Package org.springframework.security.oauth2.server.authorization.oidc

Class OidcClientRegistration.Builder

java.lang.Object
org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration.Builder
Enclosing class:
OidcClientRegistration
public static class OidcClientRegistration.Builder extends Object
Helps configure an OidcClientRegistration.

  • Method Details

    • clientId

      public OidcClientRegistration.Builder clientId(String clientId)
      Sets the Client Identifier, REQUIRED.
      Parameters:
      clientId - the Client Identifier
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • clientIdIssuedAt

      public OidcClientRegistration.Builder clientIdIssuedAt(Instant clientIdIssuedAt)
      Sets the time at which the Client Identifier was issued, OPTIONAL.
      Parameters:
      clientIdIssuedAt - the time at which the Client Identifier was issued
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • clientSecret

      public OidcClientRegistration.Builder clientSecret(String clientSecret)
      Sets the Client Secret, OPTIONAL.
      Parameters:
      clientSecret - the Client Secret
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • clientSecretExpiresAt

      public OidcClientRegistration.Builder clientSecretExpiresAt(Instant clientSecretExpiresAt)
      Sets the time at which the client_secret will expire or null if it will not expire, REQUIRED if client_secret was issued.
      Parameters:
      clientSecretExpiresAt - the time at which the client_secret will expire or null if it will not expire
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • clientName

      public OidcClientRegistration.Builder clientName(String clientName)
      Sets the name of the Client to be presented to the End-User, OPTIONAL.
      Parameters:
      clientName - the name of the Client to be presented to the End-User
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • redirectUri

      public OidcClientRegistration.Builder redirectUri(String redirectUri)
      Add the redirection URI used by the Client, REQUIRED.
      Parameters:
      redirectUri - the redirection URI used by the Client
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • redirectUris

      public OidcClientRegistration.Builder redirectUris(Consumer<List<String>> redirectUrisConsumer)
      A Consumer of the redirection URI values used by the Client, allowing the ability to add, replace, or remove, REQUIRED.
      Parameters:
      redirectUrisConsumer - a Consumer of the redirection URI values used by the Client
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • postLogoutRedirectUri

      public OidcClientRegistration.Builder postLogoutRedirectUri(String postLogoutRedirectUri)
      Add the post logout redirection URI used by the Client, OPTIONAL. The post_logout_redirect_uri parameter is used by the client when requesting that the End-User's User Agent be redirected to after a logout has been performed.
      Parameters:
      postLogoutRedirectUri - the post logout redirection URI used by the Client
      Returns:
      the OidcClientRegistration.Builder for further configuration
      Since:
      1.1

    • postLogoutRedirectUris

      public OidcClientRegistration.Builder postLogoutRedirectUris(Consumer<List<String>> postLogoutRedirectUrisConsumer)
      A Consumer of the post logout redirection URI values used by the Client, allowing the ability to add, replace, or remove, OPTIONAL.
      Parameters:
      postLogoutRedirectUrisConsumer - a Consumer of the post logout redirection URI values used by the Client
      Returns:
      the OidcClientRegistration.Builder for further configuration
      Since:
      1.1

    • tokenEndpointAuthenticationMethod

      public OidcClientRegistration.Builder tokenEndpointAuthenticationMethod(String tokenEndpointAuthenticationMethod)
      Sets the authentication method used by the Client for the Token Endpoint, OPTIONAL.
      Parameters:
      tokenEndpointAuthenticationMethod - the authentication method used by the Client for the Token Endpoint
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • tokenEndpointAuthenticationSigningAlgorithm

      public OidcClientRegistration.Builder tokenEndpointAuthenticationSigningAlgorithm(String authenticationSigningAlgorithm)
      Sets the JWS algorithm that must be used for signing the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods, OPTIONAL.
      Parameters:
      authenticationSigningAlgorithm - the JWS algorithm that must be used for signing the JWT used to authenticate the Client at the Token Endpoint
      Returns:
      the OidcClientRegistration.Builder for further configuration
      Since:
      0.2.2

