Package com.authlete.common.dto

Class UserInfoIssueRequest

  • All Implemented Interfaces:
    Serializable
    public class UserInfoIssueRequest
extends Object
implements Serializable
    Request to Authlete's /auth/userinfo/issue API.
    token (REQUIRED)

    The access token that has been passed to the service's userinfo endpoint by the client application. In other words, the access token which was contained in the userinfo request.

    claims (OPTIONAL)

    Claims in JSON format. As for the format, see setClaims(String) and "OpenID Connect Core 1.0, 5.1. Standard Claims".

    sub (OPTIONAL)

    The value of the sub claim. If the value of this request parameter is not empty, it is used as the value of the 'sub' claim. Otherwise, the value of the subject associated with the access token is used.

    claimsForTx (OPTIONAL; Authlete 2.3 onwards)

    Claim data that are referenced when Authlete computes values of transformed claims. See the description of setClaimsForTx(String) for details.

    verifiedClaimsForTx (OPTIONAL; Authlete 2.3 onwards)

    Verified claim data that are referenced when Authlete computes values of transformed claims. See the description of setVerifiedClaimsForTx(String[]) for details.

    requestSignature (REQUIRED; Authlete 2.3 onwards)

    The Signature header value from the request to the RS. All signatures in this header will be included in the output signature.

    headers (REQUIRED; Authlete 2.3 onwards)

    The HTTP response headers, all will be included in the output signature.

    Author:
    Takahiko Kawasaki
    See Also:
    Serialized Form

    • Constructor Detail

      • UserInfoIssueRequest

        public UserInfoIssueRequest()

    • Method Detail

      • getToken

        public String getToken()
        Get the access token which has come along with the userinfo request from the client application.

      • setToken

        public UserInfoIssueRequest setToken​(String token)
        Set the access token which has been issued by Authlete. The access token is the one that has come along with the userinfo request from the client application.

      • getClaims

        public String getClaims()
        Get the claims of the subject in JSON format.
        Returns:
        The claims of the subject in JSON format. See the description of setClaims(String) for details about the format.
        See Also:
        setClaims(String)

      • setClaims

        public UserInfoIssueRequest setClaims​(String claims)
        Set the claims of the subject in JSON format.

        The service implementation is required to retrieve claims of the subject (= information about the end-user) from its database and format them in JSON format.

        For example, if "given_name" claim, "family_name" claim and "email" claim are requested, the service implementation should generate a JSON object like the following: 

         {
   "given_name": "Takahiko",
   "family_name": "Kawasaki",
   "email": "takahiko.kawasaki@example.com"
 }

        and set its String representation by this method.

        See OpenID Connect Core 1.0, 5.1. Standard Claims for further details about the format.

        Parameters:
        claims - The claims of the subject in JSON format.
        Returns:
        this object.
        See Also:
        OpenID Connect Core 1.0, 5.1. Standard Claims

      • setClaims

        public UserInfoIssueRequest setClaims​(Map<String,​Object> claims)
        Set the value of "claims" which is the claims of the subject. The argument is converted into a JSON string and passed to setClaims(String) method.
        Parameters:
        claims - The claims of the subject. Keys are claim names.
        Returns:
        this object.
        Since:
        1.24

      • getSub

        public String getSub()
        Get the value of the sub claim. If this method returns a non-empty value, it is used as the value of the 'sub' claim. Otherwise, the value of the subject associated with the access token is used.
        Returns:
        The value of the sub claim.
        Since:
        1.35

      • setSub

        public UserInfoIssueRequest setSub​(String sub)
        Set the value of the sub claim. If a non-empty value is given, it is used as the value of the 'sub' claim. Otherwise, the value of the subject associated with the access token is used.
        Parameters:
        sub - The value of the sub claim.
        Returns:
        this object.
        Since:
        1.35

      • setClaimsForTx

        public UserInfoIssueRequest setClaimsForTx​(String claims)
        Set values of claims requested indirectly by "transformed claims".

        A client application may request "transformed claims". Each of transformed claims uses an existing claim as input. As a result, to compute the value of a transformed claim, the value of the referenced existing claim is needed. This claimsForTx request parameter has to be used to provide values of existing claims for computation of transformed claims.

        A response from the /api/auth/userinfo API may include the requestedClaimsForTx response parameter which is a list of claims that are referenced indirectly by transformed claims (cf. UserInfoResponse.getRequestedClaimsForTx()). The authorization server implementation should prepare values of the claims listed in requestedClaimsForTx and pass them as the value of this claimsForTx request parameter.

        The following is an example of the value of this request parameter. 

         {
   "birthdate": "1970-01-23",
   "nationalities": [ "DEU", "USA" ]
 }

        This request parameter (claimsForTx) is recognized by Authlete 2.3 onwards.

