Package com.authlete.common.dto

Class DeviceVerificationResponse

  • All Implemented Interfaces:
    Serializable
    public class DeviceVerificationResponse
extends ApiResponse
    Response from Authlete's /api/device/verification API.

    Authlete's /api/device/verification API returns JSON which can be mapped to this class. The authorization server implementation should retrieve the value of action from the response and take the following steps according to the value.

    VALID

    When the value of action is VALID, it means that the user code exists, has not expired, and belongs to the service. The authorization server implementation should interact with the end-user to ask whether she approves or rejects the authorization request from the device.

    EXPIRED

    When the value of action is EXPIRED, it means that the user code has expired. The authorization server implementation should tell the end-user that the user code has expired and urge her to re-initiate a device flow.

    NOT_EXIST

    When the value of action is NOT_EXIST, it means that the user code does not exist. The authorization server implementation should tell the end-user that the user code is invalid and urge her to retry to input a valid user code.

    SERVER_ERROR

    When the value of action is SERVER_ERROR, it means that an error occurred on Authlete side. The authorization server implementation should tell the end-user that something wrong happened and urge her to re-initiate a device flow.

    Since:
    2.42
    See Also:
    Serialized Form

    • Constructor Detail

      • DeviceVerificationResponse

        public DeviceVerificationResponse()

    • Method Detail

      • getClientId

        public long getClientId()
        Get the client ID of the client application to which the user code has been issued.
        Returns:
        The client ID of the client application.

      • setClientId

        public DeviceVerificationResponse setClientId​(long clientId)
        Set the client ID of the client application to which the user code has been issued.
        Parameters:
        clientId - The client ID of the client application.
        Returns:
        this object.

      • getClientIdAlias

        public String getClientIdAlias()
        Get the client ID alias of the client application to which the user code has been issued.
        Returns:
        The client ID alias of the client application.

      • setClientIdAlias

        public DeviceVerificationResponse setClientIdAlias​(String alias)
        Set the client ID alias of the client application to which the user code has been issued.
        Parameters:
        alias - The client ID alias of the client application.
        Returns:
        this object.

      • isClientIdAliasUsed

        public boolean isClientIdAliasUsed()
        Get the flag which indicates whether the client ID alias was used in the device authorization request for the user code.
        Returns:
        true if the client ID alias was used in the request.

      • setClientIdAliasUsed

        public DeviceVerificationResponse setClientIdAliasUsed​(boolean used)
        Set the flag which indicates whether the client ID alias was used in the device authorization request for the user code.
        Parameters:
        used - true to indicate that the client ID alias was used in the request.
        Returns:
        this object.

      • getClientEntityId

        public URI getClientEntityId()
        Get the entity ID of the client.

        "Entity ID" is a technical term defined in OpenID Federation 1.0.

        Returns:
        The entity ID of the client.
        Since:
        3.37, Authlete 2.3
        See Also:
        OpenID Federation 1.0

      • isClientEntityIdUsed

        public boolean isClientEntityIdUsed()
        Get the flag which indicates whether the entity ID of the client was used in the device authorization request as a client ID.

        "Entity ID" is a technical term defined in OpenID Federation 1.0.

        Returns:
        true if the entity ID of the client was used in the request as a client ID.
        Since:
        3.37, Authlete 2.3
        See Also:
        OpenID Federation 1.0

      • setClientEntityIdUsed

        public DeviceVerificationResponse setClientEntityIdUsed​(boolean used)
        Set the flag which indicates whether the entity ID of the client was used in the device authorization request as a client ID.

        "Entity ID" is a technical term defined in OpenID Federation 1.0.

        Parameters:
        used - true to indicate that the entity ID of the client was used in the request as a client ID.
        Returns:
        this object.
        Since:
        3.37, Authlete 2.3
        See Also:
        OpenID Federation 1.0

      • getClientIdentifier

        public String getClientIdentifier()
        Get the client identifier used in the device authorization request for the user code.

        When isClientIdAliasUsed() returns true, this method returns the same value as getClientIdAlias() does. Otherwise, if isClientEntityIdUsed() returns true, this method returns the same value as getClientEntityId().toString() does. In other cases, this method returns the string representation of the value returned from getClientId().

        Returns:
        The client identifier used in the device authorization request for the user code.

