com.authlete.common.dto

Class Client

java.lang.Object

com.authlete.common.dto.Client

All Implemented Interfaces:

Serializable

public class Client
extends Object
implements Serializable

Information about a client application.

Some properties correspond to the ones listed in Client Metadata in OpenID Connect Dynamic Client Registration 1.0.

Author:

Takahiko Kawasaki

See Also:

OpenID Connect Dynamic Client Registration 1.0, Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM), Serialized Form

Constructor Summary

Constructors

Constructor and Description
Client()

Method Summary

Modifier and Type	Method and Description
ApplicationType	getApplicationType() Get the application type.
JWEAlg	getAuthorizationEncryptionAlg() Get the JWE alg algorithm for encrypting authorization responses.
JWEEnc	getAuthorizationEncryptionEnc() Get the JWE enc algorithm for encrypting authorization responses.
JWSAlg	getAuthorizationSignAlg() Get the JWS alg algorithm for signing authorization responses.
DeliveryMode	getBcDeliveryMode() Get the backchannel token delivery mode.
URI	getBcNotificationEndpoint() Get the backchannel client notification endpoint.
JWSAlg	getBcRequestSignAlg() Get the signature algorithm of the request to the backchannel authentication endpoint.
long	getClientId() Get the client ID.
String	getClientIdAlias() Get the alias of the client ID.
String	getClientName() Get the client name.
TaggedValue[]	getClientNames() Get the client names each of which has a language tag.
String	getClientSecret() Get the client secret.
ClientType	getClientType() Get the client type.
URI	getClientUri() Get the URI of the home page.
TaggedValue[]	getClientUris() Get the URIs of the home pages for specific languages.
String[]	getContacts() Get the email addresses of contacts.
long	getCreatedAt() Get the time at which this client was created.
String[]	getDefaultAcrs() Get the default list of authentication context class references.
int	getDefaultMaxAge() Get the default value of the maximum authentication age in seconds.
String	getDescription() Get the description.
TaggedValue[]	getDescriptions() Get the descriptions for specific languages.
String	getDeveloper() Get the unique ID of the developer of this client application.
ClientExtension	getExtension() Get the extended information about this client.
GrantType[]	getGrantTypes() Get grant_type values that the client is declaring that it will restrict itself to using.
JWEAlg	getIdTokenEncryptionAlg() Get the JWE alg algorithm for encrypting the ID token issued to this client.
JWEEnc	getIdTokenEncryptionEnc() Get the JWE enc algorithm for encrypting the ID token issued to this client.
JWSAlg	getIdTokenSignAlg() Get the JWS alg algorithm for signing the ID token issued to this client.
String	getJwks() Get the JSON Web Key Set.
URI	getJwksUri() Get the URI of the JSON Web Key Set of the client application.
URI	getLoginUri() Get the URL that can initiate a login for this client application.
URI	getLogoUri() Get the URI of the logo image.
TaggedValue[]	getLogoUris() Get the logo URIs each of which has a language tag.
long	getModifiedAt() Get the time at which this client was last modified.
int	getNumber() Get the client number.
URI	getPolicyUri() Get the URI of the policy page which describes how the client application uses the profile data of the end-user.
TaggedValue[]	getPolicyUris() Get the URIs of the policy pages for specific languages.
String[]	getRedirectUris() Get the redirect URIs.
String	getRegistrationAccessTokenHash() Get the hash of the registration access token for this client.
JWEAlg	getRequestEncryptionAlg() Get the JWE alg algorithm for encrypting request objects.
JWEEnc	getRequestEncryptionEnc() Get the JWE enc algorithm for encrypting request objects.
JWSAlg	getRequestSignAlg() Get the JWS alg algorithm for signing request objects.
String[]	getRequestUris() Get the request URIs that this client declares it may use.
ResponseType[]	getResponseTypes() Get response_type values that the client is declaring that it will restrict itself to using.
URI	getSectorIdentifier() Get the sector identifier.
URI	getSectorIdentifierUri() Get the value of the sector identifier URI.
String	getSelfSignedCertificateKeyId() Get the key ID of a JWK containing a self-signed certificate of this client.
int	getServiceNumber() Get the number of the service which this client belongs to.
String	getSoftwareId() Get the unique identifier string assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered.
String	getSoftwareVersion() Get the version identifier string for the client software identified by the software ID.
SubjectType	getSubjectType() Get the subject type that this client application requests.
String	getTlsClientAuthSanDns() Get the string representation of the expected DNS subject alternative name of the certificate this client will use in mutual TLS authentication.
String	getTlsClientAuthSanEmail() Get the string representation of the expected email address subject alternative name of the certificate this client will use in mutual TLS authentication.
String	getTlsClientAuthSanIp() Get the string representation of the expected IP address subject alternative name of the certificate this client will use in mutual TLS authentication.
URI	getTlsClientAuthSanUri() Get the string representation of the expected URI subject alternative name of the certificate this client will use in mutual TLS authentication.
String	getTlsClientAuthSubjectDn() Get the string representation of the expected subject distinguished name of the certificate this client will use in mutual TLS authentication.
ClientAuthMethod	getTokenAuthMethod() Get the client authentication method for the token endpoint.
JWSAlg	getTokenAuthSignAlg() Get the JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint.
URI	getTosUri() Get the URI of the "Terms Of Service" page.
TaggedValue[]	getTosUris() Get the URIs of the "Terms Of Service" pages for specific languages.
JWEAlg	getUserInfoEncryptionAlg() Get the JWE alg algorithm for encrypting UserInfo responses.
JWEEnc	getUserInfoEncryptionEnc() Get the JWE enc algorithm for encrypting UserInfo responses.
JWSAlg	getUserInfoSignAlg() Get the JWS alg algorithm for signing UserInfo responses.
boolean	isAuthTimeRequired() Get the flag which indicates whether this client requires auth_time claim to be embedded in the ID token.
boolean	isBcUserCodeRequired() Get the boolean flag which indicates whether a user code is required when this client makes a backchannel authentication request.
boolean	isClientIdAliasEnabled() Get the flag which indicates whether the client ID alias is enabled or not.
boolean	isDynamicallyRegistered() Get the flag which indicates whether this client has been registered dynamically.
boolean	isTlsClientCertificateBoundAccessTokens() Does this client use TLS client certificate bound access tokens?
Client	setApplicationType(ApplicationType applicationType) Set the application type.
Client	setAuthorizationEncryptionAlg(JWEAlg alg) Set the JWE alg algorithm for encrypting authorization responses.
