Package com.nimbusds.openid.connect.sdk

Class ClaimsRequest

  • All Implemented Interfaces:
    net.minidev.json.JSONAware
    public class ClaimsRequest
extends Object
implements net.minidev.json.JSONAware
    Specifies the individual OpenID claims to return from the UserInfo endpoint and / or in the ID Token.

    Related specifications:

    • OpenID Connect Core 1.0, section 5.5.
    • OpenID Connect for Identity Assurance 1.0.

    • Constructor Detail

      • ClaimsRequest

        public ClaimsRequest()
        Creates a new empty claims request.

    • Method Detail

      • add

        public void add​(ClaimsRequest other)
        Adds the entries from the specified other claims request.
        Parameters:
        other - The other claims request. If null no claims request entries will be added to this claims request.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName)
        Adds the specified ID token claim to the request. It is marked as voluntary and no language tag and value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName,
                            ClaimRequirement requirement)
        Adds the specified ID token claim to the request. No language tag and value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName,
                            ClaimRequirement requirement,
                            com.nimbusds.langtag.LangTag langTag)
        Adds the specified ID token claim to the request. No value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName,
                            ClaimRequirement requirement,
                            com.nimbusds.langtag.LangTag langTag,
                            String value)
        Adds the specified ID token claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        value - The expected claim value, null if not specified.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName,
                            ClaimRequirement requirement,
                            com.nimbusds.langtag.LangTag langTag,
                            String value,
                            Map<String,​Object> additionalInformation)
        Adds the specified ID token claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        value - The expected claim value, null if not specified.
        additionalInformation - The additional information for this claim, null if not specified.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName,
                            ClaimRequirement requirement,
                            com.nimbusds.langtag.LangTag langTag,
                            List<String> values)
        Adds the specified ID token claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        values - The expected claim values, null if not specified.

      • addIDTokenClaim

        public void addIDTokenClaim​(String claimName,
                            ClaimRequirement requirement,
                            com.nimbusds.langtag.LangTag langTag,
                            List<String> values,
                            Map<String,​Object> additionalInformation)
        Adds the specified ID token claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        values - The expected claim values, null if not specified.
        additionalInformation - The additional information for this claim, null if not specified.

      • addIDTokenClaim

        public void addIDTokenClaim​(ClaimsRequest.Entry entry)
        Adds the specified ID token claim to the request.
        Parameters:
        entry - The individual ID token claim request. Must not be null.

      • addVerifiedIDTokenClaim

        public void addVerifiedIDTokenClaim​(ClaimsRequest.Entry entry)
        Adds the specified verified ID token claim to the request.
        Parameters:
        entry - The individual verified ID token claim request. Must not be null.

      • setIDTokenClaimsVerificationJSONObject

        public void setIDTokenClaimsVerificationJSONObject​(net.minidev.json.JSONObject jsonObject)
        Sets the verification element for the requested verified ID token claims.
        Parameters:
        jsonObject - The verification JSON object, null if not specified.

      • getIDTokenClaimsVerificationJSONObject

        public net.minidev.json.JSONObject getIDTokenClaimsVerificationJSONObject()
        Gets the verification element for the requested verified ID token claims.
        Returns:
        The verification JSON object, null if not specified.

      • getIDTokenClaimNames

        public Set<StringgetIDTokenClaimNames​(boolean withLangTag)
        Gets the names of the requested ID token claim names.
        Parameters:
        withLangTag - If true the language tags, if any, will be appended to the names, else not.
        Returns:
        The ID token claim names, as an unmodifiable set, empty set if none.

      • getVerifiedIDTokenClaimNames

        public Set<StringgetVerifiedIDTokenClaimNames​(boolean withLangTag)
        Gets the names of the requested verified ID token claim names.
        Parameters:
        withLangTag - If true the language tags, if any, will be appended to the names, else not.
        Returns:
        The ID token claim names, as an unmodifiable set, empty set if none.

      • removeIDTokenClaim

        public ClaimsRequest.Entry removeIDTokenClaim​(String claimName,
                                              com.nimbusds.langtag.LangTag langTag)
        Removes the specified ID token claim from the request.
        Parameters:
        claimName - The claim name. Must not be null.
        langTag - The associated language tag, null if none.
        Returns:
        The removed ID token claim, null if not found.

      • removeVerifiedIDTokenClaim

        public ClaimsRequest.Entry removeVerifiedIDTokenClaim​(String claimName,
                                                      com.nimbusds.langtag.LangTag langTag)
        Removes the specified verified ID token claim from the request.
        Parameters:
        claimName - The claim name. Must not be null.
        langTag - The associated language tag, null if none.
        Returns:
        The removed ID token claim, null if not found.

