Class NativeSsoRequest
- java.lang.Object
-
- com.authlete.common.dto.NativeSsoRequest
-
- All Implemented Interfaces:
Serializable
public class NativeSsoRequest extends Object implements Serializable
A request to Authlete's/nativesso
API.The API is expected to be called only when the value of the "
action
" parameter in a response from the/auth/token
API isNATIVE_SSO
. The purpose of the/nativesso
API is to generate a token response that includes a new, Native SSO-compliant ID token together with a new access token and an optional refresh token.To comply with the OpenID Connect Native SSO for Mobile Apps 1.0 specification, the generated ID token includes the
sid
andds_hash
claims. The session ID associated with the provided access token is used as the value of thesid
claim. The value of thedeviceSecretHash
request parameter is used as the value of theds_hash
claim. If thedeviceSecretHash
request parameter is omitted, the SHA-256 hash of thedeviceSecret
request parameter is computed, and the base64url-encoded string of that hash is used as the value of theds_hash
claim.The value of the
deviceSecret
request parameter is used as the value of thedevice_secret
property in the token response prepared by the/nativesso
API. Additionally, as mentioned above, if thedeviceSecretHash
request parameter is omitted, the value of thedeviceSecret
request parameter is used to compute the value of theds_hash
claim.- Since:
- 4.18, Authlete 3.0
- See Also:
- OpenID Connect Native SSO for Mobile Apps 1.0,
TokenResponse
,NativeSsoResponse
, Serialized Form
-
-
Constructor Summary
Constructors Constructor Description NativeSsoRequest()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getAccessToken()
Get the access token.String
getClaims()
Get additional claims that should be embedded in the payload part of the ID token.String
getDeviceSecret()
Get the device secret.String
getDeviceSecretHash()
Get the device secret hash.String
getIdtHeaderParams()
Get additional parameters that should be embedded in the JWS header of the ID token.String
getIdTokenAudType()
Get the type of the "aud
" claim of the ID token being issued.String
getRefreshToken()
Get the refresh token.String
getSub()
Get the value that should be used as the value of the "sub
" claim of the ID token.NativeSsoRequest
setAccessToken(String accessToken)
Set the access token.NativeSsoRequest
setClaims(String claims)
Set additional claims that should be embedded in the payload part of the ID token.NativeSsoRequest
setDeviceSecret(String deviceSecret)
Set the device secret.NativeSsoRequest
setDeviceSecretHash(String deviceSecretHash)
Set the device secret hash.NativeSsoRequest
setIdtHeaderParams(String params)
Set additional parameters that should be embedded in the JWS header of the ID token.NativeSsoRequest
setIdTokenAudType(String type)
Set the type of the "aud
" claim of the ID token being issued.NativeSsoRequest
setRefreshToken(String refreshToken)
Set the refresh token.NativeSsoRequest
setSub(String sub)
Set the value that should be used as the value of the "sub
" claim of the ID token.
-
-
-
Method Detail
-
getAccessToken
public String getAccessToken()
Get the access token.The value of this parameter should be (a) the value of the "
jwtAccessToken
" parameter in a response from the/auth/token
API when the value is available, or (b) the value of the "accessToken
" parameter in the response from the/auth/token
API when the value of the "jwtAccessToken
" parameter is not available.- Returns:
- The access token that has been newly issued as the
result of the
/auth/token
API call.
-
setAccessToken
public NativeSsoRequest setAccessToken(String accessToken)
Set the access token.The value of this parameter should be (a) the value of the "
jwtAccessToken
" parameter in a response from the/auth/token
API when the value is available, or (b) the value of the "accessToken
" parameter in the response from the/auth/token
API when the value of the "jwtAccessToken
" parameter is not available.- Parameters:
accessToken
- The access token that has been newly issued as the result of the/auth/token
API call.- Returns:
this
object.
-
getRefreshToken
public String getRefreshToken()
Get the refresh token.The value of this parameter should be the value of the "
refreshToken
" parameter in a response from the/auth/token
API.- Returns:
- The refresh token that has been prepared as the result
of the
/auth/token
API call. It may be a new refresh token or the same refresh token included in the token request, depending on the service configuration.
-
setRefreshToken
public NativeSsoRequest setRefreshToken(String refreshToken)
Set the refresh token.The value of this parameter should be the value of the "
refreshToken
" parameter in a response from the/auth/token
API.- Parameters:
refreshToken
- The refresh token that has been prepared as the result of the/auth/token
API call. It may be a new refresh token or the same refresh token included in the token request, depending on the service configuration.- Returns:
this
object.
-
getSub
public String getSub()
Get the value that should be used as the value of the "sub
" claim of the ID token.This parameter is optional. When omitted, the value of the subject associated with the access token is used.