Client	setAuthorizationEncryptionEnc(JWEEnc enc) Set the JWE enc algorithm for encrypting authorization responses.
Client	setAuthorizationSignAlg(JWSAlg alg) Set the JWS alg algorithm for signing authorization responses.
Client	setAuthTimeRequired(boolean required) Set the flag which indicates whether this client requires auth_time claim to be embedded in the ID token.
Client	setBcDeliveryMode(DeliveryMode mode) Set the backchannel token delivery mode.
Client	setBcNotificationEndpoint(URI endpoint) Set the backchannel client notification endpoint.
Client	setBcRequestSignAlg(JWSAlg alg) Set the signature algorithm of the request to the backchannel authentication endpoint.
Client	setBcUserCodeRequired(boolean required) Set the boolean flag which indicates whether a user code is required when this client makes a backchannel authentication request.
Client	setClientId(long clientId) Set the client ID.
Client	setClientIdAlias(String alias) Set the alias of the client ID.
Client	setClientIdAliasEnabled(boolean enabled) Enable/disable the client ID alias.
Client	setClientName(String clientName) Set the client name.
Client	setClientNames(TaggedValue[] clientNames) Set the client names each of which has a language tag.
Client	setClientSecret(String clientSecret) Set the client secret.
Client	setClientType(ClientType clientType) Set the client type.
Client	setClientUri(URI uri) Set the URI of the home page.
Client	setClientUris(TaggedValue[] uris) Set the URIs of the home pages for specific languages.
Client	setContacts(String[] contacts) Set the email addresses of contacts.
Client	setCreatedAt(long createdAt) Set the time at which this client was created.
Client	setDefaultAcrs(String[] defaultAcrs) Set the default list of authentication context class references.
Client	setDefaultMaxAge(int defaultMaxAge) Set the default value of the maximum authentication age in seconds.
Client	setDescription(String description) Set the description.
Client	setDescriptions(TaggedValue[] descriptions) Set the descriptions for specific languages.
Client	setDeveloper(String developer) Set the unique ID of the developer of this client application.
Client	setDynamicallyRegistered(boolean dynamicallyRegistered) Set the flag which indicates whether this client has been registered dynamically.
Client	setExtension(ClientExtension extension) Set the extended information about this client.
Client	setGrantTypes(GrantType[] grantTypes) Set grant_type values that the client is declaring that it will restrict itself to using.
Client	setIdTokenEncryptionAlg(JWEAlg alg) Set the JWE alg algorithm for encrypting the ID token issued to this client.
Client	setIdTokenEncryptionEnc(JWEEnc enc) Set the JWE enc algorithm for encrypting the ID token issued to this client.
Client	setIdTokenSignAlg(JWSAlg alg) Set the JWS alg algorithm for signing the ID token issued to this client.
Client	setJwks(String jwks) Set the JSON Web Key Set.
Client	setJwksUri(URI uri) Set the URI of the JSON Web Key Set of the client application.
Client	setLoginUri(URI uri) Set the URL that can initiate a login for this client application.
Client	setLogoUri(URI uri) Set the URI of the logo image.
Client	setLogoUris(TaggedValue[] uris) Set the logo URIs each of which has a language tag.
Client	setModifiedAt(long modifiedAt) Set the time at which this client was last modified.
Client	setNumber(int number) Set the client number.
Client	setPolicyUri(URI uri) Set the URI of the policy page which describes how the client application uses the profile data of the end-user.
Client	setPolicyUris(TaggedValue[] uris) Set the URIs of the policy pages for specific languages.
Client	setRedirectUris(String[] uris) Set the redirect URIs.
Client	setRegistrationAccessTokenHash(String registrationAccessToken) Set the hash of the registration access token for this client.
Client	setRequestEncryptionAlg(JWEAlg alg) Set the JWE alg algorithm for encrypting request objects.
Client	setRequestEncryptionEnc(JWEEnc enc) Set the JWE enc algorithm for encrypting request objects.
Client	setRequestSignAlg(JWSAlg alg) Set the JWS alg algorithm for signing request objects.
Client	setRequestUris(String[] uris) Set the request URIs that this client declares it may use.
Client	setResponseTypes(ResponseType[] responseTypes) Set response_type values that the client is declaring that it will restrict itself to using.
Client	setSectorIdentifier(URI sectorIdentifier) Set the sector identifier.
Client	setSectorIdentifierUri(URI uri) Set the value of the sector identifier URI.
Client	setSelfSignedCertificateKeyId(String keyId) Set the key ID of a JWK containing a self-signed certificate of this client.
Client	setServiceNumber(int number) Set the number of the service which this client belongs to.
Client	setSoftwareId(String softwareId) Set a unique identifier string assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered.
Client	setSoftwareVersion(String softwareVersion) Set a version identifier string for the client software identified by the software ID.
Client	setSubjectType(SubjectType subjectType) Set the subject type that this client application requests.
Client	setTlsClientAuthSanDns(String tlsClientAuthSanDns) Set the string representation of the expected DNS subject alternative name of the certificate this client will use in mutual TLS authentication.
Client	setTlsClientAuthSanEmail(String tlsClientAuthSanEmail) Set the string representation of the expected email address subject alternative name of the certificate this client will use in mutual TLS authentication.
Client	setTlsClientAuthSanIp(String tlsClientAuthSanIp) Set the string representation of the expected IP address subject alternative name of the certificate this client will use in mutual TLS authentication.
Client	setTlsClientAuthSanUri(URI tlsClientAuthSanUri) Set the string representation of the expected URI subject alternative name of the certificate this client will use in mutual TLS authentication.
Client	setTlsClientAuthSubjectDn(String name) Set the string representation of the expected subject distinguished name of the certificate this client will use in mutual TLS authentication.
Client	setTlsClientCertificateBoundAccessTokens(boolean use) Set whether this client uses TLS client certificate bound access tokens or not.
Client	setTokenAuthMethod(ClientAuthMethod method) Set the client authentication method for the token endpoint.
Client	setTokenAuthSignAlg(JWSAlg alg) Set the JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint.
Client	setTosUri(URI uri) Set the URI of the "Terms Of Service" page.
Client	setTosUris(TaggedValue[] uris) Set the URIs of the "Terms Of Service" pages for specific languages.
Client	setUserInfoEncryptionAlg(JWEAlg alg) Set the JWE alg algorithm for encrypting UserInfo responses.
Client	setUserInfoEncryptionEnc(JWEEnc enc) Set the JWE enc algorithm for encrypting UserInfo responses.
Client	setUserInfoSignAlg(JWSAlg alg) Set the JWS alg algorithm for signing UserInfo responses.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Client

