com.authlete.common.dto

Class Client

java.lang.Object

com.authlete.common.dto.Client

All Implemented Interfaces:

Serializable

public class Client
extends Object
implements Serializable

Information about a client application.

Some properties correspond to the ones listed in Client Metadata in OpenID Connect Dynamic Client Registration 1.0.

See Also:

OpenID Connect Dynamic Client Registration 1.0, Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM), Serialized Form

Constructor Summary

Constructors

Constructor and Description
Client()

Method Summary

Modifier and Type	Method and Description
ApplicationType	getApplicationType() Get the application type.
Pair[]	getAttributes() Get attributes.
String[]	getAuthorizationDetailsTypes() Get the authorization details types that this client may use as values of the "type" field in "authorization_details".
JWEAlg	getAuthorizationEncryptionAlg() Get the JWE alg algorithm for encrypting authorization responses.
JWEEnc	getAuthorizationEncryptionEnc() Get the JWE enc algorithm for encrypting authorization responses.
JWSAlg	getAuthorizationSignAlg() Get the JWS alg algorithm for signing authorization responses.
DeliveryMode	getBcDeliveryMode() Get the backchannel token delivery mode.
URI	getBcNotificationEndpoint() Get the backchannel client notification endpoint.
JWSAlg	getBcRequestSignAlg() Get the signature algorithm of the request to the backchannel authentication endpoint.
long	getClientId() Get the client ID.
String	getClientIdAlias() Get the alias of the client ID.
String	getClientName() Get the client name.
TaggedValue[]	getClientNames() Get the client names each of which has a language tag.
String	getClientSecret() Get the client secret.
ClientType	getClientType() Get the client type.
URI	getClientUri() Get the URI of the home page.
TaggedValue[]	getClientUris() Get the URIs of the home pages for specific languages.
String[]	getContacts() Get the email addresses of contacts.
long	getCreatedAt() Get the time at which this client was created.
String	getCustomMetadata() Get the custom client metadata in JSON format.
String[]	getDefaultAcrs() Get the default list of authentication context class references.
int	getDefaultMaxAge() Get the default value of the maximum authentication age in seconds.
String	getDerivedSectorIdentifier() Get the sector identifier host component as derived from either the sector_identifier_uri or the registered redirect_uri.
String	getDescription() Get the description.
TaggedValue[]	getDescriptions() Get the descriptions for specific languages.
String	getDeveloper() Get the unique ID of the developer of this client application.
ClientExtension	getExtension() Get the extended information about this client.
GrantType[]	getGrantTypes() Get grant_type values that the client is declaring that it will restrict itself to using.
JWEAlg	getIdTokenEncryptionAlg() Get the JWE alg algorithm for encrypting the ID token issued to this client.
JWEEnc	getIdTokenEncryptionEnc() Get the JWE enc algorithm for encrypting the ID token issued to this client.
JWSAlg	getIdTokenSignAlg() Get the JWS alg algorithm for signing the ID token issued to this client.
String	getJwks() Get the JSON Web Key Set.
URI	getJwksUri() Get the URI of the JSON Web Key Set of the client application.
URI	getLoginUri() Get the URL that can initiate a login for this client application.
URI	getLogoUri() Get the URI of the logo image.
TaggedValue[]	getLogoUris() Get the logo URIs each of which has a language tag.
long	getModifiedAt() Get the time at which this client was last modified.
int	getNumber() Get the client number.
URI	getPolicyUri() Get the URI of the policy page which describes how the client application uses the profile data of the end-user.
TaggedValue[]	getPolicyUris() Get the URIs of the policy pages for specific languages.
String[]	getRedirectUris() Get the redirect URIs.
String	getRegistrationAccessTokenHash() Get the hash of the registration access token for this client.
JWEAlg	getRequestEncryptionAlg() Get the JWE alg algorithm for encrypting request objects.
JWEEnc	getRequestEncryptionEnc() Get the JWE enc algorithm for encrypting request objects.
JWSAlg	getRequestSignAlg() Get the JWS alg algorithm for signing request objects.
String[]	getRequestUris() Get the request URIs that this client declares it may use.
ResponseType[]	getResponseTypes() Get response_type values that the client is declaring that it will restrict itself to using.
URI	getSectorIdentifier() Deprecated. Since Authlete 2.2. Use getSectorIdentifierUri() instead.
URI	getSectorIdentifierUri() Get the value of the sector identifier URI.
String	getSelfSignedCertificateKeyId() Get the key ID of a JWK containing a self-signed certificate of this client.
int	getServiceNumber() Get the number of the service which this client belongs to.
String	getSoftwareId() Get the unique identifier string assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered.
String	getSoftwareVersion() Get the version identifier string for the client software identified by the software ID.
SubjectType	getSubjectType() Get the subject type that this client application requests.
String	getTlsClientAuthSanDns() Get the string representation of the expected DNS subject alternative name of the certificate this client will use in mutual TLS authentication.
String	getTlsClientAuthSanEmail() Get the string representation of the expected email address subject alternative name of the certificate this client will use in mutual TLS authentication.
String	getTlsClientAuthSanIp() Get the string representation of the expected IP address subject alternative name of the certificate this client will use in mutual TLS authentication.
URI	getTlsClientAuthSanUri() Get the string representation of the expected URI subject alternative name of the certificate this client will use in mutual TLS authentication.
String	getTlsClientAuthSubjectDn() Get the string representation of the expected subject distinguished name of the certificate this client will use in mutual TLS authentication.
ClientAuthMethod	getTokenAuthMethod() Get the client authentication method for the token endpoint.
JWSAlg	getTokenAuthSignAlg() Get the JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint.
URI	getTosUri() Get the URI of the "Terms Of Service" page.
TaggedValue[]	getTosUris() Get the URIs of the "Terms Of Service" pages for specific languages.
JWEAlg	getUserInfoEncryptionAlg() Get the JWE alg algorithm for encrypting UserInfo responses.
JWEEnc	getUserInfoEncryptionEnc() Get the JWE enc algorithm for encrypting UserInfo responses.
JWSAlg	getUserInfoSignAlg() Get the JWS alg algorithm for signing UserInfo responses.
boolean	isAuthTimeRequired() Get the flag which indicates whether this client requires auth_time claim to be embedded in the ID token.
boolean	isBcUserCodeRequired() Get the boolean flag which indicates whether a user code is required when this client makes a backchannel authentication request.
boolean	isClientIdAliasEnabled() Get the flag which indicates whether the client ID alias is enabled or not.
boolean	isDynamicallyRegistered() Get the flag which indicates whether this client has been registered dynamically.
boolean	isFrontChannelRequestObjectEncryptionRequired() Get the flag indicating whether encryption of request object is required when the request object is passed through the front channel.
boolean	isParRequired() Get the flag indicating whether this client is required to use the pushed authorization request endpoint.
boolean	isRequestObjectEncryptionAlgMatchRequired() Get the flag indicating whether the JWE alg of encrypted request object must match the request_object_encryption_alg client metadata.
boolean	isRequestObjectEncryptionEncMatchRequired() Get the flag indicating whether the JWE enc of encrypted request object must match the request_object_encryption_enc client metadata.
boolean	isRequestObjectRequired() Get the flag indicating whether authorization requests from this client are always required to utilize a request object by using either request or request_uri request parameter.
boolean	isTlsClientCertificateBoundAccessTokens() Does this client use TLS client certificate bound access tokens?
Client	loadAttributes(Iterable<Pair> attributes) Load attributes from an iterable.
Client	setApplicationType(ApplicationType applicationType) Set the application type.
Client	setAttributes(Pair[] attributes) Set attributes.
Client	setAuthorizationDetailsTypes(String[] types) Set the authorization details types that this client may use as values of the "type" field in "authorization_details".
