OAuth2Constants.java revision 09b299b20b0d21d1995bdcbee9e253f19d8b44cd
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2012-2015 ForgeRock AS.
* Portions Copyrighted 2015 Nomura Research Institute, Ltd.
*/
/**
* interface, storage, or both
*/
public class OAuth2Constants {
public enum EndpointType {
/**
* Authorization endpoint - used to obtain authorization from the
* resource owner via user-agent redirection.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-3.1">3.1.
* Authorization Endpoint</a>
*/
/**
* Token endpoint - used to exchange an authorization grant for an
* access token, typically with client authentication.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-3.2">3.2.
* Token Endpoint</a>
*/
/**
* Extension grant types MAY define additional endpoints as needed.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-3">3.
* Protocol Endpoints</a>
*/
}
/*
* public static final Set<String> params;
*
* static { Set<String> paramSet = new HashSet<String>();
* paramSet.add(Params.ACCESS_TOKEN); paramSet.add(Params.CLIENT_ID);
* paramSet.add(Params.CLIENT_SECRET); paramSet.add(Params.CODE);
* paramSet.add(Params.ERROR); paramSet.add(Params.ERROR_DESCRIPTION);
* paramSet.add(Params.ERROR_URI); paramSet.add(Params.EXPIRES_IN);
* paramSet.add(Params.GRANT_TYPE); paramSet.add(Params.PASSWORD);
* paramSet.add(Params.REDIRECT_URI); paramSet.add(Params.REFRESH_TOKEN);
* paramSet.add(Params.RESPONSE_TYPE); paramSet.add(Params.SCOPE);
* paramSet.add(Params.STATE); paramSet.add(Params.TOKEN_TYPE);
* paramSet.add(Params.USERNAME); params =
* Collections.unmodifiableSet(paramSet); }
*/
/**
* The OAuth Parameters Registry's initial contents.
*/
public class Params {
/**
* Parameter usage location: authorization request, token request
*/
/**
* Parameter usage location: token request
*/
/**
* Parameter usage location: authorization request
*/
/**
* Parameter usage location: authoization request
*/
/**
* Delimiter that seperates the response_type values
*/
/**
* Parameter usage location: authorization request, token request
*/
/**
* Parameter usage location: authorization request, authorization
*/
/**
* Parameter usage location: authorization request, authorization
*/
/**
* Parameter usage location: authorization response, token request
*/
/**
* Parameter usage location: token response, userinfo response
*/
/**
* Parameter usage location: token response, userinfo response
*/
/**
* Parameter usage location: authorization response, token response
*/
/**
* Parameter usage location: authorization response, token response
*/
/**
* Parameter usage location: authorization response, token response
*/
/**
* Parameter usage location: token request
*/
/**
* Parameter usage location: authorization response, token response, user info form
*/
/**
* Parameter usage locationon: authorization response, token response
*/
/**
* Parameter usage location: authorization response, token response
*/
/**
* Parameter usage location: token request
*/
/**
* Parameter usage location: token request
*/
/**
* Parameter usage location: token request, token response
*/
/**
* Parameter usage location: token request
*/
/**
* Parameter usage location: OpenId Connect request, as value in scope
*/
/**
* Parameter usage location: OpenID Connect authentication request parameter. Used to specify Authentication
* Context Class Reference (ACR) values. These represent requested Level of Assurance (LoA), which is similar
* in concept to AuthLevel, but is may be mapped to any auth type (auth level, auth chain, module, etc).
*
* @see <a href="http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest">3.1.2.1 Authentication Request</a>
*/
/**
* Parameter usage location: OpenId Connect request
*/
/**
* Parameter usage location: OpenId Connect End Session request
*/
/**
* Parameter usage location: OpenId Connect End Session request
*/
}
public class CoreTokenParams{
}
public class Token {
}
public class StoredToken {
}
public class UserinfoEndpoint {
}
/**
* 11.3.2. Initial Registry Contents
*
* @see <a href="">11.3. The OAuth Authorization Endpoint Response Type
* Registry</a>
*/
public class AuthorizationEndpoint {
/**
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-4.1.1">4.1.1.
