com.authlete.common.dto

Class BackchannelAuthenticationCompleteResponse

java.lang.Object

com.authlete.common.dto.ApiResponse

com.authlete.common.dto.BackchannelAuthenticationCompleteResponse

All Implemented Interfaces:

Serializable

public class BackchannelAuthenticationCompleteResponse
extends ApiResponse

Response from Authlete's /api/backchannel/authentication/complete API.

Authlete's /api/backchannel/authentication/complete API returns JSON which can be mapped to this class. The authorization server implementation should retrieve the value of action from the response and take the following steps according to the value.

NOTIFICATION

When the value of action is NOTIFICATION, it means that the authorization server must send a notification to the client notification endpoint.

According to the CIBA Core specification, the notification is an HTTP POST request whose request body is JSON and whose Authorization header contains the client notification token, which was included in the backchannel authentication request as the value of the client_notification_token request parameter, as a bearer token.

When the backchannel token delivery mode is "ping", the request body of the notification is JSON which contains the auth_req_id property only. When the backchannel token delivery mode is "push", the request body will additionally contain an access token, an ID token and other properties. Note that when the backchannel token delivery mode is "poll", a notification does not have to be sent to the client notification endpoint.

In error cases, in the "ping" mode, however, the content of a notification is not different from the content in successful cases. That is, the notification contains the auth_req_id property only. The client will know the error when it accesses the token endpoint. On the other hand, in the "push" mode, in error cases, the content of a notification will include the error property instead of an access token and an ID token. The client will know the error by detecting that error is included in the notification.

In any case, the getResponseContent() method returns JSON which can be used as the request body of the notification.

The client notification endpoint that the notification should be sent to can be obtained by calling the getClientNotificationEndpoint() method. Likewise, the client notification token that the notification should include as a bearer token can be obtained by calling the getClientNotificationToken() method. With these methods, the notification can be built like the following.

 POST (The path of getClientNotificationEndpoint()) HTTP/1.1
 HOST: (The host of getClientNotificationEndpoint())
 Authorization: Bearer (The value returned from getClientNotificationToken())
 Content-Type: application/json

 (The value returned from getResponseContent())

NO_ACTION

When the value of action is NO_ACTION, it means that the authorization server does not have to take any immediate action.

NO_ACTION is returned when the backchannel token delivery mode is "poll". In this case, the client will receive the final result at the token endpoint.

SERVER_ERROR

When the value of action is SERVER_ERROR, it means either (1) that the request from the authorization server to Authlete was wrong, or (2) that an error occurred on Authlete side.

When the backchannel token delivery mode is "ping" or "push", SERVER_ERROR is used only when an error is detected before the record of the ticket (which is included in the API call to /api/backchannel/authentication/complete) is retrieved from the database successfully. If an error is detected after the record of the ticket is retrieved from the database, NOTIFICATION is used instead of SERVER_ERROR.

When the backchannel token delivery mode is "poll", SERVER_ERROR is used regardless of whether it is before or after the record of the ticket is retrieved from the database.

Since:

2.32

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	BackchannelAuthenticationCompleteResponse.Action The next action that the OpenID provider implementation should take.

Constructor Summary

Constructors

Constructor and Description
BackchannelAuthenticationCompleteResponse()

Method Summary

Modifier and Type	Method and Description
String	getAccessToken() Get the issued access token.
long	getAccessTokenDuration() Get the duration of the access token in seconds.
BackchannelAuthenticationCompleteResponse.Action	getAction() Get the next action that the OpenID provider should take.
String	getAuthReqId() Get the value of the "auth_req_id" which is associated with the ticket.
long	getClientId() Get the client ID of the client application that has made the backchannel authentication request.
String	getClientIdAlias() Get the client ID alias of the client application that has made the backchannel authentication request.
String	getClientIdentifier() Get the client identifier used in the backchannel authentication request.
String	getClientName() Get the name of the client application which has made the backchannel authentication request.
URI	getClientNotificationEndpoint() Get the client notification endpoint to which a notification needs to be sent.
String	getClientNotificationToken() Get the client notification token which needs to be embedded as a Bearer token in the Authorization header in the notification.
DeliveryMode	getDeliveryMode() Get the backchannel token delivery mode.
String	getIdToken() Get the issued ID token.
long	getIdTokenDuration() Get the duration of the ID token in seconds.
String	getJwtAccessToken() Get the newly issued access token in JWT format.
String	getRefreshToken() Get the issued refresh token.
long	getRefreshTokenDuration() Get the duration of the refresh token in seconds.
String	getResponseContent() Get the content of the notification.
boolean	isClientIdAliasUsed() Get the flag which indicates whether the client ID alias was used in the backchannel authentication request.
BackchannelAuthenticationCompleteResponse	setAccessToken(String accessToken) Set the issued access token.
BackchannelAuthenticationCompleteResponse	setAccessTokenDuration(long duration) Set the duration of the access token in seconds.
BackchannelAuthenticationCompleteResponse	setAction(BackchannelAuthenticationCompleteResponse.Action action) Set the next action that the OpenID provider should take.
BackchannelAuthenticationCompleteResponse	setAuthReqId(String authReqId) Set the value of the "auth_req_id" which is associated with the ticket.
BackchannelAuthenticationCompleteResponse	setClientId(long clientId) Set the client ID of the client application that has made the backchannel authentication request.
BackchannelAuthenticationCompleteResponse	setClientIdAlias(String alias) Set the client ID alias of the client application that has made the backchannel authentication request.
BackchannelAuthenticationCompleteResponse	setClientIdAliasUsed(boolean used) Set the flag which indicates whether the client ID alias was used in the backchannel authentication request.
BackchannelAuthenticationCompleteResponse	setClientName(String name) Set the name of the client application which has made the backchannel authentication request.
BackchannelAuthenticationCompleteResponse	setClientNotificationEndpoint(URI endpoint) Set the client notification endpoint to which a notification needs to be sent.
BackchannelAuthenticationCompleteResponse	setClientNotificationToken(String token) Set the client notification token which needs to be embedded as a Bearer token in the Authorization header in the notification.
BackchannelAuthenticationCompleteResponse	setDeliveryMode(DeliveryMode deliveryMode) Set the backchannel token delivery mode.
BackchannelAuthenticationCompleteResponse	setIdToken(String idToken) Set the issued ID token.
BackchannelAuthenticationCompleteResponse	setIdTokenDuration(long duration) Set the duration of the ID token in seconds.
BackchannelAuthenticationCompleteResponse	setJwtAccessToken(String jwtAccessToken) Set the newly issued access token in JWT format.
BackchannelAuthenticationCompleteResponse	setRefreshToken(String refreshToken) Set the issued refresh token.
BackchannelAuthenticationCompleteResponse	setRefreshTokenDuration(long duration) Set the duration of the refresh token in seconds.
BackchannelAuthenticationCompleteResponse	setResponseContent(String responseContent) Set the content of the notification.

