public class IntrospectionRequest extends Object implements Serializable
/auth/introspection
API.
token
(REQUIRED)An access token to introspect.
scopes
(OPTIONAL)Scopes that should be covered by the access token.
subject
(OPTIONAL)The subject that should be associated with the access token.
clientCertificate
(OPTIONAL)The client certificate used in the mutual TLS connection established between the client application and the protected resource endpoint. See RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens for details.
dpop
(OPTIONAL)The value of the
DPoP
HTTP header. See OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) for details.htm
(OPTIONAL)The HTTP method of the request to the protected resource endpoint. See OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) for details.
htu
(OPTIONAL)The URL of the protected resource endpoint. See OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) for details.
resources
(OPTIONAL)Resource indicators that should be covered by the access token. See RFC 8707 Resource Indicators for OAuth 2.0 for details.
uri
(OPTIONAL; Authlete 2.3 onwards)The full URL of the resource server.
headers
(OPTIONAL; Authlete 2.3 onwards)The HTTP headers to be included in processing the signature. If this is a signed request, this must include the
Signature
andSignature-Input
headers, as well as any additional headers covered by the signature.message
(OPTIONAL; Authlete 2.3 onwards)The HTTP message body of the request, if present. If supplied, this is used to validate the value of the
Content-Digest
header, which must in turn be covered in the HTTP Message Signature.requiredComponents
(OPTIONAL; Authlete 2.3 onwards)The list of component identifiers required to be covered by the signature on this message. If this is omitted, the set defaults to including the
@method
and@target-uri
derived components as well as all headers in thegetHeaders()
array.acrValues
(OPTIONAL; Authlete 2.3 onwards)The list of Authentication Context Class Reference values one of which the user authentication performed during the course of issuing the access token must satisfy.
maxAge
(OPTIONAL; Authlete 2.3 onwards)The maximum authentication age which is the maximum allowable elapsed time since the user authentication was performed during the course of issuing the access token.
Constructor and Description |
---|
IntrospectionRequest() |
Modifier and Type | Method and Description |
---|---|
String[] |
getAcrValues()
Get the list of Authentication Context Class Reference values one of
which the user authentication performed during the course of issuing
the access token must satisfy.
|
String |
getClientCertificate()
Get the client certificate used in the mutual TLS connection established
between the client application and the protected resource endpoint.
|
String |
getDpop()
Get the
DPoP header presented by the client during the request
to the resource server. |
Pair[] |
getHeaders()
Get the HTTP headers to be included in processing the signature.
|
String |
getHtm()
Get the HTTP method of the request from the client to the protected
resource endpoint.
|
String |
getHtu()
Get the URL of the protected resource endpoint.
|
int |
getMaxAge()
Get the maximum authentication age which is the maximum allowable
elapsed time since the user authentication was performed during
the course of issuing the access token.
|
String |
getMessage()
Get the HTTP message body, if present.
|
String[] |
getRequiredComponents()
Get the list of component identifiers required to be covered by
the signature on this message.
|
URI[] |
getResources()
Get the resource indicators that the access token should cover.
|
String[] |
getScopes()
Get the scopes which are required to access the protected resource
endpoint.
|
String |
getSubject()
Get the subject (= end-user ID managed by the service implementation)
which is required to access the protected resource endpoint.
|
String |
getToken()
Get the access token to introspect.
|
String |
getUri()
Get the URL of the resource server.
|
IntrospectionRequest |
setAcrValues(String[] acrValues)
Set the list of Authentication Context Class Reference values one of
which the user authentication performed during the course of issuing
the access token must satisfy.
|
IntrospectionRequest |
setClientCertificate(String clientCertificate)
Set the client certificate used in the mutual TLS connection established
between the client application and the protected resource endpoint.
|
IntrospectionRequest |
setDpop(String dpop)
Set the
DPoP header presented by the client during the request
to the resource server. |
IntrospectionRequest |
setHeaders(Pair[] headers)
Set the HTTP headers to be included in processing the signature.
|
IntrospectionRequest |
setHtm(String htm)
Set the HTTP method of the request from the client to the protected
resource endpoint.
|
IntrospectionRequest |
setHtu(String htu)
Set the URL of the protected resource endpoint.
|
IntrospectionRequest |
setMaxAge(int maxAge)
Set the maximum authentication age which is the maximum allowable
elapsed time since the user authentication was performed during
the course of issuing the access token.
|
IntrospectionRequest |
setMessage(String message)
Set the HTTP message body, if present.
