name
- The expected URI subject alternative name of the
client certificate.this
object.public String getTlsClientAuthSanIp()
See tls_client_auth_san_ip
in "2.3. Dynamic
Client Registration" in "Mutual TLS Profiles for
OAuth Clients" for details.
public Client setTlsClientAuthSanIp(String tlsClientAuthSanIp)
See tls_client_auth_san_ip
in "2.3. Dynamic
Client Registration" in "Mutual TLS Profiles for
OAuth Clients" for details.
name
- The expected IP address subject alternative name of the
client certificate.this
object.public String getTlsClientAuthSanEmail()
See tls_client_auth_san_email
in "2.3. Dynamic
Client Registration" in "Mutual TLS Profiles for
OAuth Clients" for details.
public Client setTlsClientAuthSanEmail(String tlsClientAuthSanEmail)
See tls_client_auth_san_email
in "2.3. Dynamic
Client Registration" in "Mutual TLS Profiles for
OAuth Clients" for details.
name
- The expected email address subject alternative name of the
client certificate.this
object.public boolean isTlsClientCertificateBoundAccessTokens()
true
if this client uses TLS client certificate bound
access tokens.public Client setTlsClientCertificateBoundAccessTokens(boolean use)
use
- true
to indicate that this client uses TLS client
certificate bound access tokens.this
object.public String getSelfSignedCertificateKeyId()
See "2.2. Self-Signed Certificate Mutual TLS OAuth Client Authentication Method" in "OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens" for details.
null
.public Client setSelfSignedCertificateKeyId(String keyId)
null
, Authlete uses this value to look
up the corresponding JWK for client authentication using mutual TLS utilizing
self-signed certificates.
See "2.2. Self-Signed Certificate Mutual TLS OAuth Client Authentication Method" in "OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens" for details.
keyId
- A key ID of a JWK. This may be null
.this
object.public String getSoftwareId()
This property corresponds to the software_id
metadata defined in
2. Client
Metadata of RFC 7591
(OAuth 2.0 Dynamic Client Registration Protocol).
public Client setSoftwareId(String softwareId)
This property corresponds to the software_id
metadata defined in
2. Client
Metadata of RFC 7591
(OAuth 2.0 Dynamic Client Registration Protocol).
softwareId
- A unique identifier of the client software.this
object.public String getSoftwareVersion()
This property corresponds to the software_version
metadata
defined in 2.
Client Metadata of RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).
public Client setSoftwareVersion(String softwareVersion)
This property corresponds to the software_version
metadata
defined in 2.
Client Metadata of RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).
softwareVersion
- A version of the client software.this
object.public JWSAlg getAuthorizationSignAlg()
alg
algorithm for signing authorization responses.
This property corresponds to authorization_signed_response_alg
in
5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for
OAuth 2.0 (JARM).alg
algorithm for signing authorization responses.public Client setAuthorizationSignAlg(JWSAlg alg)
alg
algorithm for signing authorization responses.
This property corresponds to authorization_signed_response_alg
in
5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for
OAuth 2.0 (JARM).alg
- The JWS alg
algorithm for signing authorization responses.this
object.public JWEAlg getAuthorizationEncryptionAlg()
alg
algorithm for encrypting authorization responses.
This property corresponds to authorization_encrypted_response_alg
in
5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for
OAuth 2.0 (JARM).alg
algorithm for encrypting authorization responses.public Client setAuthorizationEncryptionAlg(JWEAlg alg)
alg
algorithm for encrypting authorization responses.
This property corresponds to authorization_encrypted_response_alg
in
5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for
OAuth 2.0 (JARM).alg
- The JWE alg
algorithm for encrypting authorization responses.this
object.public JWEEnc getAuthorizationEncryptionEnc()
enc
algorithm for encrypting authorization responses.
This property corresponds to authorization_encrypted_response_enc
in
5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for
OAuth 2.0 (JARM).enc
algorithm for encrypting authorization responses.public Client setAuthorizationEncryptionEnc(JWEEnc enc)
enc
algorithm for encrypting authorization responses.