Client	setAuthorizationEncryptionAlg(JWEAlg alg) Set the JWE alg algorithm for encrypting authorization responses.
Client	setAuthorizationEncryptionEnc(JWEEnc enc) Set the JWE enc algorithm for encrypting authorization responses.
Client	setAuthorizationSignAlg(JWSAlg alg) Set the JWS alg algorithm for signing authorization responses.
Client	setAuthTimeRequired(boolean required) Set the flag which indicates whether this client requires auth_time claim to be embedded in the ID token.
Client	setBcDeliveryMode(DeliveryMode mode) Set the backchannel token delivery mode.
Client	setBcNotificationEndpoint(URI endpoint) Set the backchannel client notification endpoint.
Client	setBcRequestSignAlg(JWSAlg alg) Set the signature algorithm of the request to the backchannel authentication endpoint.
Client	setBcUserCodeRequired(boolean required) Set the boolean flag which indicates whether a user code is required when this client makes a backchannel authentication request.
Client	setClientId(long clientId) Set the client ID.
Client	setClientIdAlias(String alias) Set the alias of the client ID.
Client	setClientIdAliasEnabled(boolean enabled) Enable/disable the client ID alias.
Client	setClientName(String clientName) Set the client name.
Client	setClientNames(TaggedValue[] clientNames) Set the client names each of which has a language tag.
Client	setClientSecret(String clientSecret) Set the client secret.
Client	setClientType(ClientType clientType) Set the client type.
Client	setClientUri(URI uri) Set the URI of the home page.
Client	setClientUris(TaggedValue[] uris) Set the URIs of the home pages for specific languages.
Client	setContacts(String[] contacts) Set the email addresses of contacts.
Client	setCreatedAt(long createdAt) Set the time at which this client was created.
Client	setCustomMetadata(String metadata) Set the custom client metadata in JSON format.
Client	setDefaultAcrs(String[] defaultAcrs) Set the default list of authentication context class references.
Client	setDefaultMaxAge(int defaultMaxAge) Set the default value of the maximum authentication age in seconds.
Client	setDerivedSectorIdentifier(String derivedSectorIdentifier) Set the sector identifier host component as derived from either the sector_identifier_uri or the registered redirect_uri.
Client	setDescription(String description) Set the description.
Client	setDescriptions(TaggedValue[] descriptions) Set the descriptions for specific languages.
Client	setDeveloper(String developer) Set the unique ID of the developer of this client application.
Client	setDynamicallyRegistered(boolean dynamicallyRegistered) Set the flag which indicates whether this client has been registered dynamically.
Client	setExtension(ClientExtension extension) Set the extended information about this client.
Client	setFrontChannelRequestObjectEncryptionRequired(boolean required) Set the flag indicating whether encryption of request object is required when the request object is passed through the front channel.
Client	setGrantTypes(GrantType[] grantTypes) Set grant_type values that the client is declaring that it will restrict itself to using.
Client	setIdTokenEncryptionAlg(JWEAlg alg) Set the JWE alg algorithm for encrypting the ID token issued to this client.
Client	setIdTokenEncryptionEnc(JWEEnc enc) Set the JWE enc algorithm for encrypting the ID token issued to this client.
Client	setIdTokenSignAlg(JWSAlg alg) Set the JWS alg algorithm for signing the ID token issued to this client.
Client	setJwks(String jwks) Set the JSON Web Key Set.
Client	setJwksUri(URI uri) Set the URI of the JSON Web Key Set of the client application.
Client	setLoginUri(URI uri) Set the URL that can initiate a login for this client application.
Client	setLogoUri(URI uri) Set the URI of the logo image.
Client	setLogoUris(TaggedValue[] uris) Set the logo URIs each of which has a language tag.
Client	setModifiedAt(long modifiedAt) Set the time at which this client was last modified.
Client	setNumber(int number) Set the client number.
Client	setParRequired(boolean required) Set the flag indicating whether this client is required to use the pushed authorization request endpoint.
Client	setPolicyUri(URI uri) Set the URI of the policy page which describes how the client application uses the profile data of the end-user.
Client	setPolicyUris(TaggedValue[] uris) Set the URIs of the policy pages for specific languages.
Client	setRedirectUris(String[] uris) Set the redirect URIs.
Client	setRegistrationAccessTokenHash(String registrationAccessToken) Set the hash of the registration access token for this client.
Client	setRequestEncryptionAlg(JWEAlg alg) Set the JWE alg algorithm for encrypting request objects.
Client	setRequestEncryptionEnc(JWEEnc enc) Set the JWE enc algorithm for encrypting request objects.
Client	setRequestObjectEncryptionAlgMatchRequired(boolean required) Set the flag indicating whether the JWE alg of encrypted request object must match the request_object_encryption_alg client metadata.
Client	setRequestObjectEncryptionEncMatchRequired(boolean required) Set the flag indicating whether the JWE enc of encrypted request object must match the request_object_encryption_enc client metadata.
Client	setRequestObjectRequired(boolean required) Set the flag indicating whether authorization requests from this client are always required to utilize a request object by using either request or request_uri request parameter.
Client	setRequestSignAlg(JWSAlg alg) Set the JWS alg algorithm for signing request objects.
Client	setRequestUris(String[] uris) Set the request URIs that this client declares it may use.
Client	setResponseTypes(ResponseType[] responseTypes) Set response_type values that the client is declaring that it will restrict itself to using.
Client	setSectorIdentifier(URI sectorIdentifier) Deprecated. Since Authlete 2.2. Use setSectorIdentifierUri(URI) instead.
Client	setSectorIdentifierUri(URI uri) Set the value of the sector identifier URI.
Client	setSelfSignedCertificateKeyId(String keyId) Set the key ID of a JWK containing a self-signed certificate of this client.
Client	setServiceNumber(int number) Set the number of the service which this client belongs to.
Client	setSoftwareId(String softwareId) Set a unique identifier string assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered.
Client	setSoftwareVersion(String softwareVersion) Set a version identifier string for the client software identified by the software ID.
Client	setSubjectType(SubjectType subjectType) Set the subject type that this client application requests.
Client	setTlsClientAuthSanDns(String tlsClientAuthSanDns) Set the string representation of the expected DNS subject alternative name of the certificate this client will use in mutual TLS authentication.
Client	setTlsClientAuthSanEmail(String tlsClientAuthSanEmail) Set the string representation of the expected email address subject alternative name of the certificate this client will use in mutual TLS authentication.
Client	setTlsClientAuthSanIp(String tlsClientAuthSanIp) Set the string representation of the expected IP address subject alternative name of the certificate this client will use in mutual TLS authentication.
Client	setTlsClientAuthSanUri(URI tlsClientAuthSanUri) Set the string representation of the expected URI subject alternative name of the certificate this client will use in mutual TLS authentication.
Client	setTlsClientAuthSubjectDn(String name) Set the string representation of the expected subject distinguished name of the certificate this client will use in mutual TLS authentication.
Client	setTlsClientCertificateBoundAccessTokens(boolean use) Set whether this client uses TLS client certificate bound access tokens or not.
Client	setTokenAuthMethod(ClientAuthMethod method) Set the client authentication method for the token endpoint.
Client	setTokenAuthSignAlg(JWSAlg alg) Set the JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint.
Client	setTosUri(URI uri) Set the URI of the "Terms Of Service" page.
Client	setTosUris(TaggedValue[] uris) Set the URIs of the "Terms Of Service" pages for specific languages.
Client	setUserInfoEncryptionAlg(JWEAlg alg) Set the JWE alg algorithm for encrypting UserInfo responses.
Client	setUserInfoEncryptionEnc(JWEEnc enc) Set the JWE enc algorithm for encrypting UserInfo responses.
Client	setUserInfoSignAlg(JWSAlg alg) Set the JWS alg algorithm for signing UserInfo responses.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Client

public Client()

Method Detail

getNumber

public int getNumber()

Get the client number.