* Authorization Request</a>
*/
/**
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-4.2.1">4.2.1.
* Authorization Request</a>
*/
}
/**
* grant_type Registry
*/
public class TokenEndpoint {
/**
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-4.1.3">4.1.3.
* Access Token Request</a>
*/
/**
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-4.3.2">4.3.2.
* Access Token Request</a>
*/
/**
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-4.4.2">4.4.2.
* Access Token Request</a>
*/
/**
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-6">6.
* Refreshing an Access Token</a>
*/
/**
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer">2.1.
* Using SAML20BearerServerResource Assertions as Authorization
* Grants</a>
*/
}
/**
* @see <a href="http://tools.ietf.org/html/draft-ietf-oauth-introspection-04">Token Introspection standard</a>.
*/
public class IntrospectionEndpoint {
}
/**
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-5.2.1">5.2.1.
* The "Bearer" Authentication Scheme</a>
*/
public class Bearer {
/**
* 5.2.1. The "Bearer" Authentication Scheme
* <p/>
* Authentication Scheme Name:
*/
}
/**
* SAML 2.0 Bearer Assertion Profiles for OAuth 2.0
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer">SAML
* 2.0 Bearer Assertion Profiles for OAuth 2.0</a>
*/
public class SAML20 {
/**
* The value of the "client_assertion" parameter MUST contain a single
* SAML 2.0 Assertion. The SAML Assertion XML data MUST be encoded using
* base64url
*/
public static final String CLIENT_ASSERTION_TYPE_URI =
"urn:ietf:params:oauth:client-assertion-type:saml2-bearer";
/**
* The value of the "assertion" parameter MUST contain a single SAML 2.0
* Assertion. The SAML Assertion XML data MUST be encoded using
* base64url
*/
}
/**
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac"></a>
*/
public class MAC {
/**
* Mac
* <p/>
*
* <pre>
* Authorization: MAC id="h480djs93hd8",
* ts="1336363200",
* nonce="dj83hs9s",
* mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM="
* </pre>
*/
/**
* REQUIRED. The MAC key identifier.
*/
/**
* REQUIRED. The request timestamp. The value MUST be a positive integer
* set by the client when making each request to the number of seconds
* elapsed from a fixed point in time (e.g. January 1, 1970 00:00:00
* GMT). The value MUST NOT include leading zeros (e.g. "000273154346").
*/
/**
* REQUIRED. A unique string generated by the client. The value MUST be
* unique across all requests with the same timestamp and MAC key
* identifier combination.
*/
/**
* OPTIONAL. A string used to include additional information which is
* covered by the request MAC. The content and format of the string is
* beyond the scope of this specification.
*/
/**
* REQUIRED. The HTTP request MAC as described in <a href=
* "http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-3.2"
* >Section 3.2</a>
*/
/*
* 8.1.1. Registration Template
*
* Algorithm name: The name requested (e.g., "example"). Body hash
* algorithm: The corresponding algorithm used to calculate the payload
* body hash. Change controller: For standards-track RFCs, state "IETF".
* For others, give the name of the responsible party. Other details
* (e.g., postal address, e-mail address, home page URI) may also be
* included. Specification document(s): Reference to document that
* specifies the algorithm, preferably including a URI that can be used
* to retrieve a copy of the document. An indication of the relevant
* sections may also be included, but is not required.
*
* 8.1.2. Initial Registry Contents
*
* The HTTP MAC authentication scheme algorithm registry's initial
* contents are:
*
*
*
* Hammer-Lahav, et al. Expires November 12, 2011 [Page 22]
*
* Internet-Draft MAC Authentication May 2011
*
*
* o Algorithm name: hmac-sha-1 o Body hash algorithm: sha-1 o Change
* controller: IETF o Specification document(s): [[ this document ]]
*
* o Algorithm name: hmac-sha-256 o Body hash algorithm: sha-256 o
* Change controller: IETF o Specification document(s): [[ this document
* ]]
*
* 8.2. OAuth Access Token Type Registration
*
* This specification registers the following access token type in the
* OAuth Access Token Type Registry.
