Package com.authlete.common.dto

Class DeviceAuthorizationResponse

  • All Implemented Interfaces:
    Serializable
    public class DeviceAuthorizationResponse
extends ApiResponse
    Response from Authlete's /api/device/authorization API.

    Authlete's /api/device/authorization API returns JSON which can be mapped to this class. The authorization server implementation should retrieve the value of action from the response and take the following steps according to the value.

    OK

    When the value of action is OK, it means that the device authorization request from the client application is valid.

    The authorization server implementation should generate a response to the client application with 200 OK and application/json.

    The getResponseContent() method returns a JSON string which can be used as the entity body of the response.

    The following illustrates the response which the authorization server implementation should generate and return to the client application. 

     HTTP/1.1 200 OK
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

    BAD_REQUEST

    When the value of action is BAD_REQUEST, it means that the device authorization request from the client application was wrong.

    The authorization server implementation should generate a response to the client application with 400 Bad Request and application/json.

    The getResponseContent() method returns a JSON string which describes the error, so it can be used as the entity body of the response.

    The following illustrates the response which the authorization server implementation should generate and return to the client application. 

     HTTP/1.1 400 Bad Request
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

    UNAUTHORIZED

    When the value of action is UNAUTHORIZED, it means that client authentication of the device authorization request failed.

    The authorization server implementation should generate a response to the client application with 401 Unauthorized and application/json.

    The getResponseContent() method returns a JSON string which describes the error, so it can be used as the entity body of the response.

    The following illustrates the response which the authorization server implementation should generate and return to the client application. 

     HTTP/1.1 401 Unauthorized
 WWW-Authenticate: (challenge)
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

    INTERNAL_SERVER_ERROR

    When the value of action is INTERNAL_SERVER_ERROR, it means that the API call from the authorization server implementation was wrong or that an error occurred in Authlete.

    In either case, from a viewpoint of the client application, it is an error on the server side. Therefore, the authorization server implementation should generate a response to the client application with 500 Internal Server Error and application/json.

    The getResponseContent() method returns a JSON string which describes the error, so it can be used as the entity body of the response.

    The following illustrates the response which the authorization server implementation should generate and return to the client application. 

     HTTP/1.1 500 Internal Server Error
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

    Since:
    2.42
    See Also:
    Serialized Form

    • Constructor Detail

      • DeviceAuthorizationResponse

        public DeviceAuthorizationResponse()

    • Method Detail

      • getAction

        public DeviceAuthorizationResponse.Action getAction()
        Get the next action that the implementation of the device authorization endpoint should take.
        Returns:
        The next action.

      • getResponseContent

        public String getResponseContent()
        Get the content that can be used to generate a response to the client application.
        Returns:
        The content of a response to the client.

      • setResponseContent

        public DeviceAuthorizationResponse setResponseContent​(String responseContent)
        Set the content that can be used to generate a response to the client application.
        Parameters:
        responseContent - The content of a response to the client.
        Returns:
        this object.

      • getClientId

        public long getClientId()
        Get the client ID of the client application that has made the device authorization request.
        Returns:
        The client ID of the client application.

      • setClientId

        public DeviceAuthorizationResponse setClientId​(long clientId)
        Set the client ID of the client application that has made the device authorization request.
        Parameters:
        clientId - The client ID of the client application.
        Returns:
        this object.

      • getClientIdAlias

        public String getClientIdAlias()
        Get the client ID alias of the client application that has made the device authorization request.
        Returns:
        The client ID alias of the client application.

      • setClientIdAlias

        public DeviceAuthorizationResponse setClientIdAlias​(String alias)
        Set the client ID alias of the client application that has made the device authorization request.
        Parameters:
        alias - The client ID alias of the client application.
        Returns:
        this object.

      • isClientIdAliasUsed

        public boolean isClientIdAliasUsed()
        Get the flag which indicates whether the client ID alias was used in the device authorization request.
        Returns:
        true if the client ID alias was used in the request.

      • setClientIdAliasUsed

        public DeviceAuthorizationResponse setClientIdAliasUsed​(boolean used)
        Set the flag which indicates whether the client ID alias was used in the device authorization request.
        Parameters:
        used - true to indicate that the client ID alias was used in the request.
        Returns:
        this object.

      • getClientEntityId

        public URI getClientEntityId()
        Get the entity ID of the client.

        "Entity ID" is a technical term defined in OpenID Federation 1.0.