Methods inherited from class com.authlete.common.dto.ApiResponse

getResultCode, getResultMessage, setResultCode, setResultMessage

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BackchannelAuthenticationCompleteResponse

public BackchannelAuthenticationCompleteResponse()

Method Detail

getAction

public BackchannelAuthenticationCompleteResponse.Action getAction()

Get the next action that the OpenID provider should take.

Returns:

The next action.

setAction

public BackchannelAuthenticationCompleteResponse setAction(BackchannelAuthenticationCompleteResponse.Action action)

Set the next action that the OpenID provider should take.

Parameters:

action - The next action.

Returns:

this object.

getResponseContent

public String getResponseContent()

Get the content of the notification.

When getAction() returns NOTIFICATION, this method returns JSON which should be used as the request body of the notification.

In successful cases, when the backchannel token delivery mode is "ping", the JSON contains "auth_req_id". On the other hand, when the backchannel token delivery mode is "push", the JSON contains an access token, an ID token, and optionally a refresh token (and some other properties).

Returns:

The content of the notification.

setResponseContent

public BackchannelAuthenticationCompleteResponse setResponseContent(String responseContent)

Set the content of the notification.

Parameters:

responseContent - The content of the notification.

Returns:

this object.

getClientId

public long getClientId()

Get the client ID of the client application that has made the backchannel authentication request.

Returns:

The client ID of the client application.

setClientId

public BackchannelAuthenticationCompleteResponse setClientId(long clientId)

Set the client ID of the client application that has made the backchannel authentication request.

Parameters:

clientId - The client ID of the client application.

Returns:

this object.

getClientIdAlias

public String getClientIdAlias()

Get the client ID alias of the client application that has made the backchannel authentication request.

Returns:

The client ID alias of the client application.

setClientIdAlias

public BackchannelAuthenticationCompleteResponse setClientIdAlias(String alias)

Set the client ID alias of the client application that has made the backchannel authentication request.

Parameters:

alias - The client ID alias of the client application.

Returns:

this object.

isClientIdAliasUsed

public boolean isClientIdAliasUsed()

Get the flag which indicates whether the client ID alias was used in the backchannel authentication request.

Returns:

true if the client ID alias was used in the request.

setClientIdAliasUsed

public BackchannelAuthenticationCompleteResponse setClientIdAliasUsed(boolean used)

Set the flag which indicates whether the client ID alias was used in the backchannel authentication request.

Parameters:

used - true to indicate that the client ID alias was used in the request.

Returns:

this object.

getClientIdentifier

public String getClientIdentifier()

Get the client identifier used in the backchannel authentication request.

When isClientIdAliasUsed() returns true, this method returns the same value as getClientIdAlias() does. Otherwise, this method returns the string representation of the value returned from getClientId().

Returns:

The client identifier used in the backchannel authentication request.

getClientName

public String getClientName()

Get the name of the client application which has made the backchannel authentication request.

Returns:

The name of the client application.

setClientName

public BackchannelAuthenticationCompleteResponse setClientName(String name)

Set the name of the client application which has made the backchannel authentication request.

Parameters:

name - The name of the client application.

Returns:

this object.

getDeliveryMode

public DeliveryMode getDeliveryMode()

Get the backchannel token delivery mode.