*
* 8.2.1. The "mac" OAuth Access Token Type
*
* Type name: mac Additional Token Endpoint Response Parameters: secret,
* algorithm HTTP Authentication Scheme(s): MAC Change controller: IETF
* Specification document(s): [[ this document ]]
*
* 8.3. OAuth Parameters Registration
*
* This specification registers the following parameters in the OAuth
* Parameters Registry established by [I-D.ietf-oauth-v2].
*
* 8.3.1. The "mac_key" OAuth Parameter
*
* Parameter name: mac_key Parameter usage location: authorization
* response, token response Change controller: IETF Specification
* document(s): [[ this document ]] Related information: None
*
* 8.3.2. The "mac_algorithm" OAuth Parameter
*
* Parameter name: mac_algorithm
*
*
*
*
*
*
*
* Hammer-Lahav, et al. Expires November 12, 2011 [Page 23]
*
* Internet-Draft MAC Authentication May 2011
*
*
* Parameter usage location: authorization response, token response
* Change controller: IETF Specification document(s): [[ this document
* ]] Related information: None
*/
}
/**
* Constants for the OAuth2 Jwt Bearer extension specification.
*
* @see <a href="http://self-issued.info/docs/draft-ietf-oauth-jwt-bearer.html">OAuth2 Jwt Bearer</a>
*/
public class JwtProfile {
/**
* The parameter name for the client assertion type.
*/
/**
* The parameter name for the client assertion.
*/
/**
* The parameter value for the JWT Bearer client assertion type.
*/
public static final String JWT_PROFILE_CLIENT_ASSERTION_TYPE
= "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
}
/**
* See <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-11.4"
* >11.4. The OAuth Extensions Error Registry</a>
*/
public class Error {
/**
* A single error code
*/
/**
* OPTIONAL. A human-readable UTF-8 encoded text providing additional
* information, used to assist the client developer in understanding the
* error that occurred.
*/
/**
* OPTIONAL. A URI identifying a human-readable web page with
* information about the error, used to provide the client developer
* with additional information about the error.
*/
/**
* The request is missing a required parameter, includes an invalid
* parameter value, or is otherwise malformed.
*/
/**
* The request is using the incorrect method.
*/
/**
* The client is not authorized to request an access token using this
* method.
*/
/**
* The resource owner or authorization server denied the request.
*/
/**
* The authorization server does not support obtaining an access token
* using this method.
*/
/**
* The requested scope is invalid, unknown, or malformed.
*/
/**
* The authorization server encountered an unexpected condition which
* prevented it from fulfilling the request.
*/
/**
* The authorization server is currently unable to handle the request
* due to a temporary overloading or maintenance of the server.
*/
/**
* The access token provided is expired, revoked, malformed, or invalid
* for other reasons. The resource SHOULD respond with the HTTP 401
* (Unauthorized) status code. The client MAY request a new access token
* and retry the protected resource request.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-17#section-3.1">Error
* Codes</a>
*/
/**
* The request requires higher privileges than provided by the access
* token. The resource server SHOULD respond with the HTTP 403
* (Forbidden) status code and MAY include the "scope" attribute with
* the scope necessary to access the protected resource.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-17#section-3.1">Error
* Codes</a>
*/
/**
* The access token provided has expired. Resource servers SHOULD only
* use this error code when the client is expected to be able to handle
* the response and request a new access token using the refresh token
* issued with the expired access token. The resource server MUST
* respond with the HTTP 401 (Unauthorized) status code.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.2.1">5.2.1.
* Error Codes</a>
*/
/**
* The client identifier provided is invalid, the client failed to
* authenticate, the client did not include its credentials, provided
* multiple client credentials, or used unsupported credentials type.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1">4.3.1.
* Error Codes</a>
*/
/**
* Handles all errors that don't stem from invalid requests -- e.g.,
* perhaps errors resulting from databases that are down or logic errors
* in code.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1">4.3.1.
* Error Codes</a>
*/
/**
* The provided access grant is invalid, expired, or revoked (e.g.
* invalid assertion, expired authorization token, bad end-user password
* credentials, or mismatching authorization code and redirection URI).