Returns:

The client number.

setNumber

public Client setNumber(int number)

Set the client number.

Parameters:

number - The client number.

Returns:

this object.

getServiceNumber

public int getServiceNumber()

Get the number of the service which this client belongs to.

Returns:

The service number

setServiceNumber

public Client setServiceNumber(int number)

Set the number of the service which this client belongs to.

Parameters:

number - The service number.

Returns:

this object.

getDeveloper

public String getDeveloper()

Get the unique ID of the developer of this client application.

Returns:

The developer unique ID.

setDeveloper

public Client setDeveloper(String developer)

Set the unique ID of the developer of this client application.

Parameters:

developer - The developer unique ID.

Returns:

this object.

getClientId

public long getClientId()

Get the client ID.

Returns:

The client ID.

setClientId

public Client setClientId(long clientId)

Set the client ID.

Parameters:

clientId - The client ID.

Returns:

this object.

getClientIdAlias

public String getClientIdAlias()

Get the alias of the client ID.

Note that the client ID alias is recognized only when this client's clientIdAliasEnabled property is true AND the service's clientIdAliasEnabled property is also true.

Returns:

The alias of the client ID. This may be null.

Since:

2.1

setClientIdAlias

public Client setClientIdAlias(String alias)

Set the alias of the client ID.

Note that the client ID alias is recognized only when this client's clientIdAliasEnabled property is true AND the service's clientIdAliasEnabled property is also true.

Parameters:

alias - The alias of the client ID.

Returns:

this object.

Since:

2.1

isClientIdAliasEnabled

public boolean isClientIdAliasEnabled()

Get the flag which indicates whether the client ID alias is enabled or not.

Note that Service class also has clientIdAliasEnabled property. If the service's clientIdAliasEnabled property is false, the client ID alias of this client is not recognized even if this client's clientIdAliasEnabled property is true.

Returns:

true if the client ID alias is enabled.

Since:

2.2

setClientIdAliasEnabled

public Client setClientIdAliasEnabled(boolean enabled)

Enable/disable the client ID alias.

Note that Service class also has clientIdAliasEnabled property. If the service's clientIdAliasEnabled property is false, the client ID alias of this client is not recognized even if this client's clientIdAliasEnabled property is true.

Parameters:

enabled - true to enable the client ID alias. false to disable it.

Returns:

this object.

Since:

2.2

getClientSecret

public String getClientSecret()

Get the client secret.

Returns:

The client secret.

setClientSecret

public Client setClientSecret(String clientSecret)

Set the client secret.

Parameters:

clientSecret - The client secret.

Returns:

this object.

getClientType

public ClientType getClientType()

Get the client type.

Returns:

The client type.

setClientType

public Client setClientType(ClientType clientType)

Set the client type.

Parameters:

clientType - The client type.

Returns:

this object.

getRedirectUris

public String[] getRedirectUris()

Get the redirect URIs.

Returns:

The redirect URIs.

See Also:

RFC 6749 (OAuth 2.0), 3.1.2. Redirection Endpoint

setRedirectUris

public Client setRedirectUris(String[] uris)

Set the redirect URIs.

Parameters:

uris - The redirect URIs.

Returns:

this object.

See Also:

RFC 6749 (OAuth 2.0), 3.1.2. Redirection Endpoint

getResponseTypes

public ResponseType[] getResponseTypes()

Get response_type values that the client is declaring that it will restrict itself to using.

Returns:

The response types.

setResponseTypes

public Client setResponseTypes(ResponseType[] responseTypes)

Set response_type values that the client is declaring that it will restrict itself to using.

Parameters:

responseTypes - The response types.

Returns:

this object.

getGrantTypes

public GrantType[] getGrantTypes()

Get grant_type values that the client is declaring that it will restrict itself to using.

Returns:

The grant types.

setGrantTypes

public Client setGrantTypes(GrantType[] grantTypes)

Set grant_type values that the client is declaring that it will restrict itself to using.

Parameters:

grantTypes - The grant types.

Returns:

this object.

getApplicationType

public ApplicationType getApplicationType()

Get the application type.

Returns:

The application type.

See Also:

OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata

setApplicationType

public Client setApplicationType(ApplicationType applicationType)

Set the application type.

Parameters:

applicationType - The application type.

Returns:

this object.

See Also:

OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata

getContacts

public String[] getContacts()

Get the email addresses of contacts.

Returns:

Email addresses of contacts.

setContacts

public Client setContacts(String[] contacts)

Set the email addresses of contacts.

Parameters:

contacts - Email addresses of contacts.

Returns:

this object.

getClientName

public String getClientName()

Get the client name.

Returns:

The client name.

setClientName

public Client setClientName(String clientName)

Set the client name.

Parameters:

clientName - The client name.

Returns:

this object.

getClientNames

public TaggedValue[] getClientNames()

Get the client names each of which has a language tag.

Returns:

The client names each of which has a language tag.

setClientNames

public Client setClientNames(TaggedValue[] clientNames)

Set the client names each of which has a language tag.

Parameters:

clientNames - The client names.

Returns:

this object.

getLogoUri

public URI getLogoUri()

Get the URI of the logo image.

Returns:

The URI of the logo image.

setLogoUri

public Client setLogoUri(URI uri)

Set the URI of the logo image.

Parameters:

uri - The URI of the logo image.

Returns:

this object.

getLogoUris

public TaggedValue[] getLogoUris()

Get the logo URIs each of which has a language tag.

Returns:

The logo URIs.

setLogoUris

public Client setLogoUris(TaggedValue[] uris)

Set the logo URIs each of which has a language tag.

Parameters:

uris - The logo URIs.

Returns:

this object.

getClientUri

public URI getClientUri()

Get the URI of the home page.

Returns:

The URI of the home page.

setClientUri

public Client setClientUri(URI uri)

Set the URI of the home page.

Parameters:

uri - The URI of the home page.

Returns:

this object.

getClientUris

public TaggedValue[] getClientUris()

Get the URIs of the home pages for specific languages.

Returns:

The URIs of the home page for specific languages.

setClientUris

public Client setClientUris(TaggedValue[] uris)

Set the URIs of the home pages for specific languages.

Parameters:

uris - The URIs of the home page for specific languages.

Returns:

this object.

getPolicyUri

public URI getPolicyUri()

Get the URI of the policy page which describes how the client application uses the profile data of the end-user.

Returns:

The URI of the policy page.

setPolicyUri

public Client setPolicyUri(URI uri)

Set the URI of the policy page which describes how the client application uses the profile data of the end-user.

Parameters:

uri - The URI of the policy page.

Returns:

this object.

getPolicyUris

public TaggedValue[] getPolicyUris()

Get the URIs of the policy pages for specific languages.

Returns:

The URIs of the policy pages for specific languages.

setPolicyUris

public Client setPolicyUris(TaggedValue[] uris)

Set the URIs of the policy pages for specific languages.

Parameters:

uris - The URIs of the policy pages for specific languages.