        Returns:
        The entity ID of the client.
        Since:
        3.37, Authlete 2.3
        See Also:
        OpenID Federation 1.0

      • isClientEntityIdUsed

        public boolean isClientEntityIdUsed()
        Get the flag which indicates whether the entity ID of the client was used in the device authorization request as a client ID.

        "Entity ID" is a technical term defined in OpenID Federation 1.0.

        Returns:
        true if the entity ID of the client was used in the request as a client ID.
        Since:
        3.37, Authlete 2.3
        See Also:
        OpenID Federation 1.0

      • setClientEntityIdUsed

        public DeviceAuthorizationResponse setClientEntityIdUsed​(boolean used)
        Set the flag which indicates whether the entity ID of the client was used in the device authorization request as a client ID.

        "Entity ID" is a technical term defined in OpenID Federation 1.0.

        Parameters:
        used - true to indicate that the entity ID of the client was used in the request as a client ID.
        Returns:
        this object.
        Since:
        3.37, Authlete 2.3
        See Also:
        OpenID Federation 1.0

      • getClientIdentifier

        public String getClientIdentifier()
        Get the client identifier used in the device authorization request.

        When isClientIdAliasUsed() returns true, this method returns the same value as getClientIdAlias() does. Otherwise, if isClientEntityIdUsed() returns true, this method returns the same value as getClientEntityId().toString() does. In other cases, this method returns the string representation of the value returned from getClientId().

        Returns:
        The client identifier used in the device authorization request.

      • getClientName

        public String getClientName()
        Get the name of the client application which has made the device authorization request.
        Returns:
        The name of the client application.

      • setClientName

        public DeviceAuthorizationResponse setClientName​(String name)
        Set the name of the client application which has made the device authorization request.
        Parameters:
        name - The name of the client application.
        Returns:
        this object.

      • getClientAuthMethod

        public ClientAuthMethod getClientAuthMethod()
        Get the client authentication method that should be performed at the device authorization endpoint.

        If the client could not be identified by the information in the request, this method returns null.

        Returns:
        The client authentication method that should be performed at the device authorization endpoint.
        Since:
        2.50

      • setClientAuthMethod

        public DeviceAuthorizationResponse setClientAuthMethod​(ClientAuthMethod method)
        Set the client authentication method that should be performed at the device authorization endpoint.
        Parameters:
        method - The client authentication method that should be performed at the device authorization endpoint.
        Returns:
        this object.
        Since:
        2.50

      • getScopes

        public Scope[] getScopes()
        Get the scopes requested by the device authorization request.

        Basically, this method returns the value of the "scope" request parameter in the device authorization request. However, because unregistered scopes are dropped on Authlete side, if the "scope" request parameter contains unknown scopes, the list returned by this method becomes different from the value of the "scope" request parameter.

        Note that Scope.getDescription() method and Scope.getDescriptions() method of each element (Scope instance) in the array returned from this method always return null even if descriptions of the scopes are registered.

        Returns:
        The requested scopes.

      • setScopes

        public DeviceAuthorizationResponse setScopes​(Scope[] scopes)
        Set the scopes requested by the device authorization request.
        Parameters:
        scopes - The requested scopes.
        Returns:
        this object.

      • getDynamicScopes

        public DynamicScope[] getDynamicScopes()
        Get the dynamic scopes which the client application requested by the scope request parameter. See the description of DynamicScope for details.
        Returns:
        The list of dynamic scopes.
        Since:
        2.92
        See Also:
        DynamicScope

      • setDynamicScopes

        public DeviceAuthorizationResponse setDynamicScopes​(DynamicScope[] dynamicScopes)
        Set the dynamic scopes which the client application requested by the scope request parameter. See the description of DynamicScope for details.
        Parameters:
        dynamicScopes - The list of dynamic scopes.
        Returns:
        this object.
        Since:
        2.92
        See Also:
        DynamicScope

      • getClaimNames

        public String[] getClaimNames()
        Get the names of the claims which were requested indirectly via some special scopes. See 5.4. Requesting Claims using Scope Values in OpenID Connect Core 1.0 for details.

        This method always returns null if the scope request parameter of the device authorization request does not include the openid scope even if special scopes (such as profile) are included in the request (unless the openid scope is included in the default set of scopes which is used when the scope request parameter is omitted).

        Returns:
        The names of the requested claims.
        Since:
        2.44

      • setClaimNames

        public DeviceAuthorizationResponse setClaimNames​(String[] names)
        Set the names of the claims which were requested indirectly via some special scopes.
        Parameters:
        names - The names of the requested claims.
        Returns:
        this object.
        Since:
        2.44

      • getAcrs

        public String[] getAcrs()
        Get the list of ACR values requested by the device authorization request.