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1">4.3.1.
* Error Codes</a>
*/
/**
* The provided access grant is invalid, expired, or revoked (e.g.
* invalid assertion, expired authorization token, bad end-user password
* credentials, or mismatching authorization code and redirection URI).
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1">4.3.1.
* Error Codes</a>
*/
/**
* The code provided is invalid.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1">4.3.1.
* Error Codes</a>
*/
/**
* The redirection URI provided does not match a pre-registered value.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3.2.1">3.2.1.
* Error Codes</a>
*/
/**
* The requested authentication type is not supported by the
* authorization server.
*/
/**
* The request is for data which does not exist.
*/
/**
* The request contains invalid client metadata.
*/
/**
* OpenID Connect Consent error
*/
/**
* OpenID Connect login required error
*/
/**
* OpenID Connect interaction required error
*/
/**
* OAuth 2
*/
}
public class Custom {
/**
* This optional parameter indicates whether the user should be prompted
* for re-authentication and consent to grant account access to your
* application each time he tries to complete a particular action.
* <p/>
* The default value is auto, which indicates that a user would only need
* to grant access the first time he tried to access a protected resource.
* <p/>
* The parameter value may contain a combination of the following values
* separated by spaces:
* <ul>
* <li>login - Force re-authentication.</li>
* <li>consent - Force re-approval of access; must be combined with login
* if the user has not already authenticated.</li>
* <li>none - Require that the user has already authenticated and saved
* consent; cannot be combined with login or consent.</li>
* </ul>
*/
/**
* The display mode in which to render the dialog. The default is
* {@code page} on the www subdomain and {@code wap} on the m subdomain.
* {@code touch}: Used on smartphone mobile devices, like iPhone and
* Android. Use this for tablets with small screens (i.e., under 7
* inches) as well. {@code wap}: Display plain HTML (without JavaScript)
* on a small screen, such as a Nokia 7500. page: By default, dialogs
* run in full-page mode with a Facebook header and footer. This is
* appropriate for apps that do a full-page redirect in a normal
* bigger than 400px by 580px. Use this display type to maintain context
* for the user while on an external website. iframe: Display the dialog
* in a lightbox iframe on the current page. Because of the risk of
* clickjacking, this is only allowed for some certain dialogs, and
* requires you to pass a valid access_token.
*/
/**
* The cookie name that contains any login_hint parameter that was provided
* with an OpenID Connect authorize request, set so that authentication
* modules in the authentication chain can use its value to improve UX.
*/
}
public enum DisplayType {
return name().toLowerCase();
}
}
/**
* Stores the constants for the OAuth2 Provider Service
* @author Jason Lemay
*/
public class OAuth2ProviderService {
//service name and version
//service config fields
public static final String AUTHZ_CODE_LIFETIME_NAME = "forgerock-oauth2-provider-authorization-code-lifetime";
public static final String REFRESH_TOKEN_LIFETIME_NAME = "forgerock-oauth2-provider-refresh-token-lifetime";
public static final String ACCESS_TOKEN_LIFETIME_NAME = "forgerock-oauth2-provider-access-token-lifetime";