Returns:

this object.

getTosUri

public URI getTosUri()

Get the URI of the "Terms Of Service" page.

Returns:

The URI of the "Terms Of Service" page.

setTosUri

public Client setTosUri(URI uri)

Set the URI of the "Terms Of Service" page.

Parameters:

uri - The URI of the "Terms Of Service" page.

Returns:

this object.

getTosUris

public TaggedValue[] getTosUris()

Get the URIs of the "Terms Of Service" pages for specific languages.

Returns:

The URIs of the "Terms Of Service" pages for specific languages.

setTosUris

public Client setTosUris(TaggedValue[] uris)

Set the URIs of the "Terms Of Service" pages for specific languages.

Parameters:

uris - The URIs of the "Terms Of Service" pages for specific languages.

Returns:

this object.

getJwksUri

public URI getJwksUri()

Get the URI of the JSON Web Key Set of the client application.

Returns:

The URI of the JSON Web Key Set of the client application.

setJwksUri

public Client setJwksUri(URI uri)

Set the URI of the JSON Web Key Set of the client application.

Parameters:

uri - The URI of the JSON Web Key Set of the client application.

Returns:

this object.

getJwks

public String getJwks()

Get the JSON Web Key Set.

Returns:

The JSON Web Key Set.

setJwks

public Client setJwks(String jwks)

Set the JSON Web Key Set.

Parameters:

jwks - The JSON Web Key Set.

Returns:

this object.

getSectorIdentifier

@Deprecated
public URI getSectorIdentifier()

Deprecated. Since Authlete 2.2. Use getSectorIdentifierUri() instead.

Get the sector identifier.

Returns:

The sector identifier.

setSectorIdentifier

@Deprecated
public Client setSectorIdentifier(URI sectorIdentifier)

Deprecated. Since Authlete 2.2. Use setSectorIdentifierUri(URI) instead.

Set the sector identifier.

Parameters:

sectorIdentifier - The sector identifier.

Returns:

this object.

getSectorIdentifierUri

public URI getSectorIdentifierUri()

Get the value of the sector identifier URI.

This represents the sector_identifier_uri client metadata which is defined in 2. Client Metadata of OpenID Connect Dynamic Client Registration 1.0.

Returns:

The sector identifier URI.

Since:

2.50

setSectorIdentifierUri

public Client setSectorIdentifierUri(URI uri)

Set the value of the sector identifier URI.

This represents the sector_identifier_uri client metadata which is defined in 2. Client Metadata of OpenID Connect Dynamic Client Registration 1.0.

Parameters:

uri - The sector identifier URI.

Returns:

this object.

Since:

2.50

getDerivedSectorIdentifier

public String getDerivedSectorIdentifier()

Get the sector identifier host component as derived from either the sector_identifier_uri or the registered redirect_uri. If no sector_identifier_uri is registered and multiple redirect_uris are also registered, this value is undefined and the field returns null.

Returns:

The derived sector identifier, if available, or null otherwise.

Since:

2.61

See Also:

OIDC Core, 8.1. Pairwise Identifier Algorithm

setDerivedSectorIdentifier

public Client setDerivedSectorIdentifier(String derivedSectorIdentifier)

Set the sector identifier host component as derived from either the sector_identifier_uri or the registered redirect_uri. If no sector_identifier_uri is registered and multiple redirect_uris are also registered, this value is undefined and the field is null.

Parameters:

derivedSectorIdentifier - The derived sector identifier, if available, or null otherwise.

Returns:

this object.

Since:

2.61

See Also:

OIDC Core, 8.1. Pairwise Identifier Algorithm

getSubjectType

public SubjectType getSubjectType()

Get the subject type that this client application requests.

Returns:

The subject type.

See Also:

Subject Identifier Types

setSubjectType

public Client setSubjectType(SubjectType subjectType)

Set the subject type that this client application requests.

Parameters:

subjectType - The subject type.

Returns:

this object.

See Also:

Subject Identifier Types

getIdTokenSignAlg

public JWSAlg getIdTokenSignAlg()

Get the JWS alg algorithm for signing the ID token issued to this client. This property corresponds to id_token_signed_response_alg in Client Metadata.

Returns:

The JWS alg algorithm for signing the ID token issued to this client.

setIdTokenSignAlg

public Client setIdTokenSignAlg(JWSAlg alg)

Set the JWS alg algorithm for signing the ID token issued to this client. This property corresponds to id_token_signed_response_alg in Client Metadata.

Parameters:

alg - The JWS alg algorithm for signing the ID token issued to this client.

Returns:

this object.

getIdTokenEncryptionAlg

public JWEAlg getIdTokenEncryptionAlg()

Get the JWE alg algorithm for encrypting the ID token issued to this client. This property corresponds to id_token_encrypted_response_algin Client Metadata.

Returns:

The JWE alg algorithm for encrypting the ID token issued to this client.

setIdTokenEncryptionAlg

public Client setIdTokenEncryptionAlg(JWEAlg alg)

Set the JWE alg algorithm for encrypting the ID token issued to this client. This property corresponds to id_token_encrypted_response_algin Client Metadata.

Parameters:

alg - The JWE alg algorithm for encrypting the ID token issued to this client.

Returns:

this object.

getIdTokenEncryptionEnc

public JWEEnc getIdTokenEncryptionEnc()

Get the JWE enc algorithm for encrypting the ID token issued to this client. This property corresponds to id_token_encrypted_response_encin Client Metadata.

Returns:

The JWE enc algorithm for encrypting the ID token issued to this client.

setIdTokenEncryptionEnc

public Client setIdTokenEncryptionEnc(JWEEnc enc)

Set the JWE enc algorithm for encrypting the ID token issued to this client. This property corresponds to id_token_encrypted_response_encin Client Metadata.

Parameters:

enc - The JWE enc algorithm for encrypting the ID token issued to this client.

Returns:

this object.

getUserInfoSignAlg

public JWSAlg getUserInfoSignAlg()

Get the JWS alg algorithm for signing UserInfo responses. This property corresponds to userinfo_signed_response_alg in Client Metadata.

Returns:

The JWS alg algorithm for signing UserInfo responses.

setUserInfoSignAlg

public Client setUserInfoSignAlg(JWSAlg alg)

Set the JWS alg algorithm for signing UserInfo responses. This property corresponds to userinfo_signed_response_alg in Client Metadata.

Parameters:

alg - The JWS alg algorithm for signing UserInfo responses.

Returns:

this object.

getUserInfoEncryptionAlg

public JWEAlg getUserInfoEncryptionAlg()

Get the JWE alg algorithm for encrypting UserInfo responses. This property corresponds to userinfo_encrypted_response_alg in Client Metadata.

Returns:

The JWE alg algorithm for encrypting UserInfo responses.

setUserInfoEncryptionAlg

public Client setUserInfoEncryptionAlg(JWEAlg alg)

Set the JWE alg algorithm for encrypting UserInfo responses. This property corresponds to userinfo_encrypted_response_alg in Client Metadata.

Parameters:

alg - The JWE alg algorithm for encrypting UserInfo responses.

Returns:

this object.

getUserInfoEncryptionEnc

public JWEEnc getUserInfoEncryptionEnc()

Get the JWE enc algorithm for encrypting UserInfo responses. This property corresponds to userinfo_encrypted_response_enc in Client Metadata.

Returns:

The JWE enc algorithm for encrypting UserInfo responses.

setUserInfoEncryptionEnc

public Client setUserInfoEncryptionEnc(JWEEnc enc)

Set the JWE enc algorithm for encrypting UserInfo responses. This property corresponds to userinfo_encrypted_response_enc in Client Metadata.