public Client()

Method Detail

getNumber

public int getNumber()

Get the client number.

Returns:

The client number.

setNumber

public Client setNumber(int number)

Set the client number.

Parameters:

number - The client number.

Returns:

this object.

getServiceNumber

public int getServiceNumber()

Get the number of the service which this client belongs to.

Returns:

The service number

setServiceNumber

public Client setServiceNumber(int number)

Set the number of the service which this client belongs to.

Parameters:

number - The service number.

Returns:

this object.

getDeveloper

public String getDeveloper()

Get the unique ID of the developer of this client application.

Returns:

The developer unique ID.

setDeveloper

public Client setDeveloper(String developer)

Set the unique ID of the developer of this client application.

Parameters:

developer - The developer unique ID.

Returns:

this object.

getClientId

public long getClientId()

Get the client ID.

Returns:

The client ID.

setClientId

public Client setClientId(long clientId)

Set the client ID.

Parameters:

clientId - The client ID.

Returns:

this object.

getClientIdAlias

public String getClientIdAlias()

Get the alias of the client ID.

Note that the client ID alias is recognized only when this client's clientIdAliasEnabled property is true AND the service's clientIdAliasEnabled property is also true.

Returns:

The alias of the client ID. This may be null.

Since:

2.1

setClientIdAlias

public Client setClientIdAlias(String alias)

Set the alias of the client ID.

Note that the client ID alias is recognized only when this client's clientIdAliasEnabled property is true AND the service's clientIdAliasEnabled property is also true.

Parameters:

alias - The alias of the client ID.

Returns:

this object.

Since:

2.1

isClientIdAliasEnabled

public boolean isClientIdAliasEnabled()

Get the flag which indicates whether the client ID alias is enabled or not.

Note that Service class also has clientIdAliasEnabled property. If the service's clientIdAliasEnabled property is false, the client ID alias of this client is not recognized even if this client's clientIdAliasEnabled property is true.

Returns:

true if the client ID alias is enabled.

Since:

2.2

setClientIdAliasEnabled

public Client setClientIdAliasEnabled(boolean enabled)

Enable/disable the client ID alias.

Note that Service class also has clientIdAliasEnabled property. If the service's clientIdAliasEnabled property is false, the client ID alias of this client is not recognized even if this client's clientIdAliasEnabled property is true.

Parameters:

enabled - true to enable the client ID alias. false to disable it.

Returns:

this object.

Since:

2.2

getClientSecret

public String getClientSecret()

Get the client secret.

Returns:

The client secret.

setClientSecret

public Client setClientSecret(String clientSecret)

Set the client secret.

Parameters:

clientSecret - The client secret.

Returns:

this object.

getClientType

public ClientType getClientType()

Get the client type.

Returns:

The client type.

setClientType

public Client setClientType(ClientType clientType)

Set the client type.

Parameters:

clientType - The client type.

Returns:

this object.

getRedirectUris

public String[] getRedirectUris()

Get the redirect URIs.

Returns:

The redirect URIs.

See Also:

RFC 6749 (OAuth 2.0), 3.1.2. Redirection Endpoint

setRedirectUris

public Client setRedirectUris(String[] uris)

Set the redirect URIs.

Parameters:

uris - The redirect URIs.

Returns:

this object.

See Also:

RFC 6749 (OAuth 2.0), 3.1.2. Redirection Endpoint

getResponseTypes

public ResponseType[] getResponseTypes()

Get response_type values that the client is declaring that it will restrict itself to using.

Returns:

The response types.

setResponseTypes

public Client setResponseTypes(ResponseType[] responseTypes)

Set response_type values that the client is declaring that it will restrict itself to using.

Parameters:

responseTypes - The response types.

Returns:

this object.

getGrantTypes

public GrantType[] getGrantTypes()

Get grant_type values that the client is declaring that it will restrict itself to using.

Returns:

The grant types.

setGrantTypes

public Client setGrantTypes(GrantType[] grantTypes)

Set grant_type values that the client is declaring that it will restrict itself to using.

Parameters:

grantTypes - The grant types.

Returns:

this object.

getApplicationType

public ApplicationType getApplicationType()

Get the application type.

Returns:

The application type.

See Also:

OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata

setApplicationType

public Client setApplicationType(ApplicationType applicationType)

Set the application type.

