Package com.authlete.common.dto

Class UserInfoIssueResponse

java.lang.Object

com.authlete.common.dto.ApiResponse

com.authlete.common.dto.UserInfoIssueResponse

All Implemented Interfaces:

Serializable

public class UserInfoIssueResponse
extends ApiResponse

Response from Authlete's /auth/userinfo/issue API.

Authlete's /auth/userinfo/issue API returns JSON which can be mapped to this class. The service implementation should retrieve the value of "action" from the response and take the following steps according to the value.

INTERNAL_SERVER_ERROR

When the value of "action" is "INTERNAL_SERVER_ERROR", it means that the request from the service implementation was wrong or that an error occurred in Authlete.

In either case, from the viewpoint of the client application, it is an error on the server side. Therefore, the service implementation should generate a response to the client application with the HTTP status of "500 Internal Server Error".

getResponseContent() returns a string which describes the error in the format of RFC 6750 (OAuth 2.0 Bearer Token Usage), so the UserInfo Endpoint implementation of your service can use the string returned from the method as the value of WWW-Authenticate header.

The following is an example response which complies with RFC 6750. Note that OpenID Connect Core 1.0 requires that an error response from UserInfo endpoint comply with RFC 6750. See 5.3.3. UserInfo Error Response for details.

 HTTP/1.1 500 Internal Server Error
 WWW-Authenticate: (The value returned from getResponseContent())
 Cache-Control: no-store
 Pragma: no-cache
 

BAD_REQUEST

When the value of "action" is "BAD_REQUEST", it means that the request from the client application does not contain an access token (= the request from the service implementation to Authlete does not contain "token" parameter).

getResponseContent() returns a string which describes the error in the format of RFC 6750 (OAuth 2.0 Bearer Token Usage), so the UserInfo Endpoint implementation of your service can use the string returned from the method as the value of WWW-Authenticate header.

The following is an example response which complies with RFC 6750. Note that OpenID Connect Core 1.0 requires that an error response from UserInfo endpoint comply with RFC 6750. See 5.3.3. UserInfo Error Response for details.

 HTTP/1.1 400 Bad Request
 WWW-Authenticate: (The value returned from getResponseContent())
 Cache-Control: no-store
 Pragma: no-cache
 

UNAUTHORIZED

When the value of "action" is "UNAUTHORIZED", it means that the access token does not exist, has expired, or is not associated with any subject (= any user account).

getResponseContent() returns a string which describes the error in the format of RFC 6750 (OAuth 2.0 Bearer Token Usage), so the UserInfo Endpoint implementation of your service can use the string returned from the method as the value of WWW-Authenticate header.

The following is an example response which complies with RFC 6750. Note that OpenID Connect Core 1.0 requires that an error response from UserInfo endpoint comply with RFC 6750. See 5.3.3. UserInfo Error Response for details.

 HTTP/1.1 401 Unauthorized
 WWW-Authenticate: (The value returned from getResponseContent())
 Cache-Control: no-store
 Pragma: no-cache
 

FORBIDDEN

When the value of "action" is "FORBIDDEN", it means that the access token does not include the "openid" scope.

getResponseContent() returns a string which describes the error in the format of RFC 6750 (OAuth 2.0 Bearer Token Usage), so the UserInfo Endpoint implementation of your service can use the string returned from the method as the value of WWW-Authenticate header.

The following is an example response which complies with RFC 6750. Note that OpenID Connect Core 1.0 requires that an error response from UserInfo endpoint comply with RFC 6750. See 5.3.3. UserInfo Error Response for details.

 HTTP/1.1 403 Forbidden
 WWW-Authenticate: (The value returned from getResponseContent())
 Cache-Control: no-store
 Pragma: no-cache
 

JSON

When the value of "action" is "JSON", it means that the access token which the client application presented is valid and a userinfo response was successfully generated in the format of JSON.

The UserInfo Endpoint of your service is expected to generate a response to the client application. The content type of the response must be "application/json".

getResponseContent() returns a userinfo response in JSON format when "action" is "JSON", so a response to the client can be built like below.

 HTTP/1.1 200 OK
 Cache-Control: no-store
 Pragma: no-cache
 Content-Type: application/json;charset=UTF-8

 (The value returned from getResponseContent())
 

JWT

When the value of "action" is "JWT", it means that the access token which the client application presented is valid and a userinfo response was successfully generated in the format of JWT (JSON Web Token) (RFC 7519).

