JwtClaimName.java example

Explorer
uma-master
- oxAuth-master
/*
 * oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
 *
 * Copyright (c) 2014, Gluu
 */

package org.xdi.oxauth.model.jwt;

/**
 * @author Javier Rojas Blum
 * @version May 19, 2017
 */
public final class JwtClaimName {

    // JWT
    /**
     * Expiration time on or after which the ID Token must not be accepted for processing.
     * The processing of this parameter requires that the current date/time must be before
     * the expiration date/time listed in the value.
     */
    public static final String EXPIRATION_TIME = "exp"; // ID Token
    public static final String NOT_BEFORE = "nbf";
    /**
     * Time at which the JWT was issued. Its value is a JSON number representing the number
     * of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
     */
    public static final String ISSUED_AT = "iat"; // ID Token
    /**
     * Issuer Identifier for the Issuer of the response.
     * The iss value is a case sensitive URL using the https scheme that contains scheme,
     * host, and optionally, port number and path components and no query or fragment components.
     */
    public static final String ISSUER = "iss"; // ID Token
    /**
     * Audience(s) that this ID Token is intended for.
     * It must contain the OAuth 2.0 client_id of the Relying Party as an audience value.
     * It may also contain identifiers for other audiences. In the general case, the aud
     * value is an array of case sensitive strings.
     * In the common special case when there is one audience, the aud value may be a single
     * case sensitive string.
     */
    public static final String AUDIENCE = "aud"; // ID Token
    public static final String PRINCIPAL = "prn";
    public static final String JWT_ID = "jti";
    public static final String TYPE = "typ";

    /**
     * Authentication Methods References.
     * <p>
     * JSON array of strings that are identifiers for authentication methods used in the authentication.
     * For instance, values might indicate that both password and OTP authentication methods were used.
     * The definition of particular values to be used in the amr Claim is beyond the scope of this specification.
     * Parties using this claim will need to agree upon the meanings of the values used, which may be context-specific.
     * The amr value is an array of case sensitive strings.
     */
    public static final String AUTHENTICATION_METHOD_REFERENCES = "amr";

    /**
     * A locally unique and never reassigned identifier within the Issuer for the End-User,
     * which is intended to be consumed by the Client.
     */
    public static final String SUBJECT_IDENTIFIER = "sub"; // User Info
    /**
     * Authorized party - the party to which the ID Token was issued.
     * If present, it must contain the OAuth 2.0 Client ID of this party.
     * This Claim is only needed when the ID Token has a single audience value and that
     * audience is different than the authorized party.
     * It may be included even when the authorized party is the same as the sole audience.
     */
    public static final String AUTHORIZED_PARTY = "azp"; // ID Token
    /**
     * Authentication Context Class Reference.
     * String specifying an Authentication Context Class Reference value that identifies the
     * Authentication Context Class that the authentication performed satisfied.
     */
    public static final String AUTHENTICATION_CONTEXT_CLASS_REFERENCE = "acr"; // ID Token
    /**
     * String value used to associate a Client session with an ID Token, and to mitigate replay attacks.
     * The value is passed through unmodified from the Authentication Request to the ID Token.
     * If present in the ID Token, Clients must verify that the nonce Claim Value is equal to the value
     * of the nonce parameter sent in the Authentication Request.
     * If present in the Authentication Request, Authorization Servers must include a nonce Claim in the
     * ID Token with the Claim Value being the nonce value sent in the Authentication Request.
     * Authorization Servers should perform no other processing on nonce values used.
     * The nonce value is a case sensitive string.
     */
    public static final String NONCE = "nonce";
    /**
     * Time when the End-User authentication occurred.
     * Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z
     * as measured in UTC until the date/time.
     * When a max_age request is made or when auth_time is requested as an Essential Claim,
     * then this Claim is required; otherwise, its inclusion is optional.
     */
    public static final String AUTHENTICATION_TIME = "auth_time";
    public static final String ACCESS_TOKEN_HASH = "at_hash";
    public static final String CODE_HASH = "c_hash";