Parameters:

applicationType - The application type.

Returns:

this object.

See Also:

OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata

getContacts

public String[] getContacts()

Get the email addresses of contacts.

Returns:

Email addresses of contacts.

setContacts

public Client setContacts(String[] contacts)

Set the email addresses of contacts.

Parameters:

contacts - Email addresses of contacts.

Returns:

this object.

getClientName

public String getClientName()

Get the client name.

Returns:

The client name.

setClientName

public Client setClientName(String clientName)

Set the client name.

Parameters:

clientName - The client name.

Returns:

this object.

getClientNames

public TaggedValue[] getClientNames()

Get the client names each of which has a language tag.

Returns:

The client names each of which has a language tag.

setClientNames

public Client setClientNames(TaggedValue[] clientNames)

Set the client names each of which has a language tag.

Parameters:

clientNames - The client names.

Returns:

this object.

getLogoUri

public URI getLogoUri()

Get the URI of the logo image.

Returns:

The URI of the logo image.

setLogoUri

public Client setLogoUri(URI uri)

Set the URI of the logo image.

Parameters:

uri - The URI of the logo image.

Returns:

this object.

getLogoUris

public TaggedValue[] getLogoUris()

Get the logo URIs each of which has a language tag.

Returns:

The logo URIs.

setLogoUris

public Client setLogoUris(TaggedValue[] uris)

Set the logo URIs each of which has a language tag.

Parameters:

uris - The logo URIs.

Returns:

this object.

getClientUri

public URI getClientUri()

Get the URI of the home page.

Returns:

The URI of the home page.

setClientUri

public Client setClientUri(URI uri)

Set the URI of the home page.

Parameters:

uri - The URI of the home page.

Returns:

this object.

getClientUris

public TaggedValue[] getClientUris()

Get the URIs of the home pages for specific languages.

Returns:

The URIs of the home page for specific languages.

setClientUris

public Client setClientUris(TaggedValue[] uris)

Set the URIs of the home pages for specific languages.

Parameters:

uris - The URIs of the home page for specific languages.

Returns:

this object.

getPolicyUri

public URI getPolicyUri()

Get the URI of the policy page which describes how the client application uses the profile data of the end-user.

Returns:

The URI of the policy page.

setPolicyUri

public Client setPolicyUri(URI uri)

Set the URI of the policy page which describes how the client application uses the profile data of the end-user.

Parameters:

uri - The URI of the policy page.

Returns:

this object.

getPolicyUris

public TaggedValue[] getPolicyUris()

Get the URIs of the policy pages for specific languages.

Returns:

The URIs of the policy pages for specific languages.

setPolicyUris

public Client setPolicyUris(TaggedValue[] uris)

Set the URIs of the policy pages for specific languages.

Parameters:

uris - The URIs of the policy pages for specific languages.

Returns:

this object.

getTosUri

public URI getTosUri()

Get the URI of the "Terms Of Service" page.

Returns:

The URI of the "Terms Of Service" page.

setTosUri

public Client setTosUri(URI uri)

Set the URI of the "Terms Of Service" page.

Parameters:

uri - The URI of the "Terms Of Service" page.

Returns:

this object.

getTosUris

public TaggedValue[] getTosUris()

Get the URIs of the "Terms Of Service" pages for specific languages.

Returns:

The URIs of the "Terms Of Service" pages for specific languages.

setTosUris

public Client setTosUris(TaggedValue[] uris)

Set the URIs of the "Terms Of Service" pages for specific languages.

Parameters:

uris - The URIs of the "Terms Of Service" pages for specific languages.

Returns:

this object.

getJwksUri

public URI getJwksUri()

Get the URI of the JSON Web Key Set of the client application.

Returns:

The URI of the JSON Web Key Set of the client application.

setJwksUri

public Client setJwksUri(URI uri)

Set the URI of the JSON Web Key Set of the client application.

Parameters:

uri - The URI of the JSON Web Key Set of the client application.

Returns:

this object.

getJwks

public String getJwks()

Get the JSON Web Key Set.

Returns:

The JSON Web Key Set.

setJwks

public Client setJwks(String jwks)

Set the JSON Web Key Set.

Parameters:

jwks - The JSON Web Key Set.

Returns:

this object.

getSectorIdentifier

public URI getSectorIdentifier()

Get the sector identifier.

NOTE

Authlete 2.1 and older versions use this property (sectorIdentifier) as the value of the sector_identifier_uri client metadata. However, it was wrong. Consolation is that it won't cause any issue because old Authlete versions do nothing special for the sector identifier. In other words, it's because old Authlete versions don't support subject_type=pairwise.

Since Authlete 2.2, this property (sectorIdentifier) has a different meaning. It holds the sector identifier which is calculated based on the values of redirect URIs or the sector identifier URI (sectorIdentifierUri). How to determine the value of the sector identifier is described in 8.1. Pairwise Identifier Algorithm of OpenID Connect Core 1.0.

The value of sectorIdentifier is computed by Authlete, so the value is included in responses from Authlete. This implies that it is meaningless to set the value of sectorIdentfier in requests to Authlete APIs such as /api/client/update API.

Returns:

The sector identifier.

See Also:

OIDC Core, 8.1. Pairwise Identifier Algorithm

setSectorIdentifier

public Client setSectorIdentifier(URI sectorIdentifier)

Set the sector identifier.

NOTE

Authlete 2.1 and older versions use this property (sectorIdentifier) as the value of the sector_identifier_uri client metadata. However, it was wrong. Consolation is that it won't cause any issue because old Authlete versions do nothing special for the sector identifier. In other words, it's because old Authlete versions don't support subject_type=pairwise.

Since Authlete 2.2, this property (sectorIdentifier) has a different meaning. It holds the sector identifier which is calculated based on the values of redirect URIs or the sector identifier URI (sectorIdentifierUri). How to determine the value of sector identifier is described in 8.1. Pairwise Identifier Algorithm of OpenID Connect Core 1.0.

