java.lang.Object
- com.authlete.jaxrs.UserInfoRequestHandler.Params

All Implemented Interfaces:

Serializable

Enclosing class:

UserInfoRequestHandler
```
public static class UserInfoRequestHandler.Params
extends Object
implements Serializable
```
Parameters passed to the UserInfoRequestHandler.handle(Params) method.

Since:

2.27

See Also:

Serialized Form

Constructor Summary

Constructors
Constructor Description

Params()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`String`	`getAccessToken()`	Get the access token included in the userinfo request.
`String`	`getClientCertificate()`	Get the client certificate included in the userinfo request.
`String`	`getDpop()`	Get the DPoP proof JWT (the value of the `DPoP` HTTP header).
`com.authlete.common.dto.Pair[]`	`getHeaders()`	Get the HTTP headers included in the userinfo request.
`String`	`getHtm()`	Get the HTTP method of the userinfo request.
`String`	`getHtu()`	Get the URL of the userinfo endpoint.
`URI`	`getTargetUri()`	Get the full URI of the userinfo request, including the query part, if any.
`boolean`	`isDpopNonceRequired()`	Get the flag indicating whether to check if the DPoP proof JWT includes the expected `nonce` value.
`boolean`	`isOldIdaFormatUsed()`	Get the flag indicating whether `UserInfoRequestHandler` uses the old format of `"verified_claims"` defined in the Implementer's Draft 2 of OpenID Connect for Identity Assurance 1.0 which was published on May 19, 2020.
`boolean`	`isRequestBodyContained()`	Get the flag indicating whether the userinfo request contains a request body.
`UserInfoRequestHandler.Params`	`setAccessToken(String accessToken)`	Set the access token included in the userinfo request.
`UserInfoRequestHandler.Params`	`setClientCertificate(String clientCertificate)`	Set the client certificate included in the userinfo request.
`UserInfoRequestHandler.Params`	`setDpop(String dpop)`	Set the DPoP proof JWT (the value of the `DPoP` HTTP header).
`UserInfoRequestHandler.Params`	`setDpopNonceRequired(boolean dpopNonceRequired)`	Set the flag indicating whether to check if the DPoP proof JWT includes the expected `nonce` value.
`UserInfoRequestHandler.Params`	`setHeaders(com.authlete.common.dto.Pair[] headers)`	Set the HTTP headers included in the userinfo request.
`UserInfoRequestHandler.Params`	`setHtm(String htm)`	Set the HTTP method of the userinfo request.
`UserInfoRequestHandler.Params`	`setHtu(String htu)`	Set the URL of the userinfo endpoint.
`UserInfoRequestHandler.Params`	`setOldIdaFormatUsed(boolean used)`	Set the flag indicating whether `UserInfoRequestHandler` uses the old format of `"verified_claims"` defined in the Implementer's Draft 2 of OpenID Connect for Identity Assurance 1.0 which was published on May 19, 2020.
`UserInfoRequestHandler.Params`	`setRequestBodyContained(boolean contained)`	Set the flag indicating whether the userinfo request contains a request body.
`UserInfoRequestHandler.Params`	`setTargetUri(URI targetUri)`	Set the full URI of the userinfo request, including the query part, if any.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - Params
```
public Params()
```
- Method Detail
  - getAccessToken
```
public String getAccessToken()
```
    Get the access token included in the userinfo request.
    
    Returns:
    
    The access token.
  - setAccessToken
```
public UserInfoRequestHandler.Params setAccessToken(String accessToken)
```
    Set the access token included in the userinfo request.
    
    Parameters:
    
    accessToken - The access token.
    
    Returns:
    
    this object.
  - getClientCertificate
```
public String getClientCertificate()
```
    Get the client certificate included in the userinfo request.
    
    Returns:
    
    The client certificate.
    
    See Also:
    
    RFC 8705 : OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
  - setClientCertificate
```
public UserInfoRequestHandler.Params setClientCertificate(String clientCertificate)
```
    Set the client certificate included in the userinfo request.
    
    Parameters:
    
    clientCertificate - The client certificate.
    
    Returns:
    
    this object.
    
    See Also:
    
    RFC 8705 : OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
  - getDpop
```
public String getDpop()
```
    Get the DPoP proof JWT (the value of the DPoP HTTP header).
    See "OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)" for details.
    
    Returns:
    
    The DPoP proof JWT.
  - setDpop
```
public UserInfoRequestHandler.Params setDpop(String dpop)
```
    Set the DPoP proof JWT (the value of the DPoP HTTP header).
    See "OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)" for details.
    
    Parameters:
    
    dpop - The DPoP proof JWT.
    
    Returns:
    
    this object.
  - getHtm
```
public String getHtm()
```
    Get the HTTP method of the userinfo request.
    
    Returns:
    
    The HTTP method of the userinfo request.
  - setHtm
```
public UserInfoRequestHandler.Params setHtm(String htm)
```
    Set the HTTP method of the userinfo request.
    The value should be either "GET" or "POST" unless new specifications allowing other HTTP methods at the userinfo endpoint are developed.
    