Parameters:

enc - The JWE enc algorithm for encrypting UserInfo responses.

Returns:

this object.

getRequestSignAlg

public JWSAlg getRequestSignAlg()

Get the JWS alg algorithm for signing request objects. This property corresponds to request_object_signing_alg in Client Metadata.

Returns:

The JWS alg algorithm for signing request objects.

setRequestSignAlg

public Client setRequestSignAlg(JWSAlg alg)

Set the JWS alg algorithm for signing request objects. This property corresponds to request_object_signing_alg in Client Metadata.

Parameters:

alg - The JWS alg algorithm for signing request objects.

Returns:

this object.

getRequestEncryptionAlg

public JWEAlg getRequestEncryptionAlg()

Get the JWE alg algorithm for encrypting request objects. This property corresponds to request_object_encryption_alg in Client Metadata.

Returns:

The JWE alg algorithm for encrypting request objects.

setRequestEncryptionAlg

public Client setRequestEncryptionAlg(JWEAlg alg)

Set the JWE alg algorithm for encrypting request objects. This property corresponds to request_object_encryption_alg in Client Metadata.

Parameters:

alg - The JWE alg algorithm for encrypting request objects.

Returns:

this object.

getRequestEncryptionEnc

public JWEEnc getRequestEncryptionEnc()

Get the JWE enc algorithm for encrypting request objects. This property corresponds to request_object_encryption_enc in Client Metadata.

Returns:

The JWE enc algorithm for encrypting request objects.

setRequestEncryptionEnc

public Client setRequestEncryptionEnc(JWEEnc enc)

Set the JWE enc algorithm for encrypting request objects. This property corresponds to request_object_encryption_enc in Client Metadata.

Parameters:

enc - The JWE enc algorithm for encrypting request objects.

Returns:

this object.

getTokenAuthMethod

public ClientAuthMethod getTokenAuthMethod()

Get the client authentication method for the token endpoint. This property corresponds to token_endpoint_auth_method in Client Metadata.

Returns:

The client authentication method for the token endpoint.

setTokenAuthMethod

public Client setTokenAuthMethod(ClientAuthMethod method)

Set the client authentication method for the token endpoint. This property corresponds to token_endpoint_auth_method in Client Metadata.

Parameters:

method - The client authentication method for the token endpoint.

Returns:

this object.

getTokenAuthSignAlg

public JWSAlg getTokenAuthSignAlg()

Get the JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint. This property corresponds to token_endpoint_auth_signing_alg in Client Metadata.

Returns:

The JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint.

setTokenAuthSignAlg

public Client setTokenAuthSignAlg(JWSAlg alg)

Set the JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint. This property corresponds to token_endpoint_auth_signing_alg in Client Metadata.

Parameters:

alg - The JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint.

Returns:

this object.

getDefaultMaxAge

public int getDefaultMaxAge()

Get the default value of the maximum authentication age in seconds. This property corresponds to default_max_age in Client Metadata.

Returns:

The default value of the maximum authentication age in seconds.

setDefaultMaxAge

public Client setDefaultMaxAge(int defaultMaxAge)

Set the default value of the maximum authentication age in seconds. This property corresponds to default_max_age in Client Metadata.

This value is used when the request from the client application does not contain the max_age request parameter.

Parameters:

defaultMaxAge - The default value of the maximum authentication age in seconds. 0 means that no default value is set.

Returns:

this object.

isAuthTimeRequired

public boolean isAuthTimeRequired()

Get the flag which indicates whether this client requires auth_time claim to be embedded in the ID token. This property corresponds to require_auth_time in Client Metadata.

Returns:

The flag which indicates whether this client requires auth_time claim to be embedded in the ID token.

setAuthTimeRequired

public Client setAuthTimeRequired(boolean required)

Set the flag which indicates whether this client requires auth_time claim to be embedded in the ID token. This property corresponds to require_auth_time in Client Metadata.

Parameters:

required - The flag which indicates whether this client requires auth_time claim to be embedded in the ID token.

Returns:

this object.

getDefaultAcrs

public String[] getDefaultAcrs()

Get the default list of authentication context class references. This property corresponds to default_acr_values in Client Metadata.

Returns:

The default list of authentication context class references.

setDefaultAcrs

public Client setDefaultAcrs(String[] defaultAcrs)

Set the default list of authentication context class references. This property corresponds to default_max_age in Client Metadata.

This value is used when the request from the client application does not contain the acr_values request parameter.

Parameters:

defaultAcrs - The default list of authentication context class references.

Returns:

this object.

getLoginUri

public URI getLoginUri()

Get the URL that can initiate a login for this client application. This property corresponds to initiate_login_uri in Client Metadata.

Returns:

The URL that can initiate a login for this client application.

setLoginUri

public Client setLoginUri(URI uri)

Set the URL that can initiate a login for this client application. This property corresponds to initiate_login_uri in Client Metadata.

Parameters:

uri - The URL that can initiate a login for this client application.

Returns:

this object.

getRequestUris

public String[] getRequestUris()

Get the request URIs that this client declares it may use. This property corresponds to request_uris in Client Metadata.

Returns:

The request URIs that this client declares it may use.

setRequestUris

public Client setRequestUris(String[] uris)

Set the request URIs that this client declares it may use. This property corresponds to request_uris in Client Metadata.

Parameters:

uris - The request URIs that this client declares it may use.

Returns:

this object.

getDescription

public String getDescription()

Get the description.

Returns:

The description.

setDescription

public Client setDescription(String description)

Set the description.

Parameters:

description - The description.

Returns:

this object.

getDescriptions

public TaggedValue[] getDescriptions()

Get the descriptions for specific languages.

Returns:

The descriptions for specific languages.

setDescriptions

public Client setDescriptions(TaggedValue[] descriptions)

Set the descriptions for specific languages.

Parameters:

descriptions - The descriptions for specific languages.

Returns:

this object.

getCreatedAt

public long getCreatedAt()

Get the time at which this client was created.

Returns:

The time at which this client was created. The value is represented as milliseconds since the UNIX epoch (1970-01-01).

Since:

1.6

setCreatedAt

public Client setCreatedAt(long createdAt)

Set the time at which this client was created.

Parameters:

createdAt - The time at which this client was created.

Returns:

this object.

Since:

1.6

getModifiedAt

public long getModifiedAt()

Get the time at which this client was last modified.

Returns:

The time at which this client was last modified. The value is represented as milliseconds since the UNIX epoch (1970-01-01).

Since:

1.6

setModifiedAt

public Client setModifiedAt(long modifiedAt)

Set the time at which this client was last modified.

Parameters:

modifiedAt - The time at which this client was modified.

Returns:

this object.

Since:

1.6

getExtension

public ClientExtension getExtension()

Get the extended information about this client.

Returns:

The extended information about this client.

Since:

1.39

setExtension

public Client setExtension(ClientExtension extension)

Set the extended information about this client.

Parameters:

extension - The extended information about this client.

Returns:

this object.

Since:

1.39

getTlsClientAuthSubjectDn

public String getTlsClientAuthSubjectDn()

Get the string representation of the expected subject distinguished name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_subject_dn in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Returns:

The expected subject distinguished name of the client certificate.

Since:

2.7

setTlsClientAuthSubjectDn

public Client setTlsClientAuthSubjectDn(String name)

Set the string representation of the expected subject distinguished name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_subject_dn in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Parameters:

name - The expected subject distinguished name of the client certificate.

Returns:

this object.