      • getClientName

        public String getClientName()
        Get the name of the client application to which the user code has been issued.
        Returns:
        The name of the client application.

      • setClientName

        public DeviceVerificationResponse setClientName​(String name)
        Set the name of the client application to which the user code has been issued.
        Parameters:
        name - The name of the client application.
        Returns:
        this object.

      • getScopes

        public Scope[] getScopes()
        Get the scopes requested by the device authorization request for the user code.

        Note that Scope.getDescription() method and Scope.getDescriptions() method of each element (Scope instance) in the array returned from this method always return null even if descriptions of the scopes are registered.

        Returns:
        The requested scopes.

      • setScopes

        public DeviceVerificationResponse setScopes​(Scope[] scopes)
        Set the scopes requested by the device authorization request for the user code.
        Parameters:
        scopes - The requested scopes.
        Returns:
        this object.

      • getDynamicScopes

        public DynamicScope[] getDynamicScopes()
        Get the dynamic scopes which the client application requested by the scope request parameter. See the description of DynamicScope for details.
        Returns:
        The list of dynamic scopes.
        Since:
        2.92
        See Also:
        DynamicScope

      • setDynamicScopes

        public DeviceVerificationResponse setDynamicScopes​(DynamicScope[] dynamicScopes)
        Set the dynamic scopes which the client application requested by the scope request parameter. See the description of DynamicScope for details.
        Parameters:
        dynamicScopes - The list of dynamic scopes.
        Returns:
        this object.
        Since:
        2.92
        See Also:
        DynamicScope

      • getClaimNames

        public String[] getClaimNames()
        Get the names of the claims which were requested indirectly via some special scopes. See 5.4. Requesting Claims using Scope Values in OpenID Connect Core 1.0 for details.

        This method always returns null if the scope request parameter of the device authorization request does not include the openid scope even if special scopes (such as profile) are included in the request (unless the openid scope is included in the default set of scopes which is used when the scope request parameter is omitted).

        Returns:
        The names of the requested claims.
        Since:
        2.44

      • setClaimNames

        public DeviceVerificationResponse setClaimNames​(String[] names)
        Set the names of the claims which were requested indirectly via some special scopes.
        Parameters:
        names - The names of the requested claims.
        Returns:
        this object.
        Since:
        2.44

      • getAcrs

        public String[] getAcrs()
        Get the list of ACR values requested by the device authorization request.
        Returns:
        The list of requested ACR values.
        Since:
        2.44

      • setAcrs

        public DeviceVerificationResponse setAcrs​(String[] acrs)
        Set the list of ACR values requested by the device authorization request.
        Parameters:
        acrs - The list of requested ACR values.
        Returns:
        this object.
        Since:
        2.44

      • getExpiresAt

        public long getExpiresAt()
        Get the date in milliseconds since the Unix epoch (1970-01-01) at which the user code will expire.
        Returns:
        The expiration date in milliseconds since the Unix epoch (1970-01-01) at which the user code will expire.
        Since:
        2.44

      • setExpiresAt

        public DeviceVerificationResponse setExpiresAt​(long expiresAt)
        Set the date in milliseconds since the Unix epoch (1970-01-01) at which the user code will expire.
        Parameters:
        expiresAt - The expiration date in milliseconds since the Unix epoch (1970-01-01) at which the user code will expire.
        Returns:
        this object.
        Since:
        2.44

      • getResources

        public URI[] getResources()
        Get the resources specified by the resource request parameters in the preceding device authorization request. See "Resource Indicators for OAuth 2.0" for details.
        Returns:
        Target resources.
        Since:
        2.62

      • setResources

        public DeviceVerificationResponse setResources​(URI[] resources)
        Set the resources specified by the resource request parameters in the preceding device authorization request. See "Resource Indicators for OAuth 2.0" for details.
        Parameters:
        resources - Target resources.
        Returns:
        this object.
        Since:
        2.62

      • getAuthorizationDetails

        public AuthzDetails getAuthorizationDetails()
        Get the authorization details. This represents the value of the "authorization_details" request parameter which is defined in "OAuth 2.0 Rich Authorization Requests".
        Returns:
        Authorization details.
        Since:
        2.56

      • setAuthorizationDetails

        public DeviceVerificationResponse setAuthorizationDetails​(AuthzDetails details)
        Set the authorization details. This represents the value of the "authorization_details" request parameter which is defined in "OAuth 2.0 Rich Authorization Requests".
        Parameters:
        details - Authorization details.
        Returns:
        this object.
        Since:
        2.56

      • getGrantId

        public String getGrantId()
        Get the value of the grant_id request parameter of the device authorization request.