This property corresponds to authorization_encrypted_response_enc
in
5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for
OAuth 2.0 (JARM).enc
- The JWE enc
algorithm for encrypting authorization responses.this
object.public DeliveryMode getBcDeliveryMode()
backchannel_token_delivery_mode
metadata.
The backchannel token delivery mode is defined in the specification of the CIBA (Client Initiated Backchannel Authentication).
public Client setBcDeliveryMode(DeliveryMode mode)
backchannel_token_delivery_mode
metadata.
The backchannel token delivery mode is defined in the specification of CIBA (Client Initiated Backchannel Authentication).
mode
- The backchannel token delivery mode.this
object.public URI getBcNotificationEndpoint()
backchannel_client_notification_endpoint
metadata.
The backchannel client notification endpoint is defined in the specification of CIBA (Client Initiated Backchannel Authentication).
public Client setBcNotificationEndpoint(URI endpoint)
backchannel_client_notification_endpoint
metadata.
The backchannel client notification endpoint is defined in the specification of CIBA (Client Initiated Backchannel Authentication).
endpoint
- The backchannel client notification endpoint.this
object.public JWSAlg getBcRequestSignAlg()
backchannel_authentication_request_signing_alg
metadata.public Client setBcRequestSignAlg(JWSAlg alg)
backchannel_authentication_request_signing_alg
metadata.
The specification of CIBA (Client Initiated Backchannel Authentication) allows asymmetric algorithms only.
alg
- The signature algorithm of the request to the backchannel
authentication endpoint.this
object.public boolean isBcUserCodeRequired()
backchannel_user_code_parameter
metadata.true
if a user code is required when this client
makes a backchannel authentication request.public Client setBcUserCodeRequired(boolean required)
backchannel_user_code_parameter
metadata.required
- true
to indicate that a user code is required when
this client makes a backchannel authentication request.this
object.public boolean isDynamicallyRegistered()
dynamicallyRegistered
- true
if the client has been registered dynamically.this
object.public Client setDynamicallyRegistered(boolean dynamicallyRegistered)
dynamicallyRegistered
- true
if the client has been registered dynamically.this
object.public String getRegistrationAccessTokenHash()
public Client setRegistrationAccessTokenHash(String registrationAccessToken)
registrationAccessToken
- The hash of the registration access token for this client.this
object.public String[] getAuthorizationDetailsTypes()
"type"
field in "authorization_details"
.
This property corresponds to the "authorization_details_types"
metadata. See "OAuth 2.0 Rich Authorization Requests" (RAR) for details.
Note that the property name was renamed from authorizationDataTypes
to authorizationDetailsTypes
to align with the change made by
the 5th draft of the RAR specification.
"authorization_details"
.public Client setAuthorizationDetailsTypes(String[] types)
"type"
field in "authorization_details"
.
This property corresponds to the "authorization_details_types"
metadata. See "OAuth 2.0 Rich Authorization Requests" (RAR) for details.
Note that the property name was renamed from authorizationDataTypes
to authorizationDetailsTypes
to align with the change made by
the 5th draft of the RAR specification.
types
- Authorization details types used in "authorization_details"
.this
object.public boolean isParRequired()
This property corresponds to the
require_pushed_authorization_requests
client metadata defined
in "OAuth 2.0 Pushed Authorization Requests".
true
if this client is required to use the pushed
authorization request endpoint.public Client setParRequired(boolean required)
This property corresponds to the
require_pushed_authorization_requests
client metadata defined
in "OAuth 2.0 Pushed Authorization Requests".
required
- true
to indicate that this client is required to use
the pushed authorization request endpoint.this
object.public boolean isRequestObjectRequired()
request
or request_uri
request parameter.
If this flag is true
and the service's isTraditionalRequestObjectProcessingApplied()
returns false
,
authorization requests from this client are processed as if
require_signed_request_object
client metadata of this client is
true
. The metadata is defined in JAR (JWT Secured Authorization
Request).
true
if authorization requests from this client are
always required to utilize a request object.public Client setRequestObjectRequired(boolean required)
request
or request_uri
request parameter.