    // User Info
    /**
     * End-User's full name in displayable form including all name parts.
     */
    public static final String NAME = "name";
    /**
     * Given name or first name of the End-User.
     */
    public static final String GIVEN_NAME = "given_name";
    /**
     * Surname or last name of the End-User.
     */
    public static final String FAMILY_NAME = "family_name";
    /**
     * Middle name of the End-User.
     */
    public static final String MIDDLE_NAME = "middle_name";
    /**
     * Casual name of the End-User.
     * For instance, a nickname value of Mike might be returned alongside a given_name value of Michael.
     */
    public static final String NICKNAME = "nickname";
    /**
     * Shorthand name that the End-User wishes to be referred to at the RP, such as janedoe or j.doe.
     */
    public static final String PREFERRED_USERNAME = "preferred_username";
    /**
     * URL of the End-User's profile page.
     */
    public static final String PROFILE = "profile";
    /**
     * URL of the End-User's profile picture.
     */
    public static final String PICTURE = "picture";
    /**
     * URL of the End-User's web page or blog.
     */
    public static final String WEBSITE = "website";
    /**
     * The End-User's preferred e-mail address.
     */
    public static final String EMAIL = "email";
    /**
     * The End-User's preferred userName.
     */
    public static final String USER_NAME = "user_name";
    /**
     * True if the End-User's e-mail address has been verified; otherwise false.
     */
    public static final String EMAIL_VERIFIED = "email_verified";
    /**
     * The End-User's gender: Values defined by this specification are female and male.
     * Other values MAY be used when neither of the defined values are applicable.
     */
    public static final String GENDER = "gender";
    /**
     * The End-User's birthday.
     */
    public static final String BIRTHDATE = "birthdate";
    /**
     * String from zoneinfo time zone database. For example, Europe/Paris or America/Los_Angeles.
     */
    public static final String ZONEINFO = "zoneinfo";
    /**
     * The End-User's locale, represented as a BCP47 (RFC5646) language tag.
     * This is typically an ISO 639-1 Alpha-2 (ISO639‑1) language code in lowercase and an ISO 3166-1 Alpha-2 (ISO3166‑1)
     * country code in uppercase, separated by a dash. For example, en-US or fr-CA.
     */
    public static final String LOCALE = "locale";
    /**
     * The End-User's preferred telephone number.
     * E.164 is RECOMMENDED as the format of this Claim. For example, +1 (425) 555-1212 or +56 (2) 687 2400.
     */
    public static final String PHONE_NUMBER = "phone_number";
    /**
     * True if the End-User's phone number has been verified; otherwise false. When this Claim Value is true,
     * this means that the OP took affirmative steps to ensure that this phone number was controlled by the
     * End-User at the time the verification was performed. The means by which a phone number is verified is
     * context-specific, and dependent upon the trust framework or contractual agreements within which the
     * parties are operating. When true, the phone_number Claim MUST be in E.164 format and any extensions
     * MUST be represented in RFC 3966 format.
     */
    public static final String PHONE_NUMBER_VERIFIED = "phone_number_verified";
    /**
     * The End-User's preferred address.
     */
    public static final String ADDRESS = "address";
    /**
     * Time the End-User's information was last updated.
     */
    public static final String UPDATED_AT = "updated_at";
    /**
     * The full mailing address, formatted for display or use with a mailing label.
     */
    public static final String ADDRESS_FORMATTED = "formatted";
    /**
     * The full street address component, which may include house number, street name, PO BOX,
     * and multi-line extended street address information.
     */
    public static final String ADDRESS_STREET_ADDRESS = "street_address";
    /**
     * The city or locality component.
     */
    public static final String ADDRESS_LOCALITY = "locality";
    /**
     * The state, province, prefecture or region component.
     */
    public static final String ADDRESS_REGION = "region";
    /**
     * The zip code or postal code component.
     */
    public static final String ADDRESS_POSTAL_CODE = "postal_code";
    /**
     * The country name component.
     */
    public static final String ADDRESS_COUNTRY = "country";

    // Custom attributes
    public static final String OX_OPENID_CONNECT_VERSION = "oxOpenIDConnectVersion";

    /**
     * The caller references the constants using <tt>JwtClaimName.TYPE</tt>,
     * and so on. Thus, the caller should be prevented from constructing objects of
     * this class, by declaring this private constructor.
     */
    private JwtClaimName() {
        // this prevents even the native class from calling this constructor as well
        throw new AssertionError();
    }
}