        The grant_id request parameter is defined in Grant Management for OAuth 2.0, which is supported by Authlete 2.3 and newer versions.

        Returns:
        A grant ID.
        Since:
        3.6
        See Also:
        Grant Management for OAuth 2.0

      • getGrantSubject

        public String getGrantSubject()
        Get the subject of the user who has given the grant which is identified by the grant_id request parameter of the device authorization request.

        Authlete 2.3 and newer versions support Grant Management for OAuth 2.0. An authorization request may contain a grant_id request parameter which is defined in the specification. If the value of the request parameter is valid, getGrantSubject() will return the subject of the user who has given the grant to the client application. Authorization server implementations may use the value returned from getGrantSubject() in order to determine the user to authenticate.

        The user your system will authenticate during the authorization process (or has already authenticated) may be different from the user of the grant. The first implementer's draft of "Grant Management for OAuth 2.0" does not mention anything about the case, so the behavior in the case is left to implementations. Authlete will not perform the grant management action when the subject passed to Authlete does not match the user of the grant.

        Returns:
        The subject of the user who has given the grant.
        Since:
        3.6
        See Also:
        Grant Management for OAuth 2.0

      • setGrantSubject

        public DeviceVerificationResponse setGrantSubject​(String subject)
        Set the subject of the user who has given the grant which is identified by the grant_id request parameter of the device authorization request.

        Authlete 2.3 and newer versions support Grant Management for OAuth 2.0. An authorization request may contain a grant_id request parameter which is defined in the specification. If the value of the request parameter is valid, getGrantSubject() will return the subject of the user who has given the grant to the client application. Authorization server implementations may use the value returned from getGrantSubject() in order to determine the user to authenticate.

        The user your system will authenticate during the authorization process (or has already authenticated) may be different from the user of the grant. The first implementer's draft of "Grant Management for OAuth 2.0" does not mention anything about the case, so the behavior in the case is left to implementations. Authlete will not perform the grant management action when the subject passed to Authlete does not match the user of the grant.

        Parameters:
        subject - The subject of the user who has given the grant.
        Returns:
        this object.
        Since:
        3.6
        See Also:
        Grant Management for OAuth 2.0

      • getGrant

        public Grant getGrant()
        Get the content of the grant which is identified by the grant_id request parameter of the device authorization request.

        The user your system will authenticate during the authorization process (or has already authenticated) may be different from the user of the grant. Be careful when your system displays the content of the grant.

        Returns:
        The content of the grant.
        Since:
        3.6
        See Also:
        Grant Management for OAuth 2.0

      • setGrant

        public DeviceVerificationResponse setGrant​(Grant grant)
        Set the content of the grant which is identified by the grant_id request parameter of the device authorization request.

        The user your system will authenticate during the authorization process (or has already authenticated) may be different from the user of the grant. Be careful when your system displays the content of the grant.

        Parameters:
        grant - The content of the grant.
        Returns:
        this object.
        Since:
        3.6
        See Also:
        Grant Management for OAuth 2.0

      • getServiceAttributes

        public Pair[] getServiceAttributes()
        Get the attributes of the service that the client application belongs to.

        This property is available since Authlete 2.2.

        Returns:
        The attributes of the service.
        Since:
        2.88

      • setServiceAttributes

        public DeviceVerificationResponse setServiceAttributes​(Pair[] attributes)
        Set the attributes of the service that the client application belongs to.

        This property is available since Authlete 2.2.

        Parameters:
        attributes - The attributes of the service.
        Returns:
        this object.
        Since:
        2.88

      • getClientAttributes

        public Pair[] getClientAttributes()
        Get the attributes of the client.

        This property is available since Authlete 2.2.

        Returns:
        The attributes of the client.
        Since:
        2.88

      • setClientAttributes

        public DeviceVerificationResponse setClientAttributes​(Pair[] attributes)
        Set the attributes of the client.

        This property is available since Authlete 2.2.

        Parameters:
        attributes - The attributes of the client.
        Returns:
        this object.
        Since:
        2.88