The UserInfo Endpoint of your service is expected to generate a response to the client application. The content type of the response must be "application/jwt".

getResponseContent() returns a userinfo response in JWT format when "action" is "JWT", so a response to the client can be built like below.

 HTTP/1.1 200 OK
 Cache-Control: no-store
 Pragma: no-cache
 Content-Type: application/jwt

 (The value returned from getResponseContent())
 

Authlete 2.3 and above has the ability to sign the userinfo response using HTTP Message Signatures. If this feature is used, the resource server implementation should add the headers in this response object to the HTTP response message before returning it to the client.

getSignature() (REQUIRED)

The serialized value for the Signature header applied to the response.

getSignatureInput() (REQUIRED)

The serialized value for the Signature-Input header applied to the response.

getContentDigest() (OPTIONAL)

The serialized value for the Content-Digest header applied to the response. This value is only returned if a message was passed to the request, otherwise it is null.

Author:

Takahiko Kawasaki

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	UserInfoIssueResponse.Action	The next action the service implementation should take.

Constructor Summary

Constructors

Constructor	Description
UserInfoIssueResponse()

Method Summary

Modifier and Type	Method	Description
UserInfoIssueResponse.Action	getAction()	Get the next action that the service implementation should take.
String	getContentDigest()	Get the Content-Digest header value to add to the response message.
String	getResponseContent()	Get the response content which can be used as the entity body of the response returned to the client application.
String	getSignature()	Get the Signature header value to add to the response message.
String	getSignatureInput()	Get the Signature-Input header value to add to the response message.
UserInfoIssueResponse	setAction(UserInfoIssueResponse.Action action)	Set the next action that the service implementation should take.
UserInfoIssueResponse	setContentDigest(String contentDigest)	Set the Content-Digest header value to add to the response message.
UserInfoIssueResponse	setResponseContent(String content)	Set the response content which can be used as the entity body of the response returned to the client application.
UserInfoIssueResponse	setSignature(String signature)	Set the Signature header value to add to the response message.
UserInfoIssueResponse	setSignatureInput(String signatureInput)	Set the Signature-Input header value to add to the response message.
String	summarize()	Get the summary of this instance.

Methods inherited from class com.authlete.common.dto.ApiResponse

getResultCode, getResultMessage, setResultCode, setResultMessage

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UserInfoIssueResponse

public UserInfoIssueResponse()

Method Detail

getAction

public UserInfoIssueResponse.Action getAction()

Get the next action that the service implementation should take.

setAction

public UserInfoIssueResponse setAction(UserInfoIssueResponse.Action action)

Set the next action that the service implementation should take.

getResponseContent

public String getResponseContent()

Get the response content which can be used as the entity body of the response returned to the client application.

setResponseContent

public UserInfoIssueResponse setResponseContent(String content)

Set the response content which can be used as the entity body of the response returned to the client application.

getSignature

public String getSignature()

Get the Signature header value to add to the response message.

Returns:

The serialized header value.

Since:

3.38, Authlete 2.3

setSignature

public UserInfoIssueResponse setSignature(String signature)

Set the Signature header value to add to the response message.

Parameters:

signature - The serialized header value.

Returns:

this object.

Since:

3.38, Authlete 2.3

getSignatureInput

public String getSignatureInput()

Get the Signature-Input header value to add to the response message.

Returns:

The serialized header value.

Since:

3.38, Authlete 2.3

setSignatureInput

public UserInfoIssueResponse setSignatureInput(String signatureInput)

Set the Signature-Input header value to add to the response message.

Parameters:

signatureInput - The serialized header value.

Returns:

this object.

Since:

3.38, Authlete 2.3

getContentDigest

public String getContentDigest()

Get the Content-Digest header value to add to the response message.

Returns:

The serialized header value.

Since:

3.38, Authlete 2.3

setContentDigest

public UserInfoIssueResponse setContentDigest(String contentDigest)

Set the Content-Digest header value to add to the response message.

Parameters:

contentDigest - The serialized header value.

Returns:

this object.

Since:

3.38, Authlete 2.3

summarize

public String summarize()

Get the summary of this instance.