public static final String JWT_TOKEN_LIFETIME_NAME = "forgerock-oauth2-provider-jwt-token-lifetime";
public static final String ISSUE_REFRESH_TOKEN_ON_REFRESHING_TOKEN = "forgerock-oauth2-provider-issue-refresh-token-on-refreshing-token";
public static final String SCOPE_PLUGIN_CLASS= "forgerock-oauth2-provider-scope-implementation-class";
public static final String RESPONSE_TYPE_LIST = "forgerock-oauth2-provider-response-type-map-class";
public static final String AUTHENITCATION_ATTRIBUTES = "forgerock-oauth2-provider-authentication-attributes";
public static final String SAVED_CONSENT_ATTRIBUTE = "forgerock-oauth2-provider-saved-consent-attribute";
public static final String OIDC_CLAIMS_EXTENSION_SCRIPT = "forgerock-oauth2-provider-oidc-claims-extension-script";
public static final String CREATED_TIMESTAMP_ATTRIBUTE_NAME = "forgerock-oauth2-provider-created-attribute-name";
public static final String MODIFIED_TIMESTAMP_ATTRIBUTE_NAME =
"forgerock-oauth2-provider-modified-attribute-name";
public static final String SUBJECT_TYPES_SUPPORTED = "forgerock-oauth2-provider-subject-types-supported";
public static final String ID_TOKEN_SIGNING_ALGORITHMS =
"forgerock-oauth2-provider-id-token-signing-algorithms-supported";
public static final String OPEN_DYNAMIC_REGISTRATION_ALLOWED = "forgerock-oauth2-provider-allow-open-dynamic-registration";
public static final String GENERATE_REGISTRATION_ACCESS_TOKENS = "forgerock-oauth2-provider-generate-registration-access-tokens";
public static final String INVALID_SCOPE_BEHAVIOUR = "forgerock-oauth2-provider-invalid-scope-behaviour";
public static final String CLAIMS_PARAMETER_SUPPORTED = "forgerock-oauth2-provider-claims-parameter-supported";
}
/**
* Logger file names
*/
public class OAuth2Client {
public static final String APPLICATION_TYPE = "com.forgerock.openam.oauth2provider.applicationType";
public static final String TOKEN_ENDPOINT_AUTH_METHOD = "com.forgerock.openam.oauth2provider.tokenEndPointAuthMethod";
public static final String TOKEN_ENDPOINT_AUTH_SIGNING_ALG = "com.forgerock.openam.oauth2provider.tokenEndPointAuthSigningAlg";
public static final String SECTOR_IDENTIFIER_URI = "com.forgerock.openam.oauth2provider.sectorIdentifierURI";
public static final String REQUEST_OBJECT_SIGNING_ALG = "com.forgerock.openam.oauth2provider.requestObjectSigningAlg";
public static final String REQUEST_OBJECT_ENCRYPTION_ALG = "com.forgerock.openam.oauth2provider.requestObjectEncryptionAlg";
public static final String REQUEST_OBJECT_ENCRYPTION_ENC = "com.forgerock.openam.oauth2provider.requestObjectEncryptionEnc";
public static final String USERINFO_SIGNED_RESPONSE_ALG = "com.forgerock.openam.oauth2provider.userinfoSignedResponseAlg";
public static final String USERINFO_ENCRYPTED_RESPONSE_ALG = "com.forgerock.openam.oauth2provider.userinfoEncryptedResponseAlg";
public static final String USERINFO_SIGN_AND_ENC_RESPONSE_ALG = "com.forgerock.openam.oauth2provider.userinfoEncryptedResponseEnc";
public static final String IDTOKEN_SIGNED_RESPONSE_ALG = "com.forgerock.openam.oauth2provider.idTokenSignedResponseAlg";
public static final String IDTOKEN_ENCRYPTED_RESPONSE_ALG = "com.forgerock.openam.oauth2provider.idTokenEncryptedResponseAlg";
public static final String IDTOKEN_ENC_AND_SIGNED_RESPONSE_ALG = "com.forgerock.openam.oauth2provider.idTokenEncryptedResponseEnc";
public static final String DEFAULT_MAX_AGE_ENABLED = "com.forgerock.openam.oauth2provider.defaultMaxAgeEnabled";