        Basically, this method returns the value of the "acr_values" request parameter in the device authorization request. However, because unsupported ACR values are dropped on Authlete side, if the "acr_values" request parameter contains unrecognized ACR values, the list returned by this method becomes different from the value of the "acr_values" request parameter.

        If the request does not include the acr_values request parameter, the value of the default_acr_values client metadata is used.

        Returns:
        The list of requested ACR values.
        Since:
        2.44

      • setAcrs

        public DeviceAuthorizationResponse setAcrs​(String[] acrs)
        Set the list of ACR values requested by the device authorization request.
        Parameters:
        acrs - The list of requested ACR values.
        Returns:
        this object.
        Since:
        2.44

      • getDeviceCode

        public String getDeviceCode()
        Get the device verification code. This corresponds to the device_code property in the response to the client.
        Returns:
        The device verification code.

      • setDeviceCode

        public DeviceAuthorizationResponse setDeviceCode​(String code)
        Set the device verification code. This corresponds to the device_code property in the response to the client.
        Parameters:
        code - The device verification code.
        Returns:
        this object.

      • getUserCode

        public String getUserCode()
        Get the end-user verification code. This corresponds to the user_code property in the response to the client.
        Returns:
        The end-user verification code.

      • setUserCode

        public DeviceAuthorizationResponse setUserCode​(String code)
        Set the end-user verification code. This corresponds to the user_code property in the response to the client.
        Parameters:
        code - The end-user verification code.
        Returns:
        this object.

      • getVerificationUri

        public URI getVerificationUri()
        Get the end-user verification URI. This corresponds to the verification_uri property in the response to the client.
        Returns:
        The end-user verification URI.

      • setVerificationUri

        public DeviceAuthorizationResponse setVerificationUri​(URI uri)
        Set the end-user verification URI. This corresponds to the verification_uri property in the response to the client.
        Parameters:
        uri - The end-user verification URI.
        Returns:
        this object.

      • getVerificationUriComplete

        public URI getVerificationUriComplete()
        Get the end-user verification URI that includes the end-user verification code. This corresponds to the verification_uri_complete property in the response to the client.
        Returns:
        The end-user verification URI that includes the end-user verification code.

      • setVerificationUriComplete

        public DeviceAuthorizationResponse setVerificationUriComplete​(URI uri)
        Set the end-user verification URI that includes the end-user verification code. This corresponds to the verification_uri_complete property in the response to the client.
        Parameters:
        uri - The end-user verification URI that includes the end-user verification code.
        Returns:
        this object.

      • getExpiresIn

        public int getExpiresIn()
        Get the duration of the issued device verification code and end-user verification code in seconds. This corresponds to the expires_in property in the response to the client.
        Returns:
        The duration of the issued device verification code and end-user verification code in seconds.

      • setExpiresIn

        public DeviceAuthorizationResponse setExpiresIn​(int expiresIn)
        Set the duration of the issued device verification code and end-user verification code in seconds. This corresponds to the expires_in property in the response to the client.
        Parameters:
        expiresIn - The duration of the issued device verification code and end-user verification code in seconds.
        Returns:
        this object.

      • getInterval

        public int getInterval()
        Get the minimum amount of time in seconds that the client must wait for between polling requests to the token endpoint. This corresponds to the interval property in the response to the client.
        Returns:
        The minimum amount of time in seconds between polling requests.

      • setInterval

        public DeviceAuthorizationResponse setInterval​(int interval)
        Set the minimum amount of time in seconds that the client must wait for between polling requests to the token endpoint. This corresponds to the interval property in the response to the client.
        Parameters:
        interval - The minimum amount of time in seconds between polling requests.
        Returns:
        this object.

      • getWarnings

        public String[] getWarnings()
        Get the warnings raised during processing the device authorization request.
        Returns:
        Warnings. This may be null.

      • setWarnings

        public DeviceAuthorizationResponse setWarnings​(String[] warnings)
        Set the warnings raised during processing the device authorization request.
        Parameters:
        warnings - Warnings.
        Returns:
        this object.