See the description of isRequestObjectRequired()
for details.
required
- true
to require that authorization requests from this
client always utilize a request object.this
object.public Pair[] getAttributes()
The feature of "client attributes" is available since Authlete 2.2.
public Client setAttributes(Pair[] attributes)
The feature of "client attributes" is available since Authlete 2.2.
attributes
- Attributes.this
object.public Client loadAttributes(Iterable<Pair> attributes)
The feature of "client attributes" is available since Authlete 2.2.
attributes
- Attributes.this
object.public String getCustomMetadata()
Standard specifications define client metadata as necessary. The following are such examples.
Standard client metadata included in Client Registration Request and
Client Update Request (cf. OIDC
DynReg, RFC
7591 and RFC 7592) are, if supported by Authlete, set to corresponding
properties of the client application. For example, the value of
the client_name
client metadata in Client Registration/Update
Request is set to the clientName
property. On the other hand,
unrecognized client metadata are discarded.
By listing up custom client metadata in advance by using the
supportedCustomClientMetadata
property of Service
,
Authlete can recognize them and stores their values into the database.
The stored custom client metadata values can be referenced by this
method.
Service.getSupportedCustomClientMetadata()
public Client setCustomMetadata(String metadata)
Standard specifications define client metadata as necessary. The following are such examples.
Standard client metadata included in Client Registration Request and
Client Update Request (cf. OIDC
DynReg, RFC
7591 and RFC 7592) are, if supported by Authlete, set to corresponding
properties of the client application. For example, the value of
the client_name
client metadata in Client Registration/Update
Request is set to the clientName
property. On the other hand,
unrecognized client metadata are discarded.
By listing up custom client metadata in advance by using the
supportedCustomClientMetadata
property of Service
,
Authlete can recognize them and stores their values into the database.
The stored custom client metadata values can be referenced by
getCustomMetadata()
.
metadata
- Custom client metadata in JSON format.this
object.Service.getSupportedCustomClientMetadata()
public boolean isFrontChannelRequestObjectEncryptionRequired()
This flag does not affect the processing of request objects at the
Pushed Authorization Request Endpoint, which is defined in OAuth 2.0
Pushed Authorization Requests. Unecrypted request objects are
accepted at the endpoint even if this flag is true
.
This flag does not indicate whether a request object is always required.
There is a different flag, requestObjectRequired
, for the purpose.
See the description of isRequestObjectRequired()
for details.
Even if this flag is false
, encryption of request object is
required if the Service.frontChannelRequestObjectEncryptionRequired
flag is true
.
true
if encryption of request object is required when
the request object is passed through the front channel.isRequestObjectRequired()
,
Service.isFrontChannelRequestObjectEncryptionRequired()
public Client setFrontChannelRequestObjectEncryptionRequired(boolean required)
This flag does not affect the processing of request objects at the
Pushed Authorization Request Endpoint, which is defined in OAuth 2.0
Pushed Authorization Requests. Unecrypted request objects are
accepted at the endpoint even if this flag is true
.
This flag does not indicate whether a request object is always required.
There is a different flag, requestObjectRequired
, for the purpose.
See the description of isRequestObjectRequired()
for details.
Even if this flag is false
, encryption of request object is
required if the Service.frontChannelRequestObjectEncryptionRequired
flag is true
.
required
- true
to require that request objects passed through the
front channel be encrypted.this
object.isRequestObjectRequired()
,
Service.isFrontChannelRequestObjectEncryptionRequired()
public boolean isRequestObjectEncryptionAlgMatchRequired()
alg
of encrypted request
object must match the request_object_encryption_alg
client metadata.
The request_object_encryption_alg
client metadata itself is defined
in OpenID Connect Dynamic Client Registration 1.0 as follows.
request_object_encryption_alg
OPTIONAL. JWE [JWE]
alg
algorithm [JWA] the RP is declaring that it may use for encrypting Request Objects sent to the OP. This parameter SHOULD be included when symmetric encryption will be used, since this signals to the OP that aclient_secret
value needs to be returned from which the symmetric key will be derived, that might not otherwise be returned. The RP MAY still use other supported encryption algorithms or send unencrypted Request Objects, even when this parameter is present. If both signing and encryption are requested, the Request Object will be signed then encrypted, with the result being a Nested JWT, as defined in [JWT]. The default, if omitted, is that the RP is not declaring whether it might encrypt any Request Objects.