Since:

2.7

getTlsClientAuthSanDns

public String getTlsClientAuthSanDns()

Get the string representation of the expected DNS subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_dns in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Returns:

The expected DNS subject alternative name of the client certificate.

Since:

2.38

setTlsClientAuthSanDns

public Client setTlsClientAuthSanDns(String tlsClientAuthSanDns)

Set the string representation of the expected DNS subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_dns in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Parameters:

name - The expected DNS subject alternative name of the client certificate.

Returns:

this object.

Since:

2.38

getTlsClientAuthSanUri

public URI getTlsClientAuthSanUri()

Get the string representation of the expected URI subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_uri in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Returns:

The expected URI subject alternative name of the client certificate.

Since:

2.38

setTlsClientAuthSanUri

public Client setTlsClientAuthSanUri(URI tlsClientAuthSanUri)

Set the string representation of the expected URI subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_uri in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Parameters:

name - The expected URI subject alternative name of the client certificate.

Returns:

this object.

Since:

2.38

getTlsClientAuthSanIp

public String getTlsClientAuthSanIp()

Get the string representation of the expected IP address subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_ip in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Returns:

The expected IP address subject alternative name of the client certificate.

Since:

2.38

setTlsClientAuthSanIp

public Client setTlsClientAuthSanIp(String tlsClientAuthSanIp)

Set the string representation of the expected IP address subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_ip in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Parameters:

name - The expected IP address subject alternative name of the client certificate.

Returns:

this object.

Since:

2.38

getTlsClientAuthSanEmail

public String getTlsClientAuthSanEmail()

Get the string representation of the expected email address subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_email in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Returns:

The expected email address subject alternative name of the client certificate.

Since:

2.38

setTlsClientAuthSanEmail

public Client setTlsClientAuthSanEmail(String tlsClientAuthSanEmail)

Set the string representation of the expected email address subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_email in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Parameters:

name - The expected email address subject alternative name of the client certificate.

Returns:

this object.

Since:

2.38

isTlsClientCertificateBoundAccessTokens

public boolean isTlsClientCertificateBoundAccessTokens()

Does this client use TLS client certificate bound access tokens?

Returns:

true if this client uses TLS client certificate bound access tokens.

Since:

2.19

setTlsClientCertificateBoundAccessTokens

public Client setTlsClientCertificateBoundAccessTokens(boolean use)

Set whether this client uses TLS client certificate bound access tokens or not.

Parameters:

use - true to indicate that this client uses TLS client certificate bound access tokens.

Returns:

this object.

Since:

2.19

getSelfSignedCertificateKeyId

public String getSelfSignedCertificateKeyId()

Get the key ID of a JWK containing a self-signed certificate of this client.

See "2.2. Self-Signed Certificate Mutual TLS OAuth Client Authentication Method" in "OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens" for details.

Returns:

A key ID of a JWK. This may be null.

Since:

2.20

setSelfSignedCertificateKeyId

public Client setSelfSignedCertificateKeyId(String keyId)

Set the key ID of a JWK containing a self-signed certificate of this client. Unless this value is set to null, Authlete uses this value to look up the corresponding JWK for client authentication using mutual TLS utilizing self-signed certificates.

See "2.2. Self-Signed Certificate Mutual TLS OAuth Client Authentication Method" in "OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens" for details.

Parameters:

keyId - A key ID of a JWK. This may be null.

Returns:

this object.

Since:

2.20

getSoftwareId

public String getSoftwareId()

Get the unique identifier string assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered.

This property corresponds to the software_id metadata defined in 2. Client Metadata of RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

Returns:

The unique identifier of the client software.

Since:

2.24

setSoftwareId

public Client setSoftwareId(String softwareId)

Set a unique identifier string assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered.

This property corresponds to the software_id metadata defined in 2. Client Metadata of RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

Parameters:

softwareId - A unique identifier of the client software.

Returns:

this object.

Since:

2.24

getSoftwareVersion

public String getSoftwareVersion()

Get the version identifier string for the client software identified by the software ID.

This property corresponds to the software_version metadata defined in 2. Client Metadata of RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

Returns:

The version of the client software.

Since:

2.24

setSoftwareVersion

public Client setSoftwareVersion(String softwareVersion)

Set a version identifier string for the client software identified by the software ID.

This property corresponds to the software_version metadata defined in 2. Client Metadata of RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

Parameters:

softwareVersion - A version of the client software.

Returns:

this object.

Since:

2.24

getAuthorizationSignAlg

public JWSAlg getAuthorizationSignAlg()

Get the JWS alg algorithm for signing authorization responses. This property corresponds to authorization_signed_response_alg in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Returns:

The JWS alg algorithm for signing authorization responses.

Since:

2.27

setAuthorizationSignAlg

public Client setAuthorizationSignAlg(JWSAlg alg)

Set the JWS alg algorithm for signing authorization responses. This property corresponds to authorization_signed_response_alg in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Parameters:

alg - The JWS alg algorithm for signing authorization responses.

Returns:

this object.

Since:

2.27

getAuthorizationEncryptionAlg

public JWEAlg getAuthorizationEncryptionAlg()

Get the JWE alg algorithm for encrypting authorization responses. This property corresponds to authorization_encrypted_response_alg in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Returns:

The JWE alg algorithm for encrypting authorization responses.

Since:

2.27

setAuthorizationEncryptionAlg

public Client setAuthorizationEncryptionAlg(JWEAlg alg)

Set the JWE alg algorithm for encrypting authorization responses. This property corresponds to authorization_encrypted_response_alg in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Parameters:

alg - The JWE alg algorithm for encrypting authorization responses.

Returns:

this object.

Since:

2.27

getAuthorizationEncryptionEnc

public JWEEnc getAuthorizationEncryptionEnc()

Get the JWE enc algorithm for encrypting authorization responses. This property corresponds to authorization_encrypted_response_enc in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Returns:

The JWE enc algorithm for encrypting authorization responses.

Since:

2.27

setAuthorizationEncryptionEnc

public Client setAuthorizationEncryptionEnc(JWEEnc enc)

Set the JWE enc algorithm for encrypting authorization responses. This property corresponds to authorization_encrypted_response_enc in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Parameters:

enc - The JWE enc algorithm for encrypting authorization responses.

Returns:

this object.

Since:

2.27

getBcDeliveryMode

public DeliveryMode getBcDeliveryMode()

Get the backchannel token delivery mode. This property corresponds to the backchannel_token_delivery_mode metadata.

The backchannel token delivery mode is defined in the specification of the CIBA (Client Initiated Backchannel Authentication).

Returns:

The backchannel token delivery mode.

Since:

2.32

setBcDeliveryMode

public Client setBcDeliveryMode(DeliveryMode mode)

Set the backchannel token delivery mode. This property corresponds to the backchannel_token_delivery_mode metadata.

The backchannel token delivery mode is defined in the specification of CIBA (Client Initiated Backchannel Authentication).

Parameters:

mode - The backchannel token delivery mode.

Returns:

this object.

Since:

2.32

getBcNotificationEndpoint

public URI getBcNotificationEndpoint()

Get the backchannel client notification endpoint. This property corresponds to the backchannel_client_notification_endpoint metadata.

The backchannel client notification endpoint is defined in the specification of CIBA (Client Initiated Backchannel Authentication).

Returns:

The backchannel client notification endpoint.

Since:

2.32

setBcNotificationEndpoint

public Client setBcNotificationEndpoint(URI endpoint)

Set the backchannel client notification endpoint. This property corresponds to the backchannel_client_notification_endpoint metadata.