    The value passed here will be used to validate the DPoP proof JWT. See "OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)" for details.
    
    Parameters:
    
    htm - The HTTP method of the userinfo request.
    
    Returns:
    
    this object.
  - getHtu
```
public String getHtu()
```
    Get the URL of the userinfo endpoint.
    
    Returns:
    
    The URL of the userinfo endpoint.
  - setHtu
```
public UserInfoRequestHandler.Params setHtu(String htu)
```
    Set the URL of the userinfo endpoint.
    If this parameter is omitted, the userInfoEndpoint property of Service will be used as the default value.
    
    The value passed here will be used to validate the DPoP proof JWT. See "OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)" for details.
    
    Parameters:
    
    htu - The URL of the userinfo endpoint.
    
    Returns:
    
    this object.
  - isOldIdaFormatUsed
```
public boolean isOldIdaFormatUsed()
```
    Get the flag indicating whether UserInfoRequestHandler uses the old format of "verified_claims" defined in the Implementer's Draft 2 of OpenID Connect for Identity Assurance 1.0 which was published on May 19, 2020.
    When this flag is on, UserInfoRequestHandler calls the getVerifiedClaims(String, VerifiedClaimsConstraint) method of UserInfoRequestHandlerSpi. On the other hand, if this flag is off, the getVerifiedClaims(String, Object) method is called instead. This is a breaking change from authlete-java-jaxrs version 2.41. This flag exists to mitigate the breaking change.
    
    The Implementer's Draft 3 of OpenID Connect for Identity Assurance 1.0, which was published on September 6, 2021, made many breaking changes. In addition, it is certain that further breaking changes will be made in the next draft. Considering the instability of the specification, it is not a good approach to define Java classes that correspond to elements in "verified_claims". The com.authlete.common.assurance package in the authlete-java-common library was developed based on the approach for the Implementer's Draft 2, but it is not useful any more. This is the reason the getVerifiedClaims(String, VerifiedClaimsConstraint) method (whose second argument is an instance of VerifiedClaimsConstraint which is defined in the com.authlete.common.assurance.constraint package) was marked as deprecated.
    
    Returns:
    
    true if UserInfoRequestHandler calls getVerifiedClaims(String, VerifiedClaimsConstraint) method of UserInfoRequestHandlerSpi. false if UserInfoRequestHandler calls getVerifiedClaims(String, Object) method instead.
    
    Since:
    
    2.42
    
    See Also:
    
    OpenID Connect for Identity Assurance 1.0
  - setOldIdaFormatUsed
```
public UserInfoRequestHandler.Params setOldIdaFormatUsed(boolean used)
```
    Set the flag indicating whether UserInfoRequestHandler uses the old format of "verified_claims" defined in the Implementer's Draft 2 of OpenID Connect for Identity Assurance 1.0 which was published on May 19, 2020.
    When this flag is on, UserInfoRequestHandler calls the getVerifiedClaims(String, VerifiedClaimsConstraint) method of UserInfoRequestHandlerSpi. On the other hand, if this flag is off, the getVerifiedClaims(String, Object) method is called instead. This is a breaking change from authlete-java-jaxrs version 2.41. This flag exists to mitigate the breaking change.
    
    The Implementer's Draft 3 of OpenID Connect for Identity Assurance 1.0, which was published on September 6, 2021, made many breaking changes. In addition, it is certain that further breaking changes will be made in the next draft. Considering the instability of the specification, it is not a good approach to define Java classes that correspond to elements in "verified_claims". The com.authlete.common.assurance package in the authlete-java-common library was developed based on the approach for the Implementer's Draft 2, but it is not useful any more. This is the reason the getVerifiedClaims(String, VerifiedClaimsConstraint) method (whose second argument is an instance of VerifiedClaimsConstraint which is defined in the com.authlete.common.assurance.constraint package) was marked as deprecated.
    
    Parameters:
    
    used - true to make UserInfoRequestHandler call getVerifiedClaims(String, VerifiedClaimsConstraint) method of UserInfoRequestHandlerSpi. false to make UserInfoRequestHandler call getVerifiedClaims(String, Object) method instead.
    
    Returns:
    
    this object.
    
    Since:
    
    2.42
    
    See Also:
    
    OpenID Connect for Identity Assurance 1.0
  - getTargetUri
```
public URI getTargetUri()
```
    Get the full URI of the userinfo request, including the query part, if any.
    This parameter is used as the value of the @target-uri derived component for HTTP message signatures (RFC 9421 HTTP Message Signatures, Section 2.2.2. Target URI). Additionally, other derived components such as @authority, @scheme, @path, @query and @query-param are computed from this parameter.
    
