Package com.authlete.common.dto

Class StandardIntrospectionRequest

  • All Implemented Interfaces:
    Serializable
    public class StandardIntrospectionRequest
extends Object
implements Serializable
    Request to Authlete's /api/auth/introspection/standard API. Note that the API and /api/auth/introspection API are different. /api/auth/introspection/standard API exists to help your authorization server provide its own introspection API which complies with RFC 7662 (OAuth 2.0 Token Introspection).
    parameters (REQUIRED)

    Request parameters which comply with the introspection request defined in "2.1. Introspection Request" in RFC 7662. The following is an example value of parameters. 

    token=pNj1h24a4geA_YHilxrshkRkxJDsyXBZWKp3hZ5ND7A&token_type_hint=access_token

    The implementation of the introspection endpoint of your authorization server will receive an HTTP POST [RFC 7231] request with parameters in the "application/x-www-form-urlencoded" format. It is the entity body of the request that Authlete's /api/auth/introspection/standard API expects as the value of parameters.

    withHiddenProperties (OPTIONAL)

    Flag indicating whether to include hidden properties in the output.

    Authlete has a mechanism whereby to associate arbitrary key-value pairs with an access token. Each key-value pair has a hidden attribute. By default, key-value pairs whose hidden attribute is true are not embedded in the standard introspection output.

    If the withHiddenProperties request parameter is given and its value is true, /api/auth/introspection/standard API includes all the associated key-value pairs into the output regardless of the value of the hidden attribute.

    rsUri (CONDITIONALLY REQUIRED)

    The URI of the resource server making the introspection request.

    If the rsUri request parameter is given and the token has audience values, Authlete checks if the value of the rsUri request parameter is contained in the audience values. If not contained, Authlete generates an introspection response with the active property set to false.

    The rsUri request parameter is required when the resource server requests a JWT introspection response, i.e., when the value of the httpAcceptHeader request parameter is set to "application/token-introspection+jwt".

    httpAcceptHeader (OPTIONAL)

    The value of the HTTP Accept header in the introspection request.

    If the value of the httpAcceptHeader request parameter is "application/token-introspection+jwt", Authlete generates a JWT introspection response. See " 4. Requesting a JWT Response" of " JWT Response for OAuth Token Introspection" for more details.

    introspectionSignAlg (OPTIONAL)

    The JWS alg algorithm for signing the introspection response. This parameter corresponds to introspection_signed_response_alg defined in " 6. Client Metadata" of "JWT Response for OAuth Token Introspection".

    The default value is RS256.

    introspectionEncryptionAlg (OPTIONAL)

    The JWE alg algorithm for encrypting the introspection response. This parameter corresponds to introspection_encrypted_response_alg defined in "6. Client Metadata" of "JWT Response for OAuth Token Introspection".

    If the introspectionEncryptionAlg request parameter is specified, Authlete generates a JWT introspection response encrypted with the algorithm by this property and the algorithm specified by the introspectionEncryptionEnc request parameter.

    introspectionEncryptionEnc (OPTIONAL)

    The JWE enc algorithm for encrypting the introspection response. This parameter corresponds to introspection_encrypted_response_enc defined in "6. Client Metadata" of "JWT Response for OAuth Token Introspection".

    The default value is A128CBC_HS256.

    sharedKeyForSign (CONDITIONALLY REQUIRED)

    The shared key for signing the introspection response with a symmetric algorithm.

    The sharedKeyForSign request parameter is required when the introspection response is requested to be signed with a symmetric algorithm.

    sharedKeyForEncryption (CONDITIONALLY REQUIRED)

    The shared key for encrypting the introspection response with a symmetric algorithm.

    The sharedKeyForEncryption request parameter is required when the introspection response is requested to be encrypted with a symmetric algorithm.

    publicKeyForEncryption (CONDITIONALLY REQUIRED)

    The public key for signing the introspection response with an asymmetric algorithm.

    The publicKeyForEncryption request parameter is required when the introspection response is requested to be encrypted with an asymmetric algorithm.

    Since:
    2.7
    Author:
    Takahiko Kawasaki, Hideki Ikeda
    See Also:
    RFC 7662, OAuth 2.0 Token Introspection, JWT Response for OAuth Token Introspection, StandardIntrospectionResponse, AuthleteApi.standardIntrospection(StandardIntrospectionRequest), Serialized Form

    • Constructor Detail

      • StandardIntrospectionRequest

        public StandardIntrospectionRequest()

    • Method Detail

      • getParameters

        public String getParameters()
        Get the value of parameters that represents the request parameters which the introspection endpoint of the authorization server received.
        Returns:
        Request parameters which comply with RFC 7662. For example, " token=pNj1h24a4geA_YHilxrshkRkxJDsyXBZWKp3hZ5ND7A".