The value of sectorIdentifier is computed by Authlete, so the value is included in responses from Authlete. This implies that it is meaningless to set the value of sectorIdentfier in requests to Authlete APIs such as /api/client/update API.

Parameters:

sectorIdentifier - The sector identifier.

Returns:

this object.

See Also:

OIDC Core, 8.1. Pairwise Identifier Algorithm

getSectorIdentifierUri

public URI getSectorIdentifierUri()

Get the value of the sector identifier URI.

This represents the sector_identifier_uri client metadata which is defined in 2. Client Metadata of OpenID Connect Dynamic Client Registration 1.0.

Returns:

The sector identifier URI.

Since:

2.50

setSectorIdentifierUri

public Client setSectorIdentifierUri(URI uri)

Set the value of the sector identifier URI.

This represents the sector_identifier_uri client metadata which is defined in 2. Client Metadata of OpenID Connect Dynamic Client Registration 1.0.

Parameters:

uri - The sector identifier URI.

Returns:

this object.

Since:

2.50

getSubjectType

public SubjectType getSubjectType()

Get the subject type that this client application requests.

Returns:

The subject type.

See Also:

Subject Identifier Types

setSubjectType

public Client setSubjectType(SubjectType subjectType)

Set the subject type that this client application requests.

Parameters:

subjectType - The subject type.

Returns:

this object.

See Also:

Subject Identifier Types

getIdTokenSignAlg

public JWSAlg getIdTokenSignAlg()

Get the JWS alg algorithm for signing the ID token issued to this client. This property corresponds to id_token_signed_response_alg in Client Metadata.

Returns:

The JWS alg algorithm for signing the ID token issued to this client.

setIdTokenSignAlg

public Client setIdTokenSignAlg(JWSAlg alg)

Set the JWS alg algorithm for signing the ID token issued to this client. This property corresponds to id_token_signed_response_alg in Client Metadata.

Parameters:

alg - The JWS alg algorithm for signing the ID token issued to this client.

Returns:

this object.

getIdTokenEncryptionAlg

public JWEAlg getIdTokenEncryptionAlg()

Get the JWE alg algorithm for encrypting the ID token issued to this client. This property corresponds to id_token_encrypted_response_algin Client Metadata.

Returns:

The JWE alg algorithm for encrypting the ID token issued to this client.

setIdTokenEncryptionAlg

public Client setIdTokenEncryptionAlg(JWEAlg alg)

Set the JWE alg algorithm for encrypting the ID token issued to this client. This property corresponds to id_token_encrypted_response_algin Client Metadata.

Parameters:

alg - The JWE alg algorithm for encrypting the ID token issued to this client.

Returns:

this object.

getIdTokenEncryptionEnc

public JWEEnc getIdTokenEncryptionEnc()

Get the JWE enc algorithm for encrypting the ID token issued to this client. This property corresponds to id_token_encrypted_response_encin Client Metadata.

Returns:

The JWE enc algorithm for encrypting the ID token issued to this client.

setIdTokenEncryptionEnc

public Client setIdTokenEncryptionEnc(JWEEnc enc)

Set the JWE enc algorithm for encrypting the ID token issued to this client. This property corresponds to id_token_encrypted_response_encin Client Metadata.

Parameters:

enc - The JWE enc algorithm for encrypting the ID token issued to this client.

Returns:

this object.

getUserInfoSignAlg

public JWSAlg getUserInfoSignAlg()

Get the JWS alg algorithm for signing UserInfo responses. This property corresponds to userinfo_signed_response_alg in Client Metadata.

Returns:

The JWS alg algorithm for signing UserInfo responses.

setUserInfoSignAlg

public Client setUserInfoSignAlg(JWSAlg alg)

Set the JWS alg algorithm for signing UserInfo responses. This property corresponds to userinfo_signed_response_alg in Client Metadata.

Parameters:

alg - The JWS alg algorithm for signing UserInfo responses.

Returns:

this object.

getUserInfoEncryptionAlg

public JWEAlg getUserInfoEncryptionAlg()

Get the JWE alg algorithm for encrypting UserInfo responses. This property corresponds to userinfo_encrypted_response_alg in Client Metadata.

Returns:

The JWE alg algorithm for encrypting UserInfo responses.

setUserInfoEncryptionAlg

public Client setUserInfoEncryptionAlg(JWEAlg alg)

Set the JWE alg algorithm for encrypting UserInfo responses. This property corresponds to userinfo_encrypted_response_alg in Client Metadata.

Parameters:

alg - The JWE alg algorithm for encrypting UserInfo responses.

Returns:

this object.

getUserInfoEncryptionEnc

public JWEEnc getUserInfoEncryptionEnc()

Get the JWE enc algorithm for encrypting UserInfo responses. This property corresponds to userinfo_encrypted_response_enc in Client Metadata.

Returns:

The JWE enc algorithm for encrypting UserInfo responses.

setUserInfoEncryptionEnc

public Client setUserInfoEncryptionEnc(JWEEnc enc)

Set the JWE enc algorithm for encrypting UserInfo responses. This property corresponds to userinfo_encrypted_response_enc in Client Metadata.

Parameters:

enc - The JWE enc algorithm for encrypting UserInfo responses.

Returns:

this object.

getRequestSignAlg

public JWSAlg getRequestSignAlg()

Get the JWS alg algorithm for signing request objects. This property corresponds to request_object_signing_alg in Client Metadata.

Returns:

The JWS alg algorithm for signing request objects.

setRequestSignAlg

public Client setRequestSignAlg(JWSAlg alg)

Set the JWS alg algorithm for signing request objects. This property corresponds to request_object_signing_alg in Client Metadata.