public static final String REQUIRE_AUTH_TIME = "com.forgerock.openam.oauth2provider.requireAuthTime";
public static final String DEFAULT_ACR_VALS = "com.forgerock.openam.oauth2provider.defaultACRValues";
public static final String POST_LOGOUT_URI = "com.forgerock.openam.oauth2provider.postLogoutRedirectURI";
public static final String CLIENT_SESSION_URI = "com.forgerock.openam.oauth2provider.clientSessionURI";
public static final String CLIENT_JWT_PUBLIC_KEY = "com.forgerock.openam.oauth2provider.clientJwtPublicKey";
public static final String PUBLIC_KEY_SELECTOR = "com.forgerock.openam.oauth2provider.publicKeyLocation";
public static final String AUTHORIZATION_CODE_LIFE_TIME = "com.forgerock.openam.oauth2provider.authorizationCodeLifeTime";
public static final String ACCESS_TOKEN_LIFE_TIME = "com.forgerock.openam.oauth2provider.accessTokenLifeTime";
public static final String REFRESH_TOKEN_LIFE_TIME = "com.forgerock.openam.oauth2provider.refreshTokenLifeTime";
public static final String JWT_TOKEN_LIFE_TIME = "com.forgerock.openam.oauth2provider.jwtTokenLifeTime";
}
public class JWTTokenParams {
}
/**
*/
public enum ShortClientAttributeNames {
REDIRECT_URIS("redirect_uris"),
RESPONSE_TYPES("response_types"),
GRANT_TYPES("grant_types"),
APPLICATION_TYPE("application_type"),
CONTACTS("contacts"),
CLIENT_NAME("client_name"),
LOGO_URI("logo_uri"),
CLIENT_URI("client_uri"),
POLICY_URI("policy_uri"),
TOS_URI("tos_uri"),
JWKS_URI("jwks_uri"),
JWKS("jwks"),
SECTOR_IDENTIFIER_URI("sector_identifier_uri"),
SUBJECT_TYPE("subject_type"),
ID_TOKEN_SIGNED_RESPONSE_ALG("id_token_signed_response_alg"),
ID_TOKEN_ENCRYPTED_RESPONSE_ALG("id_token_encrypted_response_alg"),
ID_TOKEN_ENCRYPTED_RESONSE_ENC("id_token_encrypted_response_enc"),
USERINFO_SIGNED_RESPONSE_ALG("userinfo_signed_response_alg"),
USERINFO_ENCRYPTED_RESPONSE_ALG("userinfo_encrypted_response_alg"),
USERINFO_ENCRYPTED_RESONSE_ENC("userinfo_encrypted_response_enc"),
REQUEST_OBJECT_SIGNING_ALG("request_object_signing_alg"),
REQUEST_OBJECT_ENCRYPTION_ALG("request_object_encryption_alg"),
REQUEST_OBJECT_ENCRYPTION_ENC("request_object_encryption_enc"),
TOKEN_ENDPOINT_AUTH_METHOD("token_endpoint_auth_method"),
TOKEN_ENDPOINT_AUTH_SIGNING_ALG("token_endpoint_auth_signing_alg"),
DEFAULT_MAX_AGE("default_max_age"),
DEFAULT_MAX_AGE_ENABLED("default_max_age_enabled"),
REQUIRE_AUTH_TIME("require_auth_time"),
DEFAULT_ACR_VALUES("default_acr_values"),
INITIATE_LOGIN_URI("initiate_login_uri"),
REQUEST_URIS("request_uris"),
POST_LOGOUT_REDIRECT_URIS("post_logout_redirect_uris"),
REGISTRATION_ACCESS_TOKEN("registration_access_token"),
CLIENT_SESSION_URI("client_session_uri"),
CLIENT_ID("client_id"),
CLIENT_SECRET("client_secret"),
CLIENT_TYPE("client_type"),
SCOPES("scopes"),
DEFAULT_SCOPES("default_scopes"),
DISPLAY_NAME("display_name"),
CLIENT_DESCRIPTION("client_description"),
REALM("realm"),
PUBLIC_KEY_SELECTOR("public_key_selector"),
X509("x509"),
AUTHORIZATION_CODE_LIFE_TIME("authorization_code_lifetime"),
ACCESS_TOKEN_LIFE_TIME("access_token_lifetime"),
REFRESH_TOKEN_LIFE_TIME("refresh_token_lifetime"),
JWT_TOKEN_LIFE_TIME("jwt_token_lifetime");
}
return this.name;
}
return shortClientAttributeNames;
}
}
}
return null;
}
}
/**
* Indicates the location of an entity in a URL.
*/
public enum UrlLocation {
/** The query part of the URL. */
/** The fragment part of the URL. */
}
/**
* Constants for resource sets.
*/
public static class ResourceSets {
}
/**
* Constants for scripting implementation
*/
public class ScriptParams {
}
}