      • removeIDTokenClaims

        public Collection<ClaimsRequest.EntryremoveIDTokenClaims​(String claimName)
        Removes the specified ID token claims from the request, in all existing language tag variations.
        Parameters:
        claimName - The claim name. Must not be null.
        Returns:
        The removed ID token claims, as an unmodifiable collection, empty set if none were found.

      • removeVerifiedIDTokenClaims

        public Collection<ClaimsRequest.EntryremoveVerifiedIDTokenClaims​(String claimName)
        Removes the specified verified ID token claims from the request, in all existing language tag variations.
        Parameters:
        claimName - The claim name. Must not be null.
        Returns:
        The removed ID token claims, as an unmodifiable collection, empty set if none were found.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName)
        Adds the specified UserInfo claim to the request. It is marked as voluntary and no language tag and value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName,
                             ClaimRequirement requirement)
        Adds the specified UserInfo claim to the request. No language tag and value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName,
                             ClaimRequirement requirement,
                             com.nimbusds.langtag.LangTag langTag)
        Adds the specified UserInfo claim to the request. No value(s) are associated with it.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName,
                             ClaimRequirement requirement,
                             com.nimbusds.langtag.LangTag langTag,
                             String value)
        Adds the specified UserInfo claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        value - The expected claim value, null if not specified.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName,
                             ClaimRequirement requirement,
                             com.nimbusds.langtag.LangTag langTag,
                             String value,
                             Map<String,​Object> additionalInformation)
        Adds the specified UserInfo claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        value - The expected claim value, null if not specified.
        additionalInformation - The additional information for this claim, null if not specified.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName,
                             ClaimRequirement requirement,
                             com.nimbusds.langtag.LangTag langTag,
                             List<String> values)
        Adds the specified UserInfo claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        values - The expected claim values, null if not specified.

      • addUserInfoClaim

        public void addUserInfoClaim​(String claimName,
                             ClaimRequirement requirement,
                             com.nimbusds.langtag.LangTag langTag,
                             List<String> values,
                             Map<String,​Object> additionalInformation)
        Adds the specified UserInfo claim to the request.
        Parameters:
        claimName - The claim name. Must not be null.
        requirement - The claim requirement. Must not be null.
        langTag - The associated language tag, null if not specified.
        values - The expected claim values, null if not specified.
        additionalInformation - The additional information for this claim, null if not specified.

      • addUserInfoClaim

        public void addUserInfoClaim​(ClaimsRequest.Entry entry)
        Adds the specified UserInfo claim to the request.
        Parameters:
        entry - The individual UserInfo claim request. Must not be null.

      • addVerifiedUserInfoClaim

        public void addVerifiedUserInfoClaim​(ClaimsRequest.Entry entry)
        Adds the specified verified UserInfo claim to the request.
        Parameters:
        entry - The individual verified UserInfo claim request. Must not be null.

      • setUserInfoClaimsVerificationJSONObject

        public void setUserInfoClaimsVerificationJSONObject​(net.minidev.json.JSONObject jsonObject)
        Sets the verification element for the requested verified UserInfo claims.
        Parameters:
        jsonObject - The verification JSON object, null if not specified.

      • getUserInfoClaimsVerificationJSONObject

        public net.minidev.json.JSONObject getUserInfoClaimsVerificationJSONObject()
        Gets the verification element for the requested verified UserInfo claims.
        Returns:
        The verification JSON object, null if not specified.

      • getUserInfoClaimNames

        public Set<StringgetUserInfoClaimNames​(boolean withLangTag)
        Gets the names of the requested UserInfo claim names.
        Parameters:
        withLangTag - If true the language tags, if any, will be appended to the names, else not.
        Returns:
        The UserInfo claim names, as an unmodifiable set, empty set if none.

      • getVerifiedUserInfoClaimNames

        public Set<StringgetVerifiedUserInfoClaimNames​(boolean withLangTag)
        Gets the names of the requested verified UserInfo claim names.
        Parameters:
        withLangTag - If true the language tags, if any, will be appended to the names, else not.
        Returns:
        The UserInfo claim names, as an unmodifiable set, empty set if none.

      • removeUserInfoClaim

        public ClaimsRequest.Entry removeUserInfoClaim​(String claimName,
                                               com.nimbusds.langtag.LangTag langTag)
        Removes the specified UserInfo claim from the request.
        Parameters:
        claimName - The claim name. Must not be null.
        langTag - The associated language tag, null if none.
        Returns:
        The removed UserInfo claim, null if not found.