Parameters:

alg - The JWS alg algorithm for signing request objects.

Returns:

this object.

getRequestEncryptionAlg

public JWEAlg getRequestEncryptionAlg()

Get the JWE alg algorithm for encrypting request objects. This property corresponds to request_object_encryption_alg in Client Metadata.

Returns:

The JWE alg algorithm for encrypting request objects.

setRequestEncryptionAlg

public Client setRequestEncryptionAlg(JWEAlg alg)

Set the JWE alg algorithm for encrypting request objects. This property corresponds to request_object_encryption_alg in Client Metadata.

Parameters:

alg - The JWE alg algorithm for encrypting request objects.

Returns:

this object.

getRequestEncryptionEnc

public JWEEnc getRequestEncryptionEnc()

Get the JWE enc algorithm for encrypting request objects. This property corresponds to request_object_encryption_enc in Client Metadata.

Returns:

The JWE enc algorithm for encrypting request objects.

setRequestEncryptionEnc

public Client setRequestEncryptionEnc(JWEEnc enc)

Set the JWE enc algorithm for encrypting request objects. This property corresponds to request_object_encryption_enc in Client Metadata.

Parameters:

enc - The JWE enc algorithm for encrypting request objects.

Returns:

this object.

getTokenAuthMethod

public ClientAuthMethod getTokenAuthMethod()

Get the client authentication method for the token endpoint. This property corresponds to token_endpoint_auth_method in Client Metadata.

Returns:

The client authentication method for the token endpoint.

setTokenAuthMethod

public Client setTokenAuthMethod(ClientAuthMethod method)

Set the client authentication method for the token endpoint. This property corresponds to token_endpoint_auth_method in Client Metadata.

Parameters:

method - The client authentication method for the token endpoint.

Returns:

this object.

getTokenAuthSignAlg

public JWSAlg getTokenAuthSignAlg()

Get the JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint. This property corresponds to token_endpoint_auth_signing_alg in Client Metadata.

Returns:

The JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint.

setTokenAuthSignAlg

public Client setTokenAuthSignAlg(JWSAlg alg)

Set the JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint. This property corresponds to token_endpoint_auth_signing_alg in Client Metadata.

Parameters:

alg - The JWS alg algorithm for signing the JWT used to authenticate the client at the token endpoint.

Returns:

this object.

getDefaultMaxAge

public int getDefaultMaxAge()

Get the default value of the maximum authentication age in seconds. This property corresponds to default_max_age in Client Metadata.

Returns:

The default value of the maximum authentication age in seconds.

setDefaultMaxAge

public Client setDefaultMaxAge(int defaultMaxAge)

Set the default value of the maximum authentication age in seconds. This property corresponds to default_max_age in Client Metadata.

This value is used when the request from the client application does not contain the max_age request parameter.

Parameters:

defaultMaxAge - The default value of the maximum authentication age in seconds. 0 means that no default value is set.

Returns:

this object.

isAuthTimeRequired

public boolean isAuthTimeRequired()

Get the flag which indicates whether this client requires auth_time claim to be embedded in the ID token. This property corresponds to require_auth_time in Client Metadata.

Returns:

The flag which indicates whether this client requires auth_time claim to be embedded in the ID token.

setAuthTimeRequired

public Client setAuthTimeRequired(boolean required)

Set the flag which indicates whether this client requires auth_time claim to be embedded in the ID token. This property corresponds to require_auth_time in Client Metadata.

Parameters:

required - The flag which indicates whether this client requires auth_time claim to be embedded in the ID token.

Returns:

this object.

getDefaultAcrs

public String[] getDefaultAcrs()

Get the default list of authentication context class references. This property corresponds to default_acr_values in Client Metadata.

Returns:

The default list of authentication context class references.

setDefaultAcrs

public Client setDefaultAcrs(String[] defaultAcrs)

Set the default list of authentication context class references. This property corresponds to default_max_age in Client Metadata.

This value is used when the request from the client application does not contain the acr_values request parameter.

Parameters:

defaultAcrs - The default list of authentication context class references.

Returns:

this object.

getLoginUri

public URI getLoginUri()

Get the URL that can initiate a login for this client application. This property corresponds to initiate_login_uri in Client Metadata.

Returns:

The URL that can initiate a login for this client application.

setLoginUri

public Client setLoginUri(URI uri)

Set the URL that can initiate a login for this client application. This property corresponds to initiate_login_uri in Client Metadata.

Parameters:

uri - The URL that can initiate a login for this client application.

Returns:

this object.

getRequestUris

public String[] getRequestUris()

Get the request URIs that this client declares it may use. This property corresponds to request_uris in Client Metadata.

Returns:

The request URIs that this client declares it may use.

setRequestUris

public Client setRequestUris(String[] uris)

Set the request URIs that this client declares it may use. This property corresponds to request_uris in Client Metadata.

Parameters:

uris - The request URIs that this client declares it may use.

Returns:

this object.

getDescription

public String getDescription()

Get the description.

Returns:

The description.

setDescription

public Client setDescription(String description)

Set the description.

Parameters:

description - The description.

Returns:

this object.

getDescriptions

public TaggedValue[] getDescriptions()

Get the descriptions for specific languages.

Returns:

The descriptions for specific languages.

setDescriptions

public Client setDescriptions(TaggedValue[] descriptions)

Set the descriptions for specific languages.

Parameters:

descriptions - The descriptions for specific languages.

Returns:

this object.

getCreatedAt

public long getCreatedAt()

Get the time at which this client was created.

Returns:

The time at which this client was created. The value is represented as milliseconds since the UNIX epoch (1970-01-01).

Since:

1.6

setCreatedAt

public Client setCreatedAt(long createdAt)

Set the time at which this client was created.

Parameters:

createdAt - The time at which this client was created.

Returns:

this object.

Since:

1.6

getModifiedAt

public long getModifiedAt()

Get the time at which this client was last modified.