- Returns:
- The value that should be used as the value of the "
sub
" claim of the ID token.
-
setSub
public NativeSsoRequest setSub(String sub)
Set the value that should be used as the value of the "sub
" claim of the ID token.This parameter is optional. When omitted, the value of the subject associated with the access token is used.
- Parameters:
sub
- The value that should be used as the value of the "sub
" claim of the ID token.- Returns:
this
object.
-
getClaims
public String getClaims()
Get additional claims that should be embedded in the payload part of the ID token. The format is a JSON object.This parameter is optional.
- Returns:
- Additional claims that should be embedded in the payload part of the ID token.
-
setClaims
public NativeSsoRequest setClaims(String claims)
Set additional claims that should be embedded in the payload part of the ID token. The format must be a JSON object.This parameter is optional.
- Parameters:
claims
- Additional claims that should be embedded in the payload part of the ID token.- Returns:
this
object.
-
getIdtHeaderParams
public String getIdtHeaderParams()
Get additional parameters that should be embedded in the JWS header of the ID token. The format is a JSON object.This parameter is optional.
- Returns:
- Additional parameters that should be embedded in the JWS header of the ID token.
-
setIdtHeaderParams
public NativeSsoRequest setIdtHeaderParams(String params)
Set additional parameters that should be embedded in the JWS header of the ID token. The format must be a JSON object.This parameter is optional.
- Parameters:
params
- Additional parameters that should be embedded in the JWS header of the ID token.- Returns:
this
object.
-
getIdTokenAudType
public String getIdTokenAudType()
Get the type of the "aud
" claim of the ID token being issued.Valid values of this parameter are as follows.
Value Description " array
"The type of the aud
claim becomes an array of strings." string
"The type of the aud
claim becomes a single string.This parameter is optional, and the default value on omission is "
array
".This parameter takes precedence over the
idTokenAudType
property ofService
(cf.Service.getIdTokenAudType()
).- Returns:
- The type of the
aud
claim of the ID token.
-
setIdTokenAudType
public NativeSsoRequest setIdTokenAudType(String type)
Set the type of the "aud
" claim of the ID token being issued.Valid values of this parameter are as follows.
Value Description " array
"The type of the aud
claim becomes an array of strings." string
"The type of the aud
claim becomes a single string.This parameter is optional, and the default value on omission is "
array
".This parameter takes precedence over the
idTokenAudType
property ofService
(cf.Service.getIdTokenAudType()
).- Parameters:
type
- The type of theaud
claim of the ID token.- Returns:
this
object.
-
getDeviceSecret
public String getDeviceSecret()
Get the device secret.The value of this parameter should be the value of the
deviceSecret
parameter in the response from the/auth/token
API, if the parameter is present. Otherwise, the authorization server should generate a new device secret and specify it as the value of this parameter.The specified device secret is included as the value of the
device_secret
property in the token response prepared by the/nativesso
API.Additionally, if the
deviceSecretHash
request parameter is omitted, the device secret is used to compute the value of theds_hash
claim. In this case, theds_hash
claim will be the base64url-encoded SHA-256 hash of the device secret.- Returns:
- The device secret.
-
setDeviceSecret
public NativeSsoRequest setDeviceSecret(String deviceSecret)
Set the device secret.The value of this parameter should be the value of the
deviceSecret
parameter in the response from the/auth/token
API, if the parameter is present. Otherwise, the authorization server should generate a new device secret and specify it as the value of this parameter.The specified device secret is included as the value of the
device_secret
property in the token response prepared by the/nativesso
API.Additionally, if the
deviceSecretHash
request parameter is omitted, the device secret is used to compute the value of theds_hash
claim. In this case, theds_hash
claim will be the base64url-encoded SHA-256 hash of the device secret.- Parameters:
deviceSecret
- The device secret.- Returns:
this
object.
-
getDeviceSecretHash
public String getDeviceSecretHash()
Get the device secret hash.The specified device secret hash is included as the value of the
ds_hash
claim in the ID token generated by the/nativesso
API.If the
deviceSecretHash
request parameter is omitted, the value of thedeviceSecret
request parameter is used to compute the hash.- Returns:
- The device secret hash.
-
setDeviceSecretHash
public NativeSsoRequest setDeviceSecretHash(String deviceSecretHash)
Set the device secret hash.The specified device secret hash is included as the value of the
ds_hash
claim in the ID token generated by the/nativesso
API.If the
deviceSecretHash
request parameter is omitted, the value of thedeviceSecret
request parameter is used to compute the hash.- Parameters:
deviceSecretHash
- The device secret hash.- Returns:
this
object.
-
-