Class UserInfoRequest
- java.lang.Object
-
- com.authlete.common.dto.UserInfoRequest
-
- All Implemented Interfaces:
Serializable
public class UserInfoRequest extends Object implements Serializable
Request to Authlete's/auth/userinfo
API.token
(REQUIRED)-
An access token to get user information.
clientCertificate
(OPTIONAL)-
The client certificate from the MTLS of the userinfo request from the client application. See RFC 8705 (OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens) for details.
dpop
(OPTIONAL)-
The value of the
DPoP
HTTP header. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details. htm
(OPTIONAL)-
The HTTP method of the userinfo request. In normal cases, the value should be either
"GET"
or"POST"
. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details. htu
(OPTIONAL)-
The URL of the userinfo endpoint, without query or path components. If omitted, the
userInfoEndpoint
property ofService
is used as the default value. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details. uri
(OPTIONAL; Authlete 2.3 onwards)-
The full URL of the userinfo endpoint. If omitted, the
userInfoEndpoint
property ofService
is used as the default value. headers
(OPTIONAL; Authlete 2.3 onwards)-
The HTTP headers to be included in processing the signature. If this is a signed request, this must include the
Signature
andSignature-Input
headers, as well as any additional headers covered by the signature. message
(OPTIONAL; Authlete 2.3 onwards)-
The HTTP message body of the request, if present. If supplied, this is used to validate the value of the
Content-Digest
header, which must in turn be covered in the HTTP Message Signature. dpopNonceRequired
(OPTIONAL; Authlete 3.0 onwards)-
The flag indicating whether to require the DPoP proof JWT to include the
nonce
claim. Even if the service'sdpopNonceRequired
property is false, calling the/auth/userinfo
API with thisdpopNonceRequired
parameter true will force the Authlete API to check whether the DPoP proof JWT includes the expected nonce value.
- Author:
- Takahiko Kawasaki
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description UserInfoRequest()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getClientCertificate()
Get the client certificate used in the TLS connection established between the client application and the userinfo endpoint.String
getDpop()
Get theDPoP
header presented by the client during the request to the userinfo endpoint.Pair[]
getHeaders()
Get the HTTP headers to be included in processing the signature.String
getHtm()
Get the HTTP method of the userinfo request.String
getHtu()
Get the URL of the userinfo endpoint.String
getMessage()
Get the HTTP message body, if present.String
getToken()
Get the access token which has come along with the userinfo request from the client application.String
getUri()
Get the URL of the userinfo endpoint.boolean
isDpopNonceRequired()
Get the flag indicating whether to check if the DPoP proof JWT includes the expectednonce
value.UserInfoRequest
setClientCertificate(String certificate)
Set the client certificate used in the TLS connection established between the client application and the userinfo endpoint.UserInfoRequest
setDpop(String dpop)
Set theDPoP
header presented by the client during the request to the userinfo endpoint.UserInfoRequest
setDpopNonceRequired(boolean required)
Set the flag indicating whether to check if the DPoP proof JWT includes the expectednonce
value.UserInfoRequest
setHeaders(Pair[] headers)
Set the HTTP headers to be included in processing the signature.UserInfoRequest
setHtm(String htm)
Set the HTTP method of the userinfo request.UserInfoRequest
setHtu(String htu)
Set the URL of the userinfo endpoint.UserInfoRequest
setMessage(String message)
Set the HTTP message body, if present.UserInfoRequest
setToken(String token)
Set the access token which has been issued by Authlete.UserInfoRequest
setUri(String uri)
Set the URL of the userinfo endpoint.
-
-
-
Method Detail
-
getToken
public String getToken()
Get the access token which has come along with the userinfo request from the client application.
-
setToken
public UserInfoRequest setToken(String token)
Set the access token which has been issued by Authlete. The access token is the one that has come along with the userinfo request from the client application.
-
getClientCertificate
public String getClientCertificate()
Get the client certificate used in the TLS connection established between the client application and the userinfo endpoint.- Returns:
- The client certificate in PEM format.
-
setClientCertificate
public UserInfoRequest setClientCertificate(String certificate)
Set the client certificate used in the TLS connection established between the client application and the userinfo endpoint.The value of this request parameter is referred to when the access token given to the userinfo endpoint was bound to a client certificate when it was issued. See RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens for details about the specification of certificate-bound access tokens.
- Parameters:
certificate
- The client certificate in PEM format.- Returns:
this
object.- Since:
- 2.37
-
getDpop
public String getDpop()
Get theDPoP
header presented by the client during the request to the userinfo endpoint. The header contains a signed JWT which includes the public key that is paired with the private key used to sign the JWT.See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.
- Returns:
- The
DPoP
header string. - Since:
- 2.70
- See Also:
- RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)
-
setDpop
public UserInfoRequest setDpop(String dpop)
Set theDPoP
header presented by the client during the request to the userinfo endpoint. The header contains a signed JWT which includes the public key that is paired with the private key used to sign the JWT.See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.
