Package com.authlete.common.dto

Class PushedAuthReqResponse

  • All Implemented Interfaces:
    Serializable
    public class PushedAuthReqResponse
extends ApiResponse
    Response from Authlete's /api/pushed_auth_req API.

    Authlete's /api/pushed_auth_req API returns JSON which can be mapped to this class. The authorization server implementation should retrieve the value of action from the response and take the following steps according to the value.

    CREATED

    When the value of action is CREATED, it means that the authorization request has been registered successfully.

    The authorization server implementation should generate a response to the client application with 201 Created and application/json.

    The getResponseContent() method returns a JSON string which can be used as the entity body of the response.

    The following illustrates the response which the authorization server implementation should generate and return to the client application. 

     HTTP/1.1 201 Created
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

    BAD_REQUEST

    When the value of action is BAD_REQUEST, it means that the request was wrong.

    The authorization server implementation should generate a response to the client application with 400 Bad Request and application/json.

    The getResponseContent() method returns a JSON string which describes the error, so it can be used as the entity body of the response.

    The following illustrates the response which the authorization server implementation should generate and return to the client application. 

     HTTP/1.1 400 Bad Request
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

    UNAUTHORIZED

    When the value of action is UNAUTHORIZED, it means that client authentication of the request failed.

    The authorization server implementation should generate a response to the client application with 401 Unauthorized and application/json.

    The getResponseContent() method returns a JSON string which describes the error, so it can be used as the entity body of the response.

    The following illustrates the response which the authorization server implementation should generate and return to the client application. 

     HTTP/1.1 401 Unauthorized
 WWW-Authenticate: (challenge)
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

    FORBIDDEN

    When the value of action is FORBIDDEN, it means that the client application is not allowed to use the pushed authorization request endpoint.

    The authorization server implementation should generate a response to the client application with 403 Forbidden and application/json.

    The getResponseContent() method returns a JSON string which describes the error, so it can be used as the entity body of the response.

    The following illustrates the response which the authorization server implementation should generate and return to the client application. 

     HTTP/1.1 403 Forbidden
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

    PAYLOAD_TOO_LARGE

    When the value of action is PAYLOAD_TOO_LARGE, it means that the size of the pushed authorization request is too large.

    The authorization server implementation should generate a response to the client application with 413 Payload Too Large and application/json.

    The getResponseContent() method returns a JSON string which describes the error, so it can be used as the entity body of the response.

    The following illustrates the response which the authorization server implementation should generate and return to the client application. 

     HTTP/1.1 413 Payload Too Large
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

    INTERNAL_SERVER_ERROR

    When the value of action is INTERNAL_SERVER_ERROR, it means that the API call from the authorization server implementation was wrong or that an error occurred in Authlete.

    In either case, from a viewpoint of the client application, it is an error on the server side. Therefore, the authorization server implementation should generate a response to the client application with 500 Internal Server Error and application/json.

    The getResponseContent() method returns a JSON string which describes the error, so it can be used as the entity body of the response.

    The following illustrates the response which the authorization server implementation should generate and return to the client application. 

     HTTP/1.1 500 Internal Server Error
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

    However, it is up to the authorization server's policy whether to return 500 actually.


    DPoP Nonce (Authlete 3.0 onwards)

    Since version 3.0, Authlete recognizes the nonce claim in DPoP proof JWTs. If the nonce claim is required (= if the service's dpopNonceRequired property is true, or the value of the dpopNonceRequired request parameter passed to the Authlete API is true), the Authlete API checks whether the nonce claim in the presented DPoP proof JWT is identical to the expected value.

    If the dpopNonce response parameter from the API is not null, its value is the expected nonce value for DPoP proof JWT. The expected value needs to be conveyed to the client application as the value of the DPoP-Nonce HTTP header. 

    DPoP-Nonce: (The value returned from getDpopNonce())

    See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.

    Since:
    2.51
    See Also:
    Serialized Form

    • Constructor Detail

      • PushedAuthReqResponse

        public PushedAuthReqResponse()

    • Method Detail

      • getAction

        public PushedAuthReqResponse.Action getAction()
        Get the next action that the authorization server should take.
        Returns:
        The action.

      • getResponseContent

        public String getResponseContent()
        Get the response content which can be used as the entity body of the response returned to the client application.
        Returns:
        The response content string.

      • setResponseContent

        public PushedAuthReqResponse setResponseContent​(String responseContent)
        Set the response content which can be used as the entity body of the response returned to the client application.
        Parameters:
        responseContent - The response content string.
        Returns:
        this object.

      • getClientAuthMethod

        public ClientAuthMethod getClientAuthMethod()
        Get the client authentication method that should be performed at the pushed authorization request endpoint.

        If the client could not be identified by the information in the request, this method returns null.

        Returns:
        The client authentication method that should be performed at the pushed authorization request endpoint.

      • setClientAuthMethod

        public PushedAuthReqResponse setClientAuthMethod​(ClientAuthMethod method)
        Set the client authentication method that should be performed at the pushed authorization request endpoint.
        Parameters:
        method - The client authentication method that should be performed at the pushed authorization request endpoint.
        Returns:
        this object.

      • getRequestUri

        public URI getRequestUri()
        Get the request URI created to represent the pushed authorization request. This can be sent by the client as the 'request_uri' parameter in an authorization request.
        Returns:
        The registered request URI.

      • setRequestUri

        public PushedAuthReqResponse setRequestUri​(URI uri)
        Set the request URI created to represent the pushed authorization request.
        Parameters:
        uri - The registered request URI.
        Returns:
        this object.

      • getDpopNonce

        public String getDpopNonce()
        Get the expected nonce value for DPoP proof JWT, which should be used as the value of the DPoP-Nonce HTTP header.

        When this response parameter is not null, the implementation of the PAR endpoint should add the DPoP-Nonce HTTP header in the response from the endpoint to the client application, using the value of this response parameter as the value of the HTTP header. 

         DPoP-Nonce: (The value of this dpopNonce response parameter)
        Returns:
        The expected nonce value for DPoP proof JWT.
        Since:
        3.82, Authlete 3.0
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)

      • setDpopNonce

        public PushedAuthReqResponse setDpopNonce​(String dpopNonce)
        Set the expected nonce value for DPoP proof JWT, which should be used as the value of the DPoP-Nonce HTTP header.

        When this response parameter is not null, the implementation of the PAR endpoint should add the DPoP-Nonce HTTP header in the response from the endpoint to the client application, using the value of this response parameter as the value of the HTTP header. 

         DPoP-Nonce: (The value of this dpopNonce response parameter)
        Parameters:
        dpopNonce - The expected nonce value for DPoP proof JWT.
        Returns:
        this object.
        Since:
        3.82, Authlete 3.0
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)

      • summarize

        public String summarize()
        Get the summary of this instance.