|
IntrospectionRequest |
setRequiredComponents(String[] requiredComponents)
Set the list of component identifiers required to be covered by
the signature on this message.
|
IntrospectionRequest |
setResources(URI[] resources)
Set the resource indicators that the access token should cover.
|
IntrospectionRequest |
setScopes(String[] scopes)
Set the scopes which are required to access the protected resource
endpoint.
|
IntrospectionRequest |
setSubject(String subject)
Set the subject (= end-user ID managed by the service implementation)
which is required to access the protected resource endpoint.
|
IntrospectionRequest |
setToken(String token)
Set the access token to introspect.
|
IntrospectionRequest |
setUri(String uri)
Set the URL of the resource server.
|
public String getToken()
public IntrospectionRequest setToken(String token)
token
- The access token.this
object.public String[] getScopes()
public IntrospectionRequest setScopes(String[] scopes)
If the array contains a scope which is not covered by the access token,
Authlete's /auth/introspection
API returns FORBIDDEN
as
the action and insufficent_scope
as the error code.
scopes
- Scopes required to access the protected resource endpoint.
If null
is given, the /auth/introspection
API does not perform scope checking.this
object.public String getSubject()
public IntrospectionRequest setSubject(String subject)
If the specified subject is different from the one associated with the
access token, Authlete's /auth/introspection
API returns
FORBIDDEN
as the action and invalid_request
as the error
code.
subject
- Subject (= end-user ID managed by the service implementation)
which is required to access the protected resource endpoint.
If null
is given, the /auth/introspection
API
does not perform subject checking.this
object.public String getClientCertificate()
public IntrospectionRequest setClientCertificate(String clientCertificate)
If the access token is bound to a client certificate, this parameter is used for validation.
clientCertificate
- The client certificate in PEM format.this
object.public String getDpop()
DPoP
header presented by the client during the request
to the resource server. This header contains a signed JWT which
includes the public key that is paired with the private key used to
sign it.DPoP
header string.public IntrospectionRequest setDpop(String dpop)
DPoP
header presented by the client during the request
to the resource server. This header contains a signed JWT which
includes the public key that is paired with the private key used to
sign it.
If the access token is bound to a public key via DPoP, this parameter is used for validation.
dpop
- The DPoP
header string.this
object.public String getHtm()
DPoP
header."GET"
.public IntrospectionRequest setHtm(String htm)
DPoP
header.
If the access token is bound to a public key via DPoP, this parameter is used for validation.
htm
- The HTTP method as a string. For example, "GET"
.this
object.public String getHtu()
DPoP
header.public IntrospectionRequest setHtu(String htu)
DPoP
header.
If the access token is bound to a public key via DPoP, this parameter is used for validation.
htu
- The URL of the protected resource endpoint.this
object.public URI[] getResources()
public IntrospectionRequest setResources(URI[] resources)
resources
- The resource indicators that the access token should cover to
access the protected resource endpoint. If null
is
given, the /auth/introspection
API does not perform
resource indicator checking.this
object.public String getUri()
public IntrospectionRequest setUri(String uri)
uri
- The URL of the resource server.this
object.public String getMessage()
Content-Digest
in the headers of the request
covered by the HTTP Message Signature.public IntrospectionRequest setMessage(String message)
Content-Digest
in the headers of the request
covered by the HTTP Message Signature.message
- The HTTP message body.this
object.public Pair[] getHeaders()
Signature
and
Signature-Input
headers, as well as any additional headers
covered by the signature.public IntrospectionRequest setHeaders(Pair[] headers)
Signature
and
Signature-Input
headers, as well as any additional headers
covered by the signature.headers
- The HTTP headers.this
object.public String[] getRequiredComponents()
@method
and @target-uri
derived components
as well the Authorization
header and, if present,
the DPoP
header.public IntrospectionRequest setRequiredComponents(String[] requiredComponents)
@method
and @target-uri
derived components
as well the Authorization
header and, if present,
the DPoP
header.requiredComponents
- The component identifiers to cover in the signature.this
object.public String[] getAcrValues()
public IntrospectionRequest setAcrValues(String[] acrValues)
acrValues
- The list of Authentication Context Class Reference values.
If null
is given, the /auth/introspection
API
does not perform ACR checking.this
object.public int getMaxAge()
public IntrospectionRequest setMaxAge(int maxAge)
maxAge
- The maximum authentication age in seconds. If 0 or a negative
value is given, the /auth/introspection
API does not
perform max age checking.this
object.Copyright © 2023. All rights reserved.