      • getResources

        public URI[] getResources()
        Get the resources specified by the resource request parameters. See "Resource Indicators for OAuth 2.0" for details.
        Returns:
        Target resources.
        Since:
        2.62

      • setResources

        public DeviceAuthorizationResponse setResources​(URI[] resources)
        Set the resources specified by the resource request parameters. See "Resource Indicators for OAuth 2.0" for details.
        Parameters:
        resources - Target resources.
        Returns:
        this object.
        Since:
        2.62

      • getAuthorizationDetails

        public AuthzDetails getAuthorizationDetails()
        Get the authorization details. This represents the value of the "authorization_details" request parameter which is defined in "OAuth 2.0 Rich Authorization Requests".
        Returns:
        Authorization details.
        Since:
        2.58

      • setAuthorizationDetails

        public DeviceAuthorizationResponse setAuthorizationDetails​(AuthzDetails details)
        Set the authorization details. This represents the value of the "authorization_details" request parameter which is defined in "OAuth 2.0 Rich Authorization Requests".
        Parameters:
        details - Authorization details.
        Returns:
        this object.
        Since:
        2.58

      • getGrantSubject

        public String getGrantSubject()
        Get the subject of the user who has given the grant which is identified by the grant_id request parameter.

        Authlete 2.3 and newer versions support Grant Management for OAuth 2.0. An authorization request may contain a grant_id request parameter which is defined in the specification. If the value of the request parameter is valid, getGrantSubject() will return the subject of the user who has given the grant to the client application. Authorization server implementations may use the value returned from getGrantSubject() in order to determine the user to authenticate.

        The user your system will authenticate during the authorization process (or has already authenticated) may be different from the user of the grant. The first implementer's draft of "Grant Management for OAuth 2.0" does not mention anything about the case, so the behavior in the case is left to implementations. Authlete will not perform the grant management action when the subject passed to Authlete does not match the user of the grant.

        Returns:
        The subject of the user who has given the grant.
        Since:
        3.1
        See Also:
        Grant Management for OAuth 2.0

      • setGrantSubject

        public DeviceAuthorizationResponse setGrantSubject​(String subject)
        Set the subject of the user who has given the grant which is identified by the grant_id request parameter.

        Authlete 2.3 and newer versions support Grant Management for OAuth 2.0. An authorization request may contain a grant_id request parameter which is defined in the specification. If the value of the request parameter is valid, getGrantSubject() will return the subject of the user who has given the grant to the client application. Authorization server implementations may use the value returned from getGrantSubject() in order to determine the user to authenticate.

        The user your system will authenticate during the authorization process (or has already authenticated) may be different from the user of the grant. The first implementer's draft of "Grant Management for OAuth 2.0" does not mention anything about the case, so the behavior in the case is left to implementations. Authlete will not perform the grant management action when the subject passed to Authlete does not match the user of the grant.

        Parameters:
        subject - The subject of the user who has given the grant.
        Returns:
        this object.
        Since:
        3.1
        See Also:
        Grant Management for OAuth 2.0

      • getGrant

        public Grant getGrant()
        Get the content of the grant which is identified by the grant_id request parameter.

        The user your system will authenticate during the authorization process (or has already authenticated) may be different from the user of the grant. Be careful when your system displays the content of the grant.

        Returns:
        The content of the grant.
        Since:
        3.1
        See Also:
        Grant Management for OAuth 2.0

      • setGrant

        public DeviceAuthorizationResponse setGrant​(Grant grant)
        Set the content of the grant which is identified by the grant_id request parameter.

        The user your system will authenticate during the authorization process (or has already authenticated) may be different from the user of the grant. Be careful when your system displays the content of the grant.

        Parameters:
        grant - The content of the grant.
        Returns:
        this object.
        Since:
        3.1
        See Also:
        Grant Management for OAuth 2.0

      • getServiceAttributes

        public Pair[] getServiceAttributes()
        Get the attributes of the service that the client application belongs to.

        This property is available since Authlete 2.2.

        Returns:
        The attributes of the service.
        Since:
        2.88

      • setServiceAttributes

        public DeviceAuthorizationResponse setServiceAttributes​(Pair[] attributes)
        Set the attributes of the service that the client application belongs to.

        This property is available since Authlete 2.2.

        Parameters:
        attributes - The attributes of the service.
        Returns:
        this object.
        Since:
        2.88

      • getClientAttributes

        public Pair[] getClientAttributes()
        Get the attributes of the client.

        This property is available since Authlete 2.2.

        Returns:
        The attributes of the client.
        Since:
        2.88

      • setClientAttributes

        public DeviceAuthorizationResponse setClientAttributes​(Pair[] attributes)
        Set the attributes of the client.

        This property is available since Authlete 2.2.

        Parameters:
        attributes - The attributes of the client.
        Returns:
        this object.
        Since:
        2.88