The backchannel client notification endpoint is defined in the specification of CIBA (Client Initiated Backchannel Authentication).

Parameters:

endpoint - The backchannel client notification endpoint.

Returns:

this object.

Since:

2.32

getBcRequestSignAlg

public JWSAlg getBcRequestSignAlg()

Get the signature algorithm of the request to the backchannel authentication endpoint. This property corresponds to the backchannel_authentication_request_signing_alg metadata.

Returns:

The signature algorithm of the request to the backchannel authentication endpoint.

Since:

2.32

setBcRequestSignAlg

public Client setBcRequestSignAlg(JWSAlg alg)

Set the signature algorithm of the request to the backchannel authentication endpoint. This property corresponds to the backchannel_authentication_request_signing_alg metadata.

The specification of CIBA (Client Initiated Backchannel Authentication) allows asymmetric algorithms only.

Parameters:

alg - The signature algorithm of the request to the backchannel authentication endpoint.

Returns:

this object.

Since:

2.32

isBcUserCodeRequired

public boolean isBcUserCodeRequired()

Get the boolean flag which indicates whether a user code is required when this client makes a backchannel authentication request. This property corresponds to the backchannel_user_code_parameter metadata.

Returns:

true if a user code is required when this client makes a backchannel authentication request.

Since:

2.32

setBcUserCodeRequired

public Client setBcUserCodeRequired(boolean required)

Set the boolean flag which indicates whether a user code is required when this client makes a backchannel authentication request. This property corresponds to the backchannel_user_code_parameter metadata.

Parameters:

required - true to indicate that a user code is required when this client makes a backchannel authentication request.

Returns:

this object.

Since:

2.32

isDynamicallyRegistered

public boolean isDynamicallyRegistered()

Get the flag which indicates whether this client has been registered dynamically.

Parameters:

dynamicallyRegistered - true if the client has been registered dynamically.

Returns:

this object.

Since:

2.39

setDynamicallyRegistered

public Client setDynamicallyRegistered(boolean dynamicallyRegistered)

Set the flag which indicates whether this client has been registered dynamically.

Parameters:

dynamicallyRegistered - true if the client has been registered dynamically.

Returns:

this object.

Since:

2.39

getRegistrationAccessTokenHash

public String getRegistrationAccessTokenHash()

Get the hash of the registration access token for this client.

Returns:

The hash of the registration access token for this client.

Since:

2.39

setRegistrationAccessTokenHash

public Client setRegistrationAccessTokenHash(String registrationAccessToken)

Set the hash of the registration access token for this client.

Parameters:

registrationAccessToken - The hash of the registration access token for this client.

Returns:

this object.

Since:

2.39

getAuthorizationDetailsTypes

public String[] getAuthorizationDetailsTypes()

Get the authorization details types that this client may use as values of the "type" field in "authorization_details".

This property corresponds to the "authorization_details_types" metadata. See "OAuth 2.0 Rich Authorization Requests" (RAR) for details.

Note that the property name was renamed from authorizationDataTypes to authorizationDetailsTypes to align with the change made by the 5th draft of the RAR specification.

Returns:

Authorization details types used in "authorization_details".

Since:

2.91

setAuthorizationDetailsTypes

public Client setAuthorizationDetailsTypes(String[] types)

Set the authorization details types that this client may use as values of the "type" field in "authorization_details".

This property corresponds to the "authorization_details_types" metadata. See "OAuth 2.0 Rich Authorization Requests" (RAR) for details.

Note that the property name was renamed from authorizationDataTypes to authorizationDetailsTypes to align with the change made by the 5th draft of the RAR specification.

Parameters:

types - Authorization details types used in "authorization_details".

Returns:

this object.

Since:

2.91

isParRequired

public boolean isParRequired()

Get the flag indicating whether this client is required to use the pushed authorization request endpoint.

This property corresponds to the require_pushed_authorization_requests client metadata defined in "OAuth 2.0 Pushed Authorization Requests".

Returns:

true if this client is required to use the pushed authorization request endpoint.

Since:

2.77

setParRequired

public Client setParRequired(boolean required)

Set the flag indicating whether this client is required to use the pushed authorization request endpoint.

This property corresponds to the require_pushed_authorization_requests client metadata defined in "OAuth 2.0 Pushed Authorization Requests".

Parameters:

required - true to indicate that this client is required to use the pushed authorization request endpoint.

Returns:

this object.

Since:

2.77

isRequestObjectRequired

public boolean isRequestObjectRequired()

Get the flag indicating whether authorization requests from this client are always required to utilize a request object by using either request or request_uri request parameter.

If this flag is true and the service's isTraditionalRequestObjectProcessingApplied() returns false, authorization requests from this client are processed as if require_signed_request_object client metadata of this client is true. The metadata is defined in JAR (JWT Secured Authorization Request).

Returns:

true if authorization requests from this client are always required to utilize a request object.

Since:

2.80

setRequestObjectRequired

public Client setRequestObjectRequired(boolean required)

Set the flag indicating whether authorization requests from this client are always required to utilize a request object by using either request or request_uri request parameter.

See the description of isRequestObjectRequired() for details.

Parameters:

required - true to require that authorization requests from this client always utilize a request object.

Returns:

this object.

Since:

2.80

getAttributes

public Pair[] getAttributes()

Get attributes.

The feature of "client attributes" is available since Authlete 2.2.

Returns:

Attributes.

Since:

2.87

setAttributes

public Client setAttributes(Pair[] attributes)

Set attributes.

The feature of "client attributes" is available since Authlete 2.2.

Parameters:

attributes - Attributes.

Returns:

this object.

Since:

2.87

loadAttributes

public Client loadAttributes(Iterable<Pair> attributes)

Load attributes from an iterable.

The feature of "client attributes" is available since Authlete 2.2.

Parameters:

attributes - Attributes.

Returns:

this object.

Since:

2.89

getCustomMetadata

public String getCustomMetadata()

Get the custom client metadata in JSON format.

Standard specifications define client metadata as necessary. The following are such examples.

1. OpenID Connect Dynamic Client Registration 1.0
2. RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol
3. RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
4. OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0
5. The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)
6. Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
7. OAuth 2.0 Pushed Authorization Requests (PAR)
8. OAuth 2.0 Rich Authorization Requests (RAR)

Standard client metadata included in Client Registration Request and Client Update Request (cf. OIDC DynReg, RFC 7591 and RFC 7592) are, if supported by Authlete, set to corresponding properties of the client application. For example, the value of the client_name client metadata in Client Registration/Update Request is set to the clientName property. On the other hand, unrecognized client metadata are discarded.

By listing up custom client metadata in advance by using the supportedCustomClientMetadata property of Service, Authlete can recognize them and stores their values into the database. The stored custom client metadata values can be referenced by this method.

Returns:

Custom client metadata in JSON format.

Since:

2.93

See Also:

Service.getSupportedCustomClientMetadata()

setCustomMetadata

public Client setCustomMetadata(String metadata)

Set the custom client metadata in JSON format.

Standard specifications define client metadata as necessary. The following are such examples.

1. OpenID Connect Dynamic Client Registration 1.0
2. RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol
3. RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
4. OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0
5. The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)
6. Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
7. OAuth 2.0 Pushed Authorization Requests (PAR)
8. OAuth 2.0 Rich Authorization Requests (RAR)

Standard client metadata included in Client Registration Request and Client Update Request (cf. OIDC DynReg, RFC 7591 and RFC 7592) are, if supported by Authlete, set to corresponding properties of the client application. For example, the value of the client_name client metadata in Client Registration/Update Request is set to the clientName property. On the other hand, unrecognized client metadata are discarded.