Returns:

The backchannel token delivery mode.

setDeliveryMode

public BackchannelAuthenticationCompleteResponse setDeliveryMode(DeliveryMode deliveryMode)

Set the backchannel token delivery mode.

Parameters:

deliveryMode - The backchannel token delivery mode.

Returns:

this object.

getClientNotificationEndpoint

public URI getClientNotificationEndpoint()

Get the client notification endpoint to which a notification needs to be sent.

This corresponds to the "client_notification_endpoint" metadata of the client application.

Returns:

The client notification endpoint.

setClientNotificationEndpoint

public BackchannelAuthenticationCompleteResponse setClientNotificationEndpoint(URI endpoint)

Set the client notification endpoint to which a notification needs to be sent.

This corresponds to the "client_notification_endpoint" metadata of the client application.

Parameters:

endpoint - The client notification endpoint.

Returns:

this object.

getClientNotificationToken

public String getClientNotificationToken()

Get the client notification token which needs to be embedded as a Bearer token in the Authorization header in the notification.

This is the value of the "client_notification_token" request parameter included in the backchannel authentication request.

Returns:

The client notification token.

setClientNotificationToken

public BackchannelAuthenticationCompleteResponse setClientNotificationToken(String token)

Set the client notification token which needs to be embedded as a Bearer token in the Authorization header in the notification.

Parameters:

token - The client notification token.

Returns:

this object.

getAuthReqId

public String getAuthReqId()

Get the value of the "auth_req_id" which is associated with the ticket.

Returns:

The value of the "auth_req_id".

setAuthReqId

public BackchannelAuthenticationCompleteResponse setAuthReqId(String authReqId)

Set the value of the "auth_req_id" which is associated with the ticket.

Parameters:

authReqId - The value of the "auth_req_id".

Returns:

this object.

getAccessToken

public String getAccessToken()

Get the issued access token. This method returns a non-null value only when the backchannel token delivery mode is "push" and an access token has been issued successfully.

Returns:

The issued access token.

setAccessToken

public BackchannelAuthenticationCompleteResponse setAccessToken(String accessToken)

Set the issued access token.

Parameters:

accessToken - The issued access token.

Returns:

this object.

getRefreshToken

public String getRefreshToken()

Get the issued refresh token. This method returns a non-null value only when the backchannel token delivery mode is "push" and a refresh token has been issued successfully.

Note that refresh tokens are not issued if the service does not support the refresh token flow.

Returns:

The issued refresh token.

setRefreshToken

public BackchannelAuthenticationCompleteResponse setRefreshToken(String refreshToken)

Set the issued refresh token.

Parameters:

refreshToken - The issued refresh token.

Returns:

this object.

getIdToken

public String getIdToken()

Get the issued ID token. This method returns a non-null value only when the backchannel token delivery mode is "push" and an ID token has been issued successfully.

Returns:

The issued ID token.

setIdToken

public BackchannelAuthenticationCompleteResponse setIdToken(String idToken)

Set the issued ID token.

Parameters:

idToken - The issued ID token.

Returns:

this object.

getAccessTokenDuration

public long getAccessTokenDuration()

Get the duration of the access token in seconds. If an access token has not been issued, this method returns 0.

Returns:

The duration of the access token in seconds.

setAccessTokenDuration

public BackchannelAuthenticationCompleteResponse setAccessTokenDuration(long duration)

Set the duration of the access token in seconds.

Parameters:

duration - The duration of the access token in seconds.

Returns:

this object.

getRefreshTokenDuration

public long getRefreshTokenDuration()

Get the duration of the refresh token in seconds. If a refresh token has not been issued, this method returns 0.

Returns:

The duration of the refresh token in seconds.

setRefreshTokenDuration

public BackchannelAuthenticationCompleteResponse setRefreshTokenDuration(long duration)

Set the duration of the refresh token in seconds.

Parameters:

duration - The duration of the refresh token in seconds.

Returns:

this object.

getIdTokenDuration

public long getIdTokenDuration()

Get the duration of the ID token in seconds. If an ID token has not been issued, this method returns 0.

Returns:

The duration of the ID token in seconds.

setIdTokenDuration

public BackchannelAuthenticationCompleteResponse setIdTokenDuration(long duration)

Set the duration of the ID token in seconds.

Parameters:

duration - The duration of the ID token in seconds.

Returns:

this object.

getJwtAccessToken

public String getJwtAccessToken()

Get the newly issued access token in JWT format.

If the authorization server is configured to issue JWT-based access tokens (= if Service.getAccessTokenSignAlg() returns a non-null value), a JWT-based access token is issued along with the original random-string one.

Regarding the detailed format of the JWT-based access token, see the description of the Service class.

Returns:

The newly issued access token in JWT format. If the service is not configured to issue JWT-based access tokens, this method always returns null.

Since:

2.37

See Also:

getAccessToken()

setJwtAccessToken

public BackchannelAuthenticationCompleteResponse setJwtAccessToken(String jwtAccessToken)

Set the newly issued access token in JWT format.

Parameters:

jwtAccessToken - The newly issued access token in JWT format.

Returns:

this object.

Since:

2.37