      • removeVerifiedUserInfoClaim

        public ClaimsRequest.Entry removeVerifiedUserInfoClaim​(String claimName,
                                                       com.nimbusds.langtag.LangTag langTag)
        Removes the specified verified UserInfo claim from the request.
        Parameters:
        claimName - The claim name. Must not be null.
        langTag - The associated language tag, null if none.
        Returns:
        The removed UserInfo claim, null if not found.

      • removeUserInfoClaims

        public Collection<ClaimsRequest.EntryremoveUserInfoClaims​(String claimName)
        Removes the specified UserInfo claims from the request, in all existing language tag variations.
        Parameters:
        claimName - The claim name. Must not be null.
        Returns:
        The removed UserInfo claims, as an unmodifiable collection, empty set if none were found.

      • removeVerifiedUserInfoClaims

        public Collection<ClaimsRequest.EntryremoveVerifiedUserInfoClaims​(String claimName)
        Removes the specified verified UserInfo claims from the request, in all existing language tag variations.
        Parameters:
        claimName - The claim name. Must not be null.
        Returns:
        The removed UserInfo claims, as an unmodifiable collection, empty set if none were found.

      • toJSONObject

        public net.minidev.json.JSONObject toJSONObject()
        Returns the JSON object representation of this claims request.

        Example: 

         {
   "userinfo":
    {
     "given_name": {"essential": true},
     "nickname": null,
     "email": {"essential": true},
     "email_verified": {"essential": true},
     "picture": null,
     "http://example.info/claims/groups": null
    },
   "id_token":
    {
     "auth_time": {"essential": true},
     "acr": {"values": ["urn:mace:incommon:iap:silver"] }
    }
 }
        Returns:
        The corresponding JSON object, empty if no ID token and UserInfo claims are specified.

      • toJSONString

        public String toJSONString()
        Specified by:
        toJSONString in interface net.minidev.json.JSONAware

      • resolve

        public static ClaimsRequest resolve​(ResponseType responseType,
                                    Scope scope)
        Resolves the claims request for the specified response type and scope. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        Returns:
        The claims request.

      • resolve

        public static ClaimsRequest resolve​(ResponseType responseType,
                                    Scope scope,
                                    Map<Scope.Value,​Set<String>> customClaims)
        Resolves the claims request for the specified response type and scope. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are checked in the specified custom claims map and resolved accordingly.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        customClaims - Custom scope value to set of claim names map, null if not specified.
        Returns:
        The claims request.

      • resolve

        public static ClaimsRequest resolve​(ResponseType responseType,
                                    Scope scope,
                                    ClaimsRequest claimsRequest)
        Resolves the merged claims request from the specified OpenID authentication request parameters. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        claimsRequest - The claims request, corresponding to the optional claims OpenID Connect authorisation request parameter, null if not specified.
        Returns:
        The merged claims request.

      • resolve

        public static ClaimsRequest resolve​(ResponseType responseType,
                                    Scope scope,
                                    ClaimsRequest claimsRequest,
                                    Map<Scope.Value,​Set<String>> customClaims)
        Resolves the merged claims request from the specified OpenID authentication request parameters. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are checked in the specified custom claims map and resolved accordingly.
        Parameters:
        responseType - The response type. Must not be null.
        scope - The scope, null if not specified (for a plain OAuth 2.0 authorisation request with no scope explicitly specified).
        claimsRequest - The claims request, corresponding to the optional claims OpenID Connect authorisation request parameter, null if not specified.
        customClaims - Custom scope value to set of claim names map, null if not specified.
        Returns:
        The merged claims request.

      • resolve

        public static ClaimsRequest resolve​(AuthenticationRequest authRequest)
        Resolves the merged claims request for the specified OpenID authentication request. The scope values that are standard OpenID scope values are resolved to their respective individual claims requests, any other scope values are ignored.
        Parameters:
        authRequest - The OpenID authentication request. Must not be null.
        Returns:
        The merged claims request.

      • parse

        public static ClaimsRequest parse​(net.minidev.json.JSONObject jsonObject)
        Parses a claims request from the specified JSON object representation. Unexpected members in the JSON object are silently ignored.
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        Returns:
        The claims request.

      • parse

        public static ClaimsRequest parse​(String json)
                           throws ParseException
        Parses a claims request from the specified JSON object string representation. Unexpected members in the JSON object are silently ignored.
        Parameters:
        json - The JSON object string to parse. Must not be null.
        Returns:
        The claims request.
        Throws:
        ParseException - If the string couldn't be parsed to a valid JSON object.