By listing up custom client metadata in advance by using the supportedCustomClientMetadata property of Service, Authlete can recognize them and stores their values into the database. The stored custom client metadata values can be referenced by getCustomMetadata().

Parameters:

metadata - Custom client metadata in JSON format.

Returns:

this object.

Since:

2.93

See Also:

Service.getSupportedCustomClientMetadata()

isFrontChannelRequestObjectEncryptionRequired

public boolean isFrontChannelRequestObjectEncryptionRequired()

Get the flag indicating whether encryption of request object is required when the request object is passed through the front channel.

This flag does not affect the processing of request objects at the Pushed Authorization Request Endpoint, which is defined in OAuth 2.0 Pushed Authorization Requests. Unecrypted request objects are accepted at the endpoint even if this flag is true.

This flag does not indicate whether a request object is always required. There is a different flag, requestObjectRequired, for the purpose. See the description of isRequestObjectRequired() for details.

Even if this flag is false, encryption of request object is required if the Service.frontChannelRequestObjectEncryptionRequired flag is true.

Returns:

true if encryption of request object is required when the request object is passed through the front channel.

Since:

2.96

See Also:

isRequestObjectRequired(), Service.isFrontChannelRequestObjectEncryptionRequired()

setFrontChannelRequestObjectEncryptionRequired

public Client setFrontChannelRequestObjectEncryptionRequired(boolean required)

Set the flag indicating whether encryption of request object is required when the request object is passed through the front channel.

This flag does not affect the processing of request objects at the Pushed Authorization Request Endpoint, which is defined in OAuth 2.0 Pushed Authorization Requests. Unecrypted request objects are accepted at the endpoint even if this flag is true.

This flag does not indicate whether a request object is always required. There is a different flag, requestObjectRequired, for the purpose. See the description of isRequestObjectRequired() for details.

Even if this flag is false, encryption of request object is required if the Service.frontChannelRequestObjectEncryptionRequired flag is true.

Parameters:

required - true to require that request objects passed through the front channel be encrypted.

Returns:

this object.

Since:

2.96

See Also:

isRequestObjectRequired(), Service.isFrontChannelRequestObjectEncryptionRequired()

isRequestObjectEncryptionAlgMatchRequired

public boolean isRequestObjectEncryptionAlgMatchRequired()

Get the flag indicating whether the JWE alg of encrypted request object must match the request_object_encryption_alg client metadata.

The request_object_encryption_alg client metadata itself is defined in OpenID Connect Dynamic Client Registration 1.0 as follows.

request_object_encryption_alg

OPTIONAL. JWE [JWE] alg algorithm [JWA] the RP is declaring that it may use for encrypting Request Objects sent to the OP. This parameter SHOULD be included when symmetric encryption will be used, since this signals to the OP that a client_secret value needs to be returned from which the symmetric key will be derived, that might not otherwise be returned. The RP MAY still use other supported encryption algorithms or send unencrypted Request Objects, even when this parameter is present. If both signing and encryption are requested, the Request Object will be signed then encrypted, with the result being a Nested JWT, as defined in [JWT]. The default, if omitted, is that the RP is not declaring whether it might encrypt any Request Objects.

The point here is "The RP MAY still use other supported encryption algorithms or send unencrypted Request Objects, even when this parameter is present."

The property that represents the client metadata is requestEncryptionAlg. See the description of getRequestEncryptionAlg() for details.

Even if this flag is false, the match is required if the Service.requestObjectEncryptionAlgMatchRequired flag is true.

Returns:

true if the JWE alg of encrypted request object must match the request_object_encryption_alg client metadata.

Since:

2.96

See Also:

getRequestEncryptionAlg(), Service.isRequestObjectEncryptionAlgMatchRequired()

setRequestObjectEncryptionAlgMatchRequired

public Client setRequestObjectEncryptionAlgMatchRequired(boolean required)

Set the flag indicating whether the JWE alg of encrypted request object must match the request_object_encryption_alg client metadata.

The request_object_encryption_alg client metadata itself is defined in OpenID Connect Dynamic Client Registration 1.0 as follows.

request_object_encryption_alg

OPTIONAL. JWE [JWE] alg algorithm [JWA] the RP is declaring that it may use for encrypting Request Objects sent to the OP. This parameter SHOULD be included when symmetric encryption will be used, since this signals to the OP that a client_secret value needs to be returned from which the symmetric key will be derived, that might not otherwise be returned. The RP MAY still use other supported encryption algorithms or send unencrypted Request Objects, even when this parameter is present. If both signing and encryption are requested, the Request Object will be signed then encrypted, with the result being a Nested JWT, as defined in [JWT]. The default, if omitted, is that the RP is not declaring whether it might encrypt any Request Objects.

The point here is "The RP MAY still use other supported encryption algorithms or send unencrypted Request Objects, even when this parameter is present."

The property that represents the client metadata is requestEncryptionAlg. See the description of getRequestEncryptionAlg() for details.

Even if this flag is false, the match is required if the Service.requestObjectEncryptionAlgMatchRequired flag is true.

Parameters:

required - true to require that the JWE alg of encrypted request object match the request_object_encryption_alg client metadata.

Returns:

this object.

Since:

2.96

See Also:

getRequestEncryptionAlg(), Service.isRequestObjectEncryptionAlgMatchRequired()

isRequestObjectEncryptionEncMatchRequired

public boolean isRequestObjectEncryptionEncMatchRequired()

Get the flag indicating whether the JWE enc of encrypted request object must match the request_object_encryption_enc client metadata.

The request_object_encryption_enc client metadata itself is defined in OpenID Connect Dynamic Client Registration 1.0 as follows.

request_object_encryption_enc

OPTIONAL. JWE enc algorithm [JWA] the RP is declaring that it may use for encrypting Request Objects sent to the OP. If request_object_encryption_alg is specified, the default for this value is A128CBC-HS256. When request_object_encryption_enc is included, request_object_encryption_alg MUST also be provided.

The property that represents the client metadata is requestEncryptionEnc. See the description of getRequestEncryptionEnc() for details.

Even if this flag is false, the match is required if the Service.requestObjectEncryptionEncMatchRequired flag is true.

Returns:

true if the JWE enc of encrypted request object must match the request_object_encryption_enc client metadata.

Since:

2.96

See Also:

getRequestEncryptionEnc(), Service.isRequestObjectEncryptionEncMatchRequired()

setRequestObjectEncryptionEncMatchRequired

public Client setRequestObjectEncryptionEncMatchRequired(boolean required)

Set the flag indicating whether the JWE enc of encrypted request object must match the request_object_encryption_enc client metadata.

The request_object_encryption_enc client metadata itself is defined in OpenID Connect Dynamic Client Registration 1.0 as follows.

request_object_encryption_enc

OPTIONAL. JWE enc algorithm [JWA] the RP is declaring that it may use for encrypting Request Objects sent to the OP. If request_object_encryption_alg is specified, the default for this value is A128CBC-HS256. When request_object_encryption_enc is included, request_object_encryption_alg MUST also be provided.

The property that represents the client metadata is requestEncryptionEnc. See the description of getRequestEncryptionEnc() for details.

Even if this flag is false, the match is required if the Service.requestObjectEncryptionEncMatchRequired flag is true.

Parameters:

required - true to require that the JWE enc of encrypted request object match the request_object_encryption_enc client metadata.

Returns:

this object.

Since:

2.96

See Also:

getRequestEncryptionEnc(), Service.isRequestObjectEncryptionEncMatchRequired()