Returns:

The time at which this client was last modified. The value is represented as milliseconds since the UNIX epoch (1970-01-01).

Since:

1.6

setModifiedAt

public Client setModifiedAt(long modifiedAt)

Set the time at which this client was last modified.

Parameters:

modifiedAt - The time at which this client was modified.

Returns:

this object.

Since:

1.6

getExtension

public ClientExtension getExtension()

Get the extended information about this client.

Returns:

The extended information about this client.

Since:

1.39

setExtension

public Client setExtension(ClientExtension extension)

Set the extended information about this client.

Parameters:

extension - The extended information about this client.

Returns:

this object.

Since:

1.39

getTlsClientAuthSubjectDn

public String getTlsClientAuthSubjectDn()

Get the string representation of the expected subject distinguished name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_subject_dn in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Returns:

The expected subject distinguished name of the client certificate.

Since:

2.7

setTlsClientAuthSubjectDn

public Client setTlsClientAuthSubjectDn(String name)

Set the string representation of the expected subject distinguished name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_subject_dn in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Parameters:

name - The expected subject distinguished name of the client certificate.

Returns:

this object.

Since:

2.7

getTlsClientAuthSanDns

public String getTlsClientAuthSanDns()

Get the string representation of the expected DNS subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_dns in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Returns:

The expected DNS subject alternative name of the client certificate.

Since:

2.38

setTlsClientAuthSanDns

public Client setTlsClientAuthSanDns(String tlsClientAuthSanDns)

Set the string representation of the expected DNS subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_dns in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Parameters:

name - The expected DNS subject alternative name of the client certificate.

Returns:

this object.

Since:

2.38

getTlsClientAuthSanUri

public URI getTlsClientAuthSanUri()

Get the string representation of the expected URI subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_uri in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Returns:

The expected URI subject alternative name of the client certificate.

Since:

2.38

setTlsClientAuthSanUri

public Client setTlsClientAuthSanUri(URI tlsClientAuthSanUri)

Set the string representation of the expected URI subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_uri in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Parameters:

name - The expected URI subject alternative name of the client certificate.

Returns:

this object.

Since:

2.38

getTlsClientAuthSanIp

public String getTlsClientAuthSanIp()

Get the string representation of the expected IP address subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_ip in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Returns:

The expected IP address subject alternative name of the client certificate.

Since:

2.38

setTlsClientAuthSanIp

public Client setTlsClientAuthSanIp(String tlsClientAuthSanIp)

Set the string representation of the expected IP address subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_ip in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Parameters:

name - The expected IP address subject alternative name of the client certificate.

Returns:

this object.

Since:

2.38

getTlsClientAuthSanEmail

public String getTlsClientAuthSanEmail()

Get the string representation of the expected email address subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_email in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Returns:

The expected email address subject alternative name of the client certificate.

Since:

2.38

setTlsClientAuthSanEmail

public Client setTlsClientAuthSanEmail(String tlsClientAuthSanEmail)

Set the string representation of the expected email address subject alternative name of the certificate this client will use in mutual TLS authentication.

See tls_client_auth_san_email in "2.3. Dynamic Client Registration" in "Mutual TLS Profiles for OAuth Clients" for details.

Parameters:

name - The expected email address subject alternative name of the client certificate.

Returns:

this object.

Since:

2.38

isTlsClientCertificateBoundAccessTokens

public boolean isTlsClientCertificateBoundAccessTokens()

Does this client use TLS client certificate bound access tokens?

Returns:

true if this client uses TLS client certificate bound access tokens.

Since:

2.19

setTlsClientCertificateBoundAccessTokens

public Client setTlsClientCertificateBoundAccessTokens(boolean use)

Set whether this client uses TLS client certificate bound access tokens or not.

Parameters:

use - true to indicate that this client uses TLS client certificate bound access tokens.

Returns:

this object.

Since:

2.19

getSelfSignedCertificateKeyId

public String getSelfSignedCertificateKeyId()

Get the key ID of a JWK containing a self-signed certificate of this client.

See "2.2. Self-Signed Certificate Mutual TLS OAuth Client Authentication Method" in "OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens" for details.

Returns:

A key ID of a JWK. This may be null.

Since:

2.20

setSelfSignedCertificateKeyId

public Client setSelfSignedCertificateKeyId(String keyId)

Set the key ID of a JWK containing a self-signed certificate of this client. Unless this value is set to null, Authlete uses this value to look up the corresponding JWK for client authentication using mutual TLS utilizing self-signed certificates.

See "2.2. Self-Signed Certificate Mutual TLS OAuth Client Authentication Method" in "OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens" for details.

Parameters:

keyId - A key ID of a JWK. This may be null.

Returns:

this object.

Since:

2.20

getSoftwareId

public String getSoftwareId()

Get the unique identifier string assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered.

This property corresponds to the software_id metadata defined in 2. Client Metadata of RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

Returns:

The unique identifier of the client software.

Since:

2.24

setSoftwareId

public Client setSoftwareId(String softwareId)

Set a unique identifier string assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered.

This property corresponds to the software_id metadata defined in 2. Client Metadata of RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

Parameters:

softwareId - A unique identifier of the client software.

Returns:

this object.

Since:

2.24

getSoftwareVersion

public String getSoftwareVersion()

Get the version identifier string for the client software identified by the software ID.

This property corresponds to the software_version metadata defined in 2. Client Metadata of RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

Returns:

The version of the client software.

Since:

2.24

setSoftwareVersion

public Client setSoftwareVersion(String softwareVersion)

Set a version identifier string for the client software identified by the software ID.

This property corresponds to the software_version metadata defined in 2. Client Metadata of RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

Parameters:

softwareVersion - A version of the client software.

Returns:

this object.