      • setParameters

        public StandardIntrospectionRequest setParameters​(String parameters)
        Set the value of parameters that represents the request parameters which the introspection endpoint of the authorization server received.
        Parameters:
        parameters - Request parameters which comply with RFC 7662. For example, " token=pNj1h24a4geA_YHilxrshkRkxJDsyXBZWKp3hZ5ND7A".
        Returns:
        this object.

      • isWithHiddenProperties

        public boolean isWithHiddenProperties()
        Get the flag which indicates whether to include hidden properties associated with the token in the output.

        Authlete has a mechanism whereby to associate arbitrary key-value pairs with an access token. Each key-value pair has a hidden attribute. By default, key-value pairs whose hidden attribute is true are not embedded in the standard introspection output.

        If the withHiddenProperties request parameter is given and its value is true, /api/auth/introspection/standard API includes all the associated key-value pairs into the output regardless of the value of the hidden attribute.

        Returns:
        true if hidden properties are included in the output.
        Since:
        2.83

      • setWithHiddenProperties

        public StandardIntrospectionRequest setWithHiddenProperties​(boolean with)
        Set the flag which indicates whether to include hidden properties associated with the token in the output.

        See the description of isWithHiddenProperties() for details.

        Parameters:
        with - true to include hidden properties in the output.
        Returns:
        this object.
        Since:
        2.83

      • getRsUri

        public URI getRsUri()
        Get the URI of the resource server making the introspection request.
        Returns:
        The URI of the resource server making the introspection request.
        Since:
        3.76, Authlete 3.0

      • setRsUri

        public StandardIntrospectionRequest setRsUri​(URI uri)
        Set the URI of the resource server making the introspection request.
        Parameters:
        rsUri - The URI of the resource server making the introspection request.
        Returns:
        this object.
        Since:
        3.76, Authlete 3.0

      • getHttpAcceptHeader

        public String getHttpAcceptHeader()
        Get the value of the HTTP Accept header in the introspection request.
        Returns:
        The value of the HTTP Accept header in the introspection request.
        Since:
        3.76, Authlete 3.0

      • setHttpAcceptHeader

        public StandardIntrospectionRequest setHttpAcceptHeader​(String header)
        Set the value of the HTTP Accept header in the introspection request.
        Parameters:
        header - The value of the HTTP Accept header in the introspection request.
        Returns:
        this object.
        Since:
        3.76, Authlete 3.0

      • getSharedKeyForSign

        public String getSharedKeyForSign()
        Get the shared key for signing the introspection response with a symmetric algorithm.
        Returns:
        The shared key for signing the introspection response with a symmetric algorithm.
        Since:
        3.76, Authlete 3.0
        See Also:
        JWT Response for OAuth Token Introspection

      • setSharedKeyForSign

        public StandardIntrospectionRequest setSharedKeyForSign​(String key)
        Set the shared key for signing the introspection response with a symmetric algorithm.
        Parameters:
        key - The shared key for signing the introspection response with a symmetric algorithm.
        Returns:
        this object.
        Since:
        3.76, Authlete 3.0
        See Also:
        JWT Response for OAuth Token Introspection

      • getSharedKeyForEncryption

        public String getSharedKeyForEncryption()
        Get the shared key for encrypting the introspection response with a symmetric algorithm.
        Returns:
        The shared key for encrypting the introspection response with a symmetric algorithm.
        Since:
        3.76, Authlete 3.0
        See Also:
        JWT Response for OAuth Token Introspection

      • setSharedKeyForEncryption

        public StandardIntrospectionRequest setSharedKeyForEncryption​(String key)
        Set the shared key for encrypting the introspection response with a symmetric algorithm.
        Parameters:
        key - The shared key for encrypting the introspection response with a symmetric algorithm.
        Returns:
        this object.
        Since:
        3.76, Authlete 3.0
        See Also:
        JWT Response for OAuth Token Introspection

      • getPublicKeyForEncryption

        public String getPublicKeyForEncryption()
        Get the public key for encrypting the introspection response with an asymmetric algorithm.
        Returns:
        The public key for encrypting the introspection response with an asymmetric algorithm.
        Since:
        3.76, Authlete 3.0
        See Also:
        JWT Response for OAuth Token Introspection

      • setPublicKeyForEncryption

        public StandardIntrospectionRequest setPublicKeyForEncryption​(String key)
        Set the public key for encrypting the introspection response with an asymmetric algorithm.
        Parameters:
        key - The public key for encrypting the introspection response with an asymmetric algorithm.
        Returns:
        this object.
        Since:
        3.76, Authlete 3.0
        See Also:
        JWT Response for OAuth Token Introspection