Example scope from OpenID Connect indicating access to the user's email and profile details:
Scope scope = new Scope(); scope.add(OIDCScopeValue.OPENID); scope.add(OIDCScopeValue.EMAIL); scope.add(OIDCScopeValue.PROFILE);
Related specifications:
392393394395396397398399400401402
} } } Scope scope = null; m = scopePattern.matcher(wwwAuth); if (m.find()) scope = Scope.parse(m.group(1));
8182838485868788899091
public void testFullConstructor() throws Exception { Scope scope = Scope.parse("read write"); AccessToken token = new BearerAccessToken("abc", 1500, scope); assertEquals("abc", token.getValue()); assertEquals(1500l, token.getLifetime());
16581659166016611662166316641665166616671668
op.endSessionEndpoint = JSONObjectUtils.getURI(jsonObject, "end_session_endpoint"); // OIDC capabilities if (jsonObject.containsKey("scopes_supported")) { op.scope = new Scope(); for (String v: JSONObjectUtils.getStringArray(jsonObject, "scopes_supported")) { if (v != null) op.scope.add(new Scope.Value(v));
6465666768697071727374
Set<URI> redirectURIs = new HashSet<>(); redirectURIs.add(new URI("http://example.com/1")); redirectURIs.add(new URI("http://example.com/2")); meta.setRedirectionURIs(redirectURIs); Scope scope = Scope.parse("read write"); meta.setScope(scope); Set<ResponseType> rts = new HashSet<>(); rts.add(ResponseType.parse("code id_token")); meta.setResponseTypes(rts);
106210631064106510661067106810691070107110721073107410751076107710781079
OAuth2Error.UNSUPPORTED_RESPONSE_TYPE, clientID, redirectURI, state); } // Required in OIDC, must include "openid" parameter Scope scope = ar.getScope(); if (scope == null) throw new ParseException("Missing \"scope\" parameter", OAuth2Error.INVALID_REQUEST, clientID, redirectURI, state); if (! scope.contains(OIDCScopeValue.OPENID)) throw new ParseException("The scope must include an \"openid\" token", OAuth2Error.INVALID_REQUEST, clientID, redirectURI, state);
93949596979899100101102103104105106107108109110111
@Override public void applyTo(final HTTPRequest httpRequest) throws SerializeException { if (httpRequest.getMethod() != HTTPRequest.Method.POST) throw new SerializeException("The HTTP request method must be POST"); ContentType ct = httpRequest.getContentType(); if (ct == null) throw new SerializeException("Missing HTTP Content-Type header"); if (! ct.match(CommonContentTypes.APPLICATION_URLENCODED)) throw new SerializeException("The HTTP Content-Type header must be " + CommonContentTypes.APPLICATION_URLENCODED); Map <String,String> params = httpRequest.getQueryParameters(); params.putAll(toParameters());
178179180181182183184185186187188
try { params.put("client_assertion", clientAssertion.serialize()); } catch (IllegalStateException e) { throw new SerializeException("Couldn't serialize JWT to a client assertion string: " + e.getMessage(), e); } params.put("client_assertion_type", CLIENT_ASSERTION_TYPE); return params;
192193194195196197198199200201202203204205206207208209210
330331332333334335336337338339340
httpRequest.ensureMethod(HTTPRequest.Method.POST); httpRequest.ensureContentType(CommonContentTypes.APPLICATION_URLENCODED); // Parse client authentication, if any ClientAuthentication clientAuth = ClientAuthentication.parse(httpRequest); // No fragment! May use query component! Map<String,String> params = httpRequest.getQueryParameters(); // Parse grant
5354555657585960616263
public void testWithAccessTokenAndClientAuth() throws Exception { URI endpointURI = new URI("https://c2id.com/token/revoke"); Token token = new BearerAccessToken(); ClientAuthentication clientAuth = new ClientSecretBasic(new ClientID("123"), new Secret("secret")); TokenRevocationRequest request = new TokenRevocationRequest(endpointURI, clientAuth, token); assertEquals(endpointURI, request.getEndpointURI()); assertEquals(clientAuth, request.getClientAuthentication()); assertEquals(token, request.getToken());