Package com.authlete.common.dto

Class NativeSsoRequest

  • All Implemented Interfaces:
    Serializable
    public class NativeSsoRequest
extends Object
implements Serializable
    A request to Authlete's /nativesso API.

    The API is expected to be called only when the value of the "action" parameter in a response from the /auth/token API is NATIVE_SSO. The purpose of the /nativesso API is to generate a token response that includes a new, Native SSO-compliant ID token together with a new access token and an optional refresh token.

    To comply with the OpenID Connect Native SSO for Mobile Apps 1.0 specification, the generated ID token includes the sid and ds_hash claims. The session ID associated with the provided access token is used as the value of the sid claim. The value of the deviceSecretHash request parameter is used as the value of the ds_hash claim. If the deviceSecretHash request parameter is omitted, the SHA-256 hash of the deviceSecret request parameter is computed, and the base64url-encoded string of that hash is used as the value of the ds_hash claim.

    The value of the deviceSecret request parameter is used as the value of the device_secret property in the token response prepared by the /nativesso API. Additionally, as mentioned above, if the deviceSecretHash request parameter is omitted, the value of the deviceSecret request parameter is used to compute the value of the ds_hash claim.

    Since:
    4.18, Authlete 3.0
    See Also:
    OpenID Connect Native SSO for Mobile Apps 1.0, TokenResponse, NativeSsoResponse, Serialized Form

    • Constructor Detail

      • NativeSsoRequest

        public NativeSsoRequest()

    • Method Detail

      • getAccessToken

        public String getAccessToken()
        Get the access token.

        The value of this parameter should be (a) the value of the "jwtAccessToken" parameter in a response from the /auth/token API when the value is available, or (b) the value of the "accessToken" parameter in the response from the /auth/token API when the value of the "jwtAccessToken" parameter is not available.

        Returns:
        The access token that has been newly issued as the result of the /auth/token API call.

      • setAccessToken

        public NativeSsoRequest setAccessToken​(String accessToken)
        Set the access token.

        The value of this parameter should be (a) the value of the "jwtAccessToken" parameter in a response from the /auth/token API when the value is available, or (b) the value of the "accessToken" parameter in the response from the /auth/token API when the value of the "jwtAccessToken" parameter is not available.

        Parameters:
        accessToken - The access token that has been newly issued as the result of the /auth/token API call.
        Returns:
        this object.

      • getRefreshToken

        public String getRefreshToken()
        Get the refresh token.

        The value of this parameter should be the value of the "refreshToken" parameter in a response from the /auth/token API.

        Returns:
        The refresh token that has been prepared as the result of the /auth/token API call. It may be a new refresh token or the same refresh token included in the token request, depending on the service configuration.

      • setRefreshToken

        public NativeSsoRequest setRefreshToken​(String refreshToken)
        Set the refresh token.

        The value of this parameter should be the value of the "refreshToken" parameter in a response from the /auth/token API.

        Parameters:
        refreshToken - The refresh token that has been prepared as the result of the /auth/token API call. It may be a new refresh token or the same refresh token included in the token request, depending on the service configuration.
        Returns:
        this object.

      • getSub

        public String getSub()
        Get the value that should be used as the value of the "sub" claim of the ID token.

        This parameter is optional. When omitted, the value of the subject associated with the access token is used.

        Returns:
        The value that should be used as the value of the "sub" claim of the ID token.

      • setSub

        public NativeSsoRequest setSub​(String sub)
        Set the value that should be used as the value of the "sub" claim of the ID token.

        This parameter is optional. When omitted, the value of the subject associated with the access token is used.

        Parameters:
        sub - The value that should be used as the value of the "sub" claim of the ID token.
        Returns:
        this object.

      • getClaims

        public String getClaims()
        Get additional claims that should be embedded in the payload part of the ID token. The format is a JSON object.

        This parameter is optional.

        Returns:
        Additional claims that should be embedded in the payload part of the ID token.

