Package com.authlete.common.dto

Class PushedAuthReqRequest

  • All Implemented Interfaces:
    Serializable
    public class PushedAuthReqRequest
extends Object
implements Serializable
    Request to Authlete's /api/pushed_auth_req API.

    The authorization server can implement a pushed authorization request endpoint which is defined in "OAuth 2.0 Pushed Authorization Requests" by using the Authlete API.

    Request parameters to the API are as follows.

    parameters (REQUIRED)

    Request parameters that the pushed authorization request endpoint of the authorization server implementation received from the client application. Its format is application/x-www-form-urlencoded.

    clientId (OPTIONAL)

    The client ID extracted from the Authorization header of the request to the pushed authorization request endpoint.

    If the pushed authorization request endpoint of the authorization server implementation supports Basic Authentication as a means of client authentication, and the request from the client application contained its client ID in the Authorization header, the value should be extracted and set to this parameter.

    clientSecret (OPTIONAL)

    The client secret extracted from the Authorization header of the request to the pushed authorization request endpoint.

    If the pushed authorization request endpoint of the authorization server implementation supports Basic Authentication as a means of client authentication, and the request from the client application contained its client secret in the Authorization header, the value should be extracted and set to this parameter.

    clientCertificate (OPTIONAL)

    The client certificate used in the TLS connection between the client application and the pushed authorization request endpoint of the authorization server.

    clientCertificatePath (OPTIONAL)

    The client certificate path presented by the client during client authentication. Each element is a string in PEM format.

    dpop (OPTIONAL)

    The value of the DPoP HTTP header. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.

    htm (OPTIONAL)

    The HTTP method of the PAR request. In normal cases, the value is "POST". When this parameter is omitted, "POST" is used as the default value. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.

    htu (OPTIONAL)

    The URL of the PAR endpoint, without query or path components. If omitted, the pushedAuthReqEndpoint property of Service is used as the default value. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.

    dpopNonceRequired (OPTIONAL; Authlete 3.0 onwards)

    The flag indicating whether to require the DPoP proof JWT to include the nonce claim. Even if the service's dpopNonceRequired property is false, calling the /pushed_auth_req API with this dpopNonceRequired parameter true will force the Authlete API to check whether the DPoP proof JWT includes the expected nonce value.

    oauthClientAttestation (OPTIONAL; Authlete 3.0 onwards)

    The value of the OAuth-Client-Attestation HTTP header, which is defined in the specification of OAuth 2.0 Attestation-Based Client Authentication.

    oauthClientAttestationPop (OPTIONAL; Authlete 3.0 onwards)

    The value of the OAuth-Client-Attestation-PoP HTTP header, which is defined in the specification of OAuth 2.0 Attestation-Based Client Authentication.

    Since:
    2.51
    See Also:
    Serialized Form

    • Constructor Detail

      • PushedAuthReqRequest

        public PushedAuthReqRequest()

    • Method Detail

      • getParameters

        public String getParameters()
        Get the request parameters that the pushed authorization request endpoint received from the client application.
        Returns:
        Request parameters in application/x-www-form-urlencoded format.

      • setParameters

        public PushedAuthReqRequest setParameters​(String parameters)
        Set the request parameters that the pushed authorization request endpoint received from the client application.
        Parameters:
        parameters - Request parameters in application/x-www-form-urlencoded format.
        Returns:
        this object.

      • getClientId

        public String getClientId()
        Get the client ID extracted from the Authorization header of the request to the pushed authorization request endpoint.
        Returns:
        The client ID.

      • setClientId

        public PushedAuthReqRequest setClientId​(String clientId)
        Set the client ID extracted from the Authorization header of the request to the pushed authorization request endpoint.
        Parameters:
        clientId - The client ID.
        Returns:
        this object.

      • getClientSecret

        public String getClientSecret()
        Get the client secret extracted from the Authorization header of the request to the pushed authorization request endpoint.
        Returns:
        The client secret.

      • setClientSecret

        public PushedAuthReqRequest setClientSecret​(String clientSecret)
        Set the client secret extracted from the Authorization header of the request to the pushed authorization request endpoint.
        Parameters:
        clientSecret - The client secret.
        Returns:
        this object.

      • getClientCertificate

        public String getClientCertificate()
        Get the client certificate used in the TLS connection between the client application and the pushed authorization request endpoint.
        Returns:
        The client certificate.

      • setClientCertificate

        public PushedAuthReqRequest setClientCertificate​(String certificate)
        Set the client certificate used in the TLS connection between the client application and the pushed authorization request endpoint.
        Parameters:
        certificate - The client certificate.
        Returns:
        this object.

      • getClientCertificatePath

        public String[] getClientCertificatePath()
        Get the client certificate path presented by the client during client authentication.
        Returns:
        The client certificate path. Each element is a string in PEM format.

      • setClientCertificatePath

        public PushedAuthReqRequest setClientCertificatePath​(String[] path)
        Set the client certificate path presented by the client during client authentication.
        Parameters:
        path - The client certificate path.
        Returns:
        this object.

      • isDpopNonceRequired

        public boolean isDpopNonceRequired()
        Get the flag indicating whether to check if the DPoP proof JWT includes the expected nonce value.

        If this request parameter is true or if the service's dpopNonceRequired property (Service.isDpopNonceRequired()) is true, the /pushed_auth_req API checks if the DPoP proof JWT includes the expected nonce value. In this case, the response from the /pushed_auth_req API will include the dpopNonce response parameter, which should be used as the value of the DPoP-Nonce HTTP header.

        Returns:
        true if the /pushed_auth_req API checks whether the DPoP proof JWT includes the expected nonce value, even if the service's dpopNonceRequired property is false.
        Since:
        3.82, Authlete 3.0
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)

      • setDpopNonceRequired

        public PushedAuthReqRequest setDpopNonceRequired​(boolean required)
        Set the flag indicating whether to check if the DPoP proof JWT includes the expected nonce value.

        If this request parameter is true or if the service's dpopNonceRequired property (Service.isDpopNonceRequired()) is true, the /pushed_auth_req API checks if the DPoP proof JWT includes the expected nonce value. In this case, the response from the /pushed_auth_req API will include the dpopNonce response parameter, which should be used as the value of the DPoP-Nonce HTTP header.

        Parameters:
        required - true to have the /pushed_auth_req API check whether the DPoP proof JWT includes the expected nonce value, even if the service's dpopNonceRequired property is false.
        Returns:
        this object.
        Since:
        3.82, Authlete 3.0
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)

      • getOauthClientAttestation

        public String getOauthClientAttestation()
        Get the value of the OAuth-Client-Attestation HTTP header.
        Returns:
        The value of the OAuth-Client-Attestation HTTP header.
        Since:
        4.3, Authlete 3.0
        See Also:
        OAuth 2.0 Attestation-Based Client Authentication

      • getOauthClientAttestationPop

        public String getOauthClientAttestationPop()
        Get the value of the OAuth-Client-Attestation-PoP HTTP header.
        Returns:
        The value of the OAuth-Client-Attestation-PoP HTTP header.
        Since:
        4.3, Authlete 3.0
        See Also:
        OAuth 2.0 Attestation-Based Client Authentication