    When this parameter is omitted, the value of the htu parameter is used. The htu parameter represents the URL of the userinfo endpoint, which usually serves as the target URI of the userinfo request. The only exception is when the access token is specified as a query parameter, as defined in RFC 6750 Section 2.3. However, RFC 6750 states that this method "SHOULD NOT be used" unless other methods are not viable.
    
    If neither this targetUri parameter nor the htu parameter is specified, the userInfoEndpoint property of the Service is used as a fallback.
    
    Returns:
    
    The full URI of the userinfo request.
    
    Since:
    
    2.80
  - setTargetUri
```
public UserInfoRequestHandler.Params setTargetUri(URI targetUri)
```
    Set the full URI of the userinfo request, including the query part, if any.
    This parameter is used as the value of the @target-uri derived component for HTTP message signatures (RFC 9421 HTTP Message Signatures, Section 2.2.2. Target URI). Additionally, other derived components such as @authority, @scheme, @path, @query and @query-param are computed from this parameter.
    
    When this parameter is omitted, the value of the htu parameter is used. The htu parameter represents the URL of the userinfo endpoint, which usually serves as the target URI of the userinfo request. The only exception is when the access token is specified as a query parameter, as defined in RFC 6750 Section 2.3. However, RFC 6750 states that this method "SHOULD NOT be used" unless other methods are not viable.
    
    If neither this targetUri parameter nor the htu parameter is specified, the userInfoEndpoint property of the Service is used as a fallback.
    
    Parameters:
    
    targetUri - The full URI of the userinfo request.
    
    Returns:
    
    this object.
    
    Since:
    
    2.80
  - getHeaders
```
public com.authlete.common.dto.Pair[] getHeaders()
```
    Get the HTTP headers included in the userinfo request. They are used to compute component values, which will be part of the signature base for HTTP message signatures.
    
    Returns:
    
    HTTP header fields of the userinfo request.
    
    Since:
    
    2.80
  - setHeaders
```
public UserInfoRequestHandler.Params setHeaders(com.authlete.common.dto.Pair[] headers)
```
    Set the HTTP headers included in the userinfo request. They are used to compute component values, which will be part of the signature base for HTTP message signatures.
    
    Parameters:
    
    headers - HTTP header fields of the userinfo request.
    
    Returns:
    
    this object.
    
    Since:
    
    2.80
  - isRequestBodyContained
```
public boolean isRequestBodyContained()
```
    Get the flag indicating whether the userinfo request contains a request body.
    When the userinfo request must comply with the HTTP message signing requirements defined in the FAPI 2.0 Message Signing specification, the "content-digest" component identifier must be included in the signature base of the HTTP message signature (see RFC 9421 HTTP Message Signatures) if the userinfo request contains a request body.
    
    When this requestBodyContained parameter is true, Authlete checks whether "content-digest" is included in the signature base, if the FAPI profile applies to the userinfo request.
    
    Returns:
    
    true if the userinfo request contains a request body.
    
    Since:
    
    2.80
  - setRequestBodyContained
```
public UserInfoRequestHandler.Params setRequestBodyContained(boolean contained)
```
    Set the flag indicating whether the userinfo request contains a request body.
    When the userinfo request must comply with the HTTP message signing requirements defined in the FAPI 2.0 Message Signing specification, the "content-digest" component identifier must be included in the signature base of the HTTP message signature (see RFC 9421 HTTP Message Signatures) if the userinfo request contains a request body.
    
    When this requestBodyContained parameter is true, Authlete checks whether "content-digest" is included in the signature base, if the FAPI profile applies to the userinfo request.
    
    Parameters:
    
    contained - true to indicate that the userinfo request contains a request body.
    
    Returns:
    
    this object.
    
    Since:
    
    2.80
  - isDpopNonceRequired
```
public boolean isDpopNonceRequired()
```
    Get the flag indicating whether to check if the DPoP proof JWT includes the expected nonce value.
    
    Returns:
    
    true to have the /auth/userinfo API check whether the DPoP proof JWT includes the expected nonce value, even if the service's dpopNonceRequired property is false.
    
    Since:
    
    2.80
  - setDpopNonceRequired
```
public UserInfoRequestHandler.Params setDpopNonceRequired(boolean dpopNonceRequired)
```
    Set the flag indicating whether to check if the DPoP proof JWT includes the expected nonce value.
    
    Parameters:
    
    dpopNonceRequired - true to have the /auth/userinfo API check whether the DPoP proof JWT includes the expected nonce value, even if the service's dpopNonceRequired property is false.
    
    Returns:
    
    this object.
    
    Since:
    
    2.80

Class UserInfoRequestHandler.Params

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

Params

Method Detail

getAccessToken

setAccessToken

getClientCertificate

setClientCertificate

getDpop

setDpop

getHtm

setHtm

getHtu

setHtu

isOldIdaFormatUsed

setOldIdaFormatUsed

getTargetUri

setTargetUri

getHeaders

setHeaders

isRequestBodyContained

setRequestBodyContained

isDpopNonceRequired

setDpopNonceRequired