      • setClaims

        public NativeSsoRequest setClaims​(String claims)
        Set additional claims that should be embedded in the payload part of the ID token. The format must be a JSON object.

        This parameter is optional.

        Parameters:
        claims - Additional claims that should be embedded in the payload part of the ID token.
        Returns:
        this object.

      • getIdtHeaderParams

        public String getIdtHeaderParams()
        Get additional parameters that should be embedded in the JWS header of the ID token. The format is a JSON object.

        This parameter is optional.

        Returns:
        Additional parameters that should be embedded in the JWS header of the ID token.

      • setIdtHeaderParams

        public NativeSsoRequest setIdtHeaderParams​(String params)
        Set additional parameters that should be embedded in the JWS header of the ID token. The format must be a JSON object.

        This parameter is optional.

        Parameters:
        params - Additional parameters that should be embedded in the JWS header of the ID token.
        Returns:
        this object.

      • getIdTokenAudType

        public String getIdTokenAudType()
        Get the type of the "aud" claim of the ID token being issued.

        Valid values of this parameter are as follows.

        Value Description
        "array" The type of the aud claim becomes an array of strings.
        "string" The type of the aud claim becomes a single string.

        This parameter is optional, and the default value on omission is "array".

        This parameter takes precedence over the idTokenAudType property of Service (cf. Service.getIdTokenAudType()).

        Returns:
        The type of the aud claim of the ID token.

      • setIdTokenAudType

        public NativeSsoRequest setIdTokenAudType​(String type)
        Set the type of the "aud" claim of the ID token being issued.

        Valid values of this parameter are as follows.

        Value Description
        "array" The type of the aud claim becomes an array of strings.
        "string" The type of the aud claim becomes a single string.

        This parameter is optional, and the default value on omission is "array".

        This parameter takes precedence over the idTokenAudType property of Service (cf. Service.getIdTokenAudType()).

        Parameters:
        type - The type of the aud claim of the ID token.
        Returns:
        this object.

      • getDeviceSecret

        public String getDeviceSecret()
        Get the device secret.

        The value of this parameter should be the value of the deviceSecret parameter in the response from the /auth/token API, if the parameter is present. Otherwise, the authorization server should generate a new device secret and specify it as the value of this parameter.

        The specified device secret is included as the value of the device_secret property in the token response prepared by the /nativesso API.

        Additionally, if the deviceSecretHash request parameter is omitted, the device secret is used to compute the value of the ds_hash claim. In this case, the ds_hash claim will be the base64url-encoded SHA-256 hash of the device secret.

        Returns:
        The device secret.

      • setDeviceSecret

        public NativeSsoRequest setDeviceSecret​(String deviceSecret)
        Set the device secret.

        The value of this parameter should be the value of the deviceSecret parameter in the response from the /auth/token API, if the parameter is present. Otherwise, the authorization server should generate a new device secret and specify it as the value of this parameter.

        The specified device secret is included as the value of the device_secret property in the token response prepared by the /nativesso API.

        Additionally, if the deviceSecretHash request parameter is omitted, the device secret is used to compute the value of the ds_hash claim. In this case, the ds_hash claim will be the base64url-encoded SHA-256 hash of the device secret.

        Parameters:
        deviceSecret - The device secret.
        Returns:
        this object.

      • getDeviceSecretHash

        public String getDeviceSecretHash()
        Get the device secret hash.

        The specified device secret hash is included as the value of the ds_hash claim in the ID token generated by the /nativesso API.

        If the deviceSecretHash request parameter is omitted, the value of the deviceSecret request parameter is used to compute the hash.

        Returns:
        The device secret hash.

      • setDeviceSecretHash

        public NativeSsoRequest setDeviceSecretHash​(String deviceSecretHash)
        Set the device secret hash.

        The specified device secret hash is included as the value of the ds_hash claim in the ID token generated by the /nativesso API.

        If the deviceSecretHash request parameter is omitted, the value of the deviceSecret request parameter is used to compute the hash.

        Parameters:
        deviceSecretHash - The device secret hash.
        Returns:
        this object.