        Parameters:
        claims - Values of claims requested indirectly by "transformed claims". The format is JSON.
        Returns:
        this object.
        Since:
        3.8
        See Also:
        OpenID Connect Advanced Syntax for Claims (ASC) 1.0, UserInfoResponse.getRequestedClaimsForTx()

      • setClaimsForTx

        public UserInfoIssueRequest setClaimsForTx​(Map<String,​Object> claims)
        Set the value of "claimsForTx" which is the claims of the subject. The argument is converted into a JSON string and passed to setClaimsForTx(String) method.
        Parameters:
        claims - The claims of the subject. Keys are claim names.
        Returns:
        this object.
        Since:
        3.9

      • setVerifiedClaimsForTx

        public UserInfoIssueRequest setVerifiedClaimsForTx​(String[] claims)
        Set values of verified claims requested indirectly by "transformed claims".

        A client application may request "transformed claims". Each of transformed claims uses an existing claim as input. As a result, to compute the value of a transformed claim, the value of the referenced existing claim is needed. This verifiedClaimsForTx request parameter has to be used to provide values of existing claims for computation of transformed claims.

        A response from the /api/auth/userinfo API may include the requestedVerifiedClaimsForTx response parameter which is a list of verified claims that are referenced indirectly by transformed claims (cf. UserInfoResponse.getRequestedVerifiedClaimsForTx()). The authorization server implementation should prepare values of the verified claims listed in requestedVerifiedClaimsForTx and pass them as the value of this verifiedClaimsForTx request parameter.

        The following is an example of the value of this request parameter. 

         [
   "{\"birthdate\":\"1970-01-23\",\"nationalities\":[\"DEU\",\"USA\"]}"
 ]

        The reason that this verifiedClaimsForTx property is an array is that the "verified_claims" property in the claims request parameter of an authorization request can be an array like below. 

         {
   "transformed_claims": {
     "nationality_usa": {
       "claim": "nationalities",
       "fn": [
         [ "eq", "USA" ],
         "any"
       ]
     }
   },
   "userinfo": {
     "verified_claims": [
       {
         "verification": { "trust_framework": { "value": "gold" } },
         "claims": { "::18_or_above": null }
       },
       {
         "verification": { "trust_framework": { "value": "silver" } },
         "claims": { ":nationality_usa": null }
       }
     ]
   }
 }

        For the example above, the value of this verifiedClaimsForTx property should be an array of size 2 and look like below. The first element is JSON including claims which have been verified under the trust framework "gold", and the second element is JSON including claims which have been verified under the trust framework "silver". 

         [
   "{\"birthdate\":\"1970-01-23\"}",
   "{\"nationalities\":[\"DEU\",\"USA\"]}"
 ]

        This request parameter (verifiedClaimsForTx) is recognized by Authlete 2.3 onwards.

        Parameters:
        claims - Values of verified claims requested indirectly by "transformed claims". The format of elements in the array is JSON.
        Returns:
        this object.
        Since:
        3.8
        See Also:
        OpenID Connect Advanced Syntax for Claims (ASC) 1.0, OpenID Connect for Identity Assurance 1.0, UserInfoResponse.getRequestedVerifiedClaimsForTx()

      • setVerifiedClaimsForTx

        public UserInfoIssueRequest setVerifiedClaimsForTx​(List<Map<String,​Object>> list)
        Set the value of "verifiedClaimsForTx" which is the verified claims of the subject. Each element in the given list is converted to a JSON string and a newly created string array containing the converted elements is passed to setVerifiedClaimsForTx(String[]).
        Parameters:
        list - List of clusters of verified claims.
        Returns:
        this object.
        Since:
        3.9

      • getRequestSignature

        public String getRequestSignature()
        Get the Signature header value from the request. All signatures in this header will be included in the output signature.
        Returns:
        The formatted Signature header value.
        Since:
        3.38, Authlete 2.3

      • setRequestSignature

        public UserInfoIssueRequest setRequestSignature​(String signature)
        Set the Signature header value from the request. All signatures in this header will be included in the output signature.
        Returns:
        this object.
        Since:
        3.38, Authlete 2.3

      • getHeaders

        public Pair[] getHeaders()
        Get the HTTP response headers, all will be included in the signature. The name of the header is the key of the entry and the value of the header is the value of the entry.
        Returns:
        The response headers.
        Since:
        3.38, Authlete 2.3

      • setHeaders

        public UserInfoIssueRequest setHeaders​(Pair[] headers)
        Set the HTTP response headers, all will be included in the signature. The name of the header is the key of the entry and the value of the header is the value of the entry.
        Returns:
        this object.
        Since:
        3.38, Authlete 2.3