Since:

2.24

getAuthorizationSignAlg

public JWSAlg getAuthorizationSignAlg()

Get the JWS alg algorithm for signing authorization responses. This property corresponds to authorization_signed_response_alg in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Returns:

The JWS alg algorithm for signing authorization responses.

Since:

2.27

setAuthorizationSignAlg

public Client setAuthorizationSignAlg(JWSAlg alg)

Set the JWS alg algorithm for signing authorization responses. This property corresponds to authorization_signed_response_alg in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Parameters:

alg - The JWS alg algorithm for signing authorization responses.

Returns:

this object.

Since:

2.27

getAuthorizationEncryptionAlg

public JWEAlg getAuthorizationEncryptionAlg()

Get the JWE alg algorithm for encrypting authorization responses. This property corresponds to authorization_encrypted_response_alg in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Returns:

The JWE alg algorithm for encrypting authorization responses.

Since:

2.27

setAuthorizationEncryptionAlg

public Client setAuthorizationEncryptionAlg(JWEAlg alg)

Set the JWE alg algorithm for encrypting authorization responses. This property corresponds to authorization_encrypted_response_alg in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Parameters:

alg - The JWE alg algorithm for encrypting authorization responses.

Returns:

this object.

Since:

2.27

getAuthorizationEncryptionEnc

public JWEEnc getAuthorizationEncryptionEnc()

Get the JWE enc algorithm for encrypting authorization responses. This property corresponds to authorization_encrypted_response_enc in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Returns:

The JWE enc algorithm for encrypting authorization responses.

Since:

2.27

setAuthorizationEncryptionEnc

public Client setAuthorizationEncryptionEnc(JWEEnc enc)

Set the JWE enc algorithm for encrypting authorization responses. This property corresponds to authorization_encrypted_response_enc in 5. Client Metadata of Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Parameters:

enc - The JWE enc algorithm for encrypting authorization responses.

Returns:

this object.

Since:

2.27

getBcDeliveryMode

public DeliveryMode getBcDeliveryMode()

Get the backchannel token delivery mode. This property corresponds to the backchannel_token_delivery_mode metadata.

The backchannel token delivery mode is defined in the specification of the CIBA (Client Initiated Backchannel Authentication).

Returns:

The backchannel token delivery mode.

Since:

2.32

setBcDeliveryMode

public Client setBcDeliveryMode(DeliveryMode mode)

Set the backchannel token delivery mode. This property corresponds to the backchannel_token_delivery_mode metadata.

The backchannel token delivery mode is defined in the specification of CIBA (Client Initiated Backchannel Authentication).

Parameters:

mode - The backchannel token delivery mode.

Returns:

this object.

Since:

2.32

getBcNotificationEndpoint

public URI getBcNotificationEndpoint()

Get the backchannel client notification endpoint. This property corresponds to the backchannel_client_notification_endpoint metadata.

The backchannel client notification endpoint is defined in the specification of CIBA (Client Initiated Backchannel Authentication).

Returns:

The backchannel client notification endpoint.

Since:

2.32

setBcNotificationEndpoint

public Client setBcNotificationEndpoint(URI endpoint)

Set the backchannel client notification endpoint. This property corresponds to the backchannel_client_notification_endpoint metadata.

The backchannel client notification endpoint is defined in the specification of CIBA (Client Initiated Backchannel Authentication).

Parameters:

endpoint - The backchannel client notification endpoint.

Returns:

this object.

Since:

2.32

getBcRequestSignAlg

public JWSAlg getBcRequestSignAlg()

Get the signature algorithm of the request to the backchannel authentication endpoint. This property corresponds to the backchannel_authentication_request_signing_alg metadata.

Returns:

The signature algorithm of the request to the backchannel authentication endpoint.

Since:

2.32

setBcRequestSignAlg

public Client setBcRequestSignAlg(JWSAlg alg)

Set the signature algorithm of the request to the backchannel authentication endpoint. This property corresponds to the backchannel_authentication_request_signing_alg metadata.

The specification of CIBA (Client Initiated Backchannel Authentication) allows asymmetric algorithms only.

Parameters:

alg - The signature algorithm of the request to the backchannel authentication endpoint.

Returns:

this object.

Since:

2.32

isBcUserCodeRequired

public boolean isBcUserCodeRequired()

Get the boolean flag which indicates whether a user code is required when this client makes a backchannel authentication request. This property corresponds to the backchannel_user_code_parameter metadata.

Returns:

true if a user code is required when this client makes a backchannel authentication request.

Since:

2.32

setBcUserCodeRequired

public Client setBcUserCodeRequired(boolean required)

Set the boolean flag which indicates whether a user code is required when this client makes a backchannel authentication request. This property corresponds to the backchannel_user_code_parameter metadata.

Parameters:

required - true to indicate that a user code is required when this client makes a backchannel authentication request.

Returns:

this object.

Since:

2.32

isDynamicallyRegistered

public boolean isDynamicallyRegistered()

Get the flag which indicates whether this client has been registered dynamically.

Parameters:

dynamicallyRegistered - true if the client has been registered dynamically.

Returns:

this object.

Since:

2.39

setDynamicallyRegistered

public Client setDynamicallyRegistered(boolean dynamicallyRegistered)

Set the flag which indicates whether this client has been registered dynamically.

Parameters:

dynamicallyRegistered - true if the client has been registered dynamically.

Returns:

this object.

Since:

2.39

getRegistrationAccessTokenHash

public String getRegistrationAccessTokenHash()

Get the hash of the registration access token for this client.

Returns:

The hash of the registration access token for this client.

Since:

2.39

setRegistrationAccessTokenHash

public Client setRegistrationAccessTokenHash(String registrationAccessToken)

Set the hash of the registration access token for this client.

Parameters:

registrationAccessToken - The hash of the registration access token for this client.

Returns:

this object.

Since:

2.39