The point here is "The RP MAY still use other supported encryption algorithms or send unencrypted Request Objects, even when this parameter is present."
The property that represents the client metadata is
requestEncryptionAlg
. See the description of
getRequestEncryptionAlg()
for details.
Even if this flag is false
, the match is required if the
Service.requestObjectEncryptionAlgMatchRequired
flag is true
.
true
if the JWE alg
of encrypted request object
must match the request_object_encryption_alg
client metadata.getRequestEncryptionAlg()
,
Service.isRequestObjectEncryptionAlgMatchRequired()
public Client setRequestObjectEncryptionAlgMatchRequired(boolean required)
alg
of encrypted request
object must match the request_object_encryption_alg
client metadata.
The request_object_encryption_alg
client metadata itself is defined
in OpenID Connect Dynamic Client Registration 1.0 as follows.
request_object_encryption_alg
OPTIONAL. JWE [JWE]
alg
algorithm [JWA] the RP is declaring that it may use for encrypting Request Objects sent to the OP. This parameter SHOULD be included when symmetric encryption will be used, since this signals to the OP that aclient_secret
value needs to be returned from which the symmetric key will be derived, that might not otherwise be returned. The RP MAY still use other supported encryption algorithms or send unencrypted Request Objects, even when this parameter is present. If both signing and encryption are requested, the Request Object will be signed then encrypted, with the result being a Nested JWT, as defined in [JWT]. The default, if omitted, is that the RP is not declaring whether it might encrypt any Request Objects.
The point here is "The RP MAY still use other supported encryption algorithms or send unencrypted Request Objects, even when this parameter is present."
The property that represents the client metadata is
requestEncryptionAlg
. See the description of
getRequestEncryptionAlg()
for details.
Even if this flag is false
, the match is required if the
Service.requestObjectEncryptionAlgMatchRequired
flag is true
.
required
- true
to require that the JWE alg
of encrypted
request object match the request_object_encryption_alg
client metadata.this
object.getRequestEncryptionAlg()
,
Service.isRequestObjectEncryptionAlgMatchRequired()
public boolean isRequestObjectEncryptionEncMatchRequired()
enc
of encrypted request
object must match the request_object_encryption_enc
client metadata.
The request_object_encryption_enc
client metadata itself is defined
in OpenID Connect Dynamic Client Registration 1.0 as follows.
request_object_encryption_enc
OPTIONAL. JWE
enc
algorithm [JWA] the RP is declaring that it may use for encrypting Request Objects sent to the OP. Ifrequest_object_encryption_alg
is specified, the default for this value isA128CBC-HS256
. Whenrequest_object_encryption_enc
is included,request_object_encryption_alg
MUST also be provided.
The property that represents the client metadata is
requestEncryptionEnc
. See the description of
getRequestEncryptionEnc()
for details.
Even if this flag is false
, the match is required if the
Service.requestObjectEncryptionEncMatchRequired
flag is true
.
true
if the JWE enc
of encrypted request object
must match the request_object_encryption_enc
client metadata.getRequestEncryptionEnc()
,
Service.isRequestObjectEncryptionEncMatchRequired()
public Client setRequestObjectEncryptionEncMatchRequired(boolean required)
enc
of encrypted request
object must match the request_object_encryption_enc
client metadata.
The request_object_encryption_enc
client metadata itself is defined
in OpenID Connect Dynamic Client Registration 1.0 as follows.
request_object_encryption_enc
OPTIONAL. JWE
enc
algorithm [JWA] the RP is declaring that it may use for encrypting Request Objects sent to the OP. Ifrequest_object_encryption_alg
is specified, the default for this value isA128CBC-HS256
. Whenrequest_object_encryption_enc
is included,request_object_encryption_alg
MUST also be provided.
The property that represents the client metadata is
requestEncryptionEnc
. See the description of
getRequestEncryptionEnc()
for details.
Even if this flag is false
, the match is required if the
Service.requestObjectEncryptionEncMatchRequired
flag is true
.
required
- true
to require that the JWE enc
of encrypted
request object match the request_object_encryption_enc
client metadata.this
object.getRequestEncryptionEnc()
,
Service.isRequestObjectEncryptionEncMatchRequired()
public String getDigestAlgorithm()
verified_claims
claim).
