/*
* oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
*
* Copyright (c) 2014, Gluu
*/
package org.xdi.oxauth.model.jwt;
/**
* @author Javier Rojas Blum
* @version May 3, 2017
*/
public interface JwtStateClaimName {
/**
* String containing a verifiable identifier for the browser session,
* that cannot be guessed by a third party.
* The verification of this element by the client protects it from
* accepting authorization responses generated in response to forged
* requests generated by third parties.
*/
public static final String RFP = "rfp";
/**
* Identifier of the key used to sign this state token at the issuer.
* Identifier of the key used to encrypt this JWT state token at the issuer.
*/
public static final String KID = "kid";
/**
* Timestamp of when this Authorization Request was issued.
*/
public static final String IAT = "iat";
/**
* The expiration time claim identifies the expiration time on or after which
* the JWT MUST NOT be accepted for processing.
* The processing of the "exp" claim requires that the current date/time MUST
* be before the expiration date/time listed in the "exp" claim.
* Implementers MAY provide for some small leeway, usually no more than a
* few minutes, to account for clock skew.
* Its value MUST be a number containing an IntDate value.
*/
public static final String EXP = "exp";
/**
* String identifying the party that issued this state value.
*/
public static final String ISS = "iss";
/**
* String identifying the client that this state value is intended for.
*/
public static final String AUD = "aud";
/**
* URI containing the location the user agent is to be redirected to after authorization.
*/
public static final String TARGET_LINK_URI = "target_link_uri";
/**
* String identifying the authorization server that this request was sent to.
*/
public static final String AS = "as";
/**
* The "jti" (JWT ID) claim provides a unique identifier for the JWT.
* The identifier value MUST be assigned in a manner that ensures that
* there is a negligible probability that the same value will be
* accidentally assigned to a different data object.
* The "jti" claim can be used to prevent the JWT from being replayed.
* The "jti" value is a case-sensitive string.
*/
public static final String JTI = "jti";
/**
* Access Token hash value. Its value is the base64url encoding of the left-most half
* of the hash of the octets of the ASCII representation of the "access_token" value,
* where the hash algorithm used is the hash algorithm used in the "alg" parameter of
* the State Token's JWS header.
* For instance, if the "alg" is "RS256", hash the "access_token" value with SHA-256,
* then take the left-most 128 bits and base64url encode them.
* The "at_hash" value is a case sensitive string.
* This is REQUIRED if the JWT [RFC7519] state token is being produced by the AS and
* issued with a "access_token" in the authorization response.
*/
public static final String AT_HASH = "at_hash";
/**
* Code hash value. Its value is the base64url encoding of the left-most half of the
* hash of the octets of the ASCII representation of the "code" value, where the hash
* algorithm used is the hash algorithm used in the "alg" header parameter of the
* State Token's JWS [RFC7515] header.
* For instance, if the "alg" is "HS512", hash the "code" value with SHA-512, then
* take the left-most 256 bits and base64url encode them.
* The "c_hash" value is a case sensitive string.
* This is REQUIRED if the JWT [RFC7519] state token is being produced by the AS and
* issued with a "code" in the authorization response.
*/
public static final String C_HASH = "c_hash";
/**
* Additional claims
*/
public static final String ADDITIONAL_CLAIMS = "additional_claims";
}