- Parameters:
dpop
- TheDPoP
header string.- Returns:
this
object.- Since:
- 2.70
- See Also:
- RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)
-
getHtm
public String getHtm()
Get the HTTP method of the userinfo request. This field is used to validate theDPoP
header.In normal cases, the value is either
"GET"
or"POST"
.See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.
- Returns:
- The HTTP method as a string. For example,
"GET"
. - Since:
- 2.70
- See Also:
- RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)
-
setHtm
public UserInfoRequest setHtm(String htm)
Set the HTTP method of the userinfo request. This field is used to validate theDPoP
header.In normal cases, the value is either
"GET"
or"POST"
.See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.
- Parameters:
htm
- The HTTP method as a string. For example,"GET"
.- Returns:
this
object.- Since:
- 2.70
- See Also:
- RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)
-
getHtu
public String getHtu()
Get the URL of the userinfo endpoint. This field is used to validate theDPoP
header.If this parameter is omitted, the
userInfoEndpoint
property of theService
is used as the default value.See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.
- Returns:
- The URL of the userinfo endpoint.
- Since:
- 2.70
- See Also:
- RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)
-
setHtu
public UserInfoRequest setHtu(String htu)
Set the URL of the userinfo endpoint. This field is used to validate theDPoP
header.If this parameter is omitted, the
userInfoEndpoint
property of theService
is used as the default value.See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.
- Parameters:
htu
- The URL of the userinfo endpoint.- Returns:
this
object.- Since:
- 2.70
- See Also:
- RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)
-
getUri
public String getUri()
Get the URL of the userinfo endpoint. This field is used to validate the HTTP Message Signature.If this parameter is omitted, the
userInfoEndpoint
property of theService
is used as the default value.- Returns:
- The URL of the userinfo endpoint.
- Since:
- 3.38, Authlete 2.3
-
setUri
public UserInfoRequest setUri(String uri)
Set the URL of the userinfo endpoint. This field is used to validate the HTTP Message Signature.If this parameter is omitted, the
userInfoEndpoint
property of theService
is used as the default value.- Parameters:
uri
- The URL of the userinfo endpoint.- Returns:
this
object.- Since:
- 3.38, Authlete 2.3
-
getHeaders
public Pair[] getHeaders()
Get the HTTP headers to be included in processing the signature. If this is a signed request, this must include theSignature
andSignature-Input
headers, as well as any additional headers covered by the signature.- Returns:
- The HTTP headers.
- Since:
- 3.38, Authlete 2.3
-
setHeaders
public UserInfoRequest setHeaders(Pair[] headers)
Set the HTTP headers to be included in processing the signature. If this is a signed request, this must include theSignature
andSignature-Input
headers, as well as any additional headers covered by the signature.- Parameters:
headers
- The HTTP headers.- Returns:
this
object.- Since:
- 3.38, Authlete 2.3
-
getMessage
public String getMessage()
Get the HTTP message body, if present. If provided, this will be used to calculate the expected value of theContent-Digest
in the headers of the request covered by the HTTP Message Signature.- Returns:
- The HTTP message body.
- Since:
- 3.38, Authlete 2.3
-
setMessage
public UserInfoRequest setMessage(String message)
Set the HTTP message body, if present. If provided, this will be used to calculate the expected value of theContent-Digest
in the headers of the request covered by the HTTP Message Signature.- Parameters:
message
- The HTTP message body.- Returns:
this
object.- Since:
- 3.38, Authlete 2.3
-
isDpopNonceRequired
public boolean isDpopNonceRequired()
Get the flag indicating whether to check if the DPoP proof JWT includes the expectednonce
value.If this request parameter is
true
or if the service'sdpopNonceRequired
property (Service.isDpopNonceRequired()
) istrue
, the/auth/userinfo
API checks if the DPoP proof JWT includes the expectednonce
value. In this case, the response from the/auth/userinfo
API will include thedpopNonce
response parameter, which should be used as the value of theDPoP-Nonce
HTTP header.- Returns:
true
if the/auth/userinfo
API checks whether the DPoP proof JWT includes the expectednonce
value, even if the service'sdpopNonceRequired
property is false.- Since:
- 3.82, Authlete 3.0
- See Also:
- RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)
-
setDpopNonceRequired
public UserInfoRequest setDpopNonceRequired(boolean required)
Set the flag indicating whether to check if the DPoP proof JWT includes the expectednonce
value.If this request parameter is
true
or if the service'sdpopNonceRequired
property (Service.isDpopNonceRequired()
) istrue
, the/auth/userinfo
API checks if the DPoP proof JWT includes the expectednonce
value. In this case, the response from the/auth/userinfo
API will include thedpopNonce
response parameter, which should be used as the value of theDPoP-Nonce
HTTP header.- Parameters:
required
-true
to have the/auth/userinfo
API check whether the DPoP proof JWT includes the expectednonce
value, even if the service'sdpopNonceRequired
property is false.- Returns:
this
object.- Since:
- 3.82, Authlete 3.0
- See Also:
- RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)
-
-