Possible values are listed in the Hash Algorithm Registry of IANA (Internet Assigned Numbers Authority),
but the server does not necessarily support all the values there. When
this property is omitted, "sha-256"
is used as the default
algorithm.
This property corresponds to the digest_algorithm
client metadata
which was defined by the third implementer's draft of "OpenID Connect for Identity Assurance 1.0".
This property is recognized by Authlete 2.3 and newer versions.
public Client setDigestAlgorithm(String algorithm)
verified_claims
claim).
Possible values are listed in the Hash Algorithm Registry of IANA (Internet Assigned Numbers Authority),
but the server does not necessarily support all the values there. When
this property is omitted, "sha-256"
is used as the default
algorithm.
This property corresponds to the digest_algorithm
client metadata
which was defined by the third implementer's draft of "OpenID Connect for Identity Assurance 1.0".
This property is recognized by Authlete 2.3 and newer versions.
algorithm
- The digest algorithm that this client requests the server to use
when it computes digest values of external attachments.this
object.public boolean isSingleAccessTokenPerSubject()
If this flag is true
, an attempt to issue a new access
token invalidates existing access tokens associated with the
same subject and the same client.
Even if this flag is false
, invalidation of existing access
tokens is executed if the singleAccessTokenPerSubject
property of the Service
this client application belongs to
is true
. (cf. Service.isSingleAccessTokenPerSubject()
)
Note that, however, attempts by Client Credentials Flow do not
invalidate existing access tokens because access tokens issued
by Client Credentials Flow are not associated with any end-user's
subject. Also note that an attempt by Refresh Token Flow
invalidates the coupled access token only and this invalidation
is always performed regardless of whether this flag is true
or false
.
true
if the number of access tokens per subject
(and per client) is at most one.Service.isSingleAccessTokenPerSubject()
public Client setSingleAccessTokenPerSubject(boolean single)
If true
is set, an attempt to issue a new access token
invalidates existing access tokens associated with the same
subject and the same client.
Even if this flag is false
, invalidation of existing access
tokens is executed if the singleAccessTokenPerSubject
property of the Service
this client application belongs to
is true
. (cf. Service.setSingleAccessTokenPerSubject(boolean)
)
Note that, however, attempts by Client Credentials Flow do not
invalidate existing access tokens because access tokens issued
by Client Credentials Flow are not associated with any end-user's
subject. Also note that an attempt by Refresh Token Flow
invalidates the coupled access token only and this invalidation
is always performed regardless of whether this flag is true
or false
.
single
- true
to set the maximum number of access tokens
per subject (and per client) to 1.this
object.Service.setSingleAccessTokenPerSubject(boolean)
public boolean isPkceRequired()
Note that even if this flag is false
, PKCE is required if
Service.pkceRequired
is true
.
true
if PKCE is required whenever this client makes
an authorization request by the authorization code flow.Service.isPkceRequired()
,
RFC 7636 Proof Key for Code Exchange by OAuth Public Clientspublic Client setPkceRequired(boolean required)
Note that even if this flag is false
, PKCE is required if
Service.pkceRequired
is true
.
required
- true
to require PKCE whenever this client makes an
authorization request by the authorization code flow.this
object.Service.setPkceRequired(boolean)
,
RFC 7636 Proof Key for Code Exchange by OAuth Public Clientspublic boolean isPkceS256Required()
S256
must be used as the code
challenge method whenever this client uses PKCE (RFC 7636).
Note that even if this flag is false
, S256
is required
if Service.pkceS256Required
is
true
.
true
if S256
must be used as the code challenge
method whenever this client uses PKCE.Service.setPkceS256Required(boolean)
,
RFC 7636 Proof Key for Code Exchange by OAuth Public Clientspublic Client setPkceS256Required(boolean required)
S256
must be used as the code
challenge method whenever this client uses PKCE (RFC 7636).required
- true
to require S256
as the code challenge
method whenever this client uses PKCE.this
object.Service.setPkceS256Required(boolean)
,
RFC 7636 Proof Key for Code Exchange by OAuth Public ClientsCopyright © 2022. All rights reserved.