    • grantType

      public OidcClientRegistration.Builder grantType(String grantType)
      Add the OAuth 2.0 grant_type that the Client will restrict itself to using, OPTIONAL.
      Parameters:
      grantType - the OAuth 2.0 grant_type that the Client will restrict itself to using
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • grantTypes

      public OidcClientRegistration.Builder grantTypes(Consumer<List<String>> grantTypesConsumer)
      A Consumer of the OAuth 2.0 grant_type values that the Client will restrict itself to using, allowing the ability to add, replace, or remove, OPTIONAL.
      Parameters:
      grantTypesConsumer - a Consumer of the OAuth 2.0 grant_type values that the Client will restrict itself to using
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • responseType

      public OidcClientRegistration.Builder responseType(String responseType)
      Add the OAuth 2.0 response_type that the Client will restrict itself to using, OPTIONAL.
      Parameters:
      responseType - the OAuth 2.0 response_type that the Client will restrict itself to using
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • responseTypes

      public OidcClientRegistration.Builder responseTypes(Consumer<List<String>> responseTypesConsumer)
      A Consumer of the OAuth 2.0 response_type values that the Client will restrict itself to using, allowing the ability to add, replace, or remove, OPTIONAL.
      Parameters:
      responseTypesConsumer - a Consumer of the OAuth 2.0 response_type values that the Client will restrict itself to using
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • scope

      public OidcClientRegistration.Builder scope(String scope)
      Add the OAuth 2.0 scope that the Client will restrict itself to using, OPTIONAL.
      Parameters:
      scope - the OAuth 2.0 scope that the Client will restrict itself to using
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • scopes

      public OidcClientRegistration.Builder scopes(Consumer<List<String>> scopesConsumer)
      A Consumer of the OAuth 2.0 scope values that the Client will restrict itself to using, allowing the ability to add, replace, or remove, OPTIONAL.
      Parameters:
      scopesConsumer - a Consumer of the OAuth 2.0 scope values that the Client will restrict itself to using
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • jwkSetUrl

      public OidcClientRegistration.Builder jwkSetUrl(String jwkSetUrl)
      Sets the URL for the Client's JSON Web Key Set, OPTIONAL.
      Parameters:
      jwkSetUrl - the URL for the Client's JSON Web Key Set
      Returns:
      the OidcClientRegistration.Builder for further configuration
      Since:
      0.2.2

    • idTokenSignedResponseAlgorithm

      public OidcClientRegistration.Builder idTokenSignedResponseAlgorithm(String idTokenSignedResponseAlgorithm)
      Sets the JWS algorithm required for signing the ID Token issued to the Client, OPTIONAL.
      Parameters:
      idTokenSignedResponseAlgorithm - the JWS algorithm required for signing the ID Token issued to the Client
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • registrationAccessToken

      public OidcClientRegistration.Builder registrationAccessToken(String registrationAccessToken)
      Sets the Registration Access Token that can be used at the Client Configuration Endpoint, OPTIONAL.
      Parameters:
      registrationAccessToken - the Registration Access Token that can be used at the Client Configuration Endpoint
      Returns:
      the OidcClientRegistration.Builder for further configuration
      Since:
      0.2.1

    • registrationClientUrl

      public OidcClientRegistration.Builder registrationClientUrl(String registrationClientUrl)
      Sets the URL of the Client Configuration Endpoint where the Registration Access Token can be used, OPTIONAL.
      Parameters:
      registrationClientUrl - the URL of the Client Configuration Endpoint where the Registration Access Token can be used
      Returns:
      the OidcClientRegistration.Builder for further configuration
      Since:
      0.2.1

    • claim

      public OidcClientRegistration.Builder claim(String name, Object value)
      Sets the claim.
      Parameters:
      name - the claim name
      value - the claim value
      Returns:
      the OidcClientRegistration.Builder for further configuration

    • claims

      public OidcClientRegistration.Builder claims(Consumer<Map<String,Object>> claimsConsumer)
      Provides access to every claim(String, Object) declared so far allowing the ability to add, replace, or remove.
      Parameters:
      claimsConsumer - a Consumer of the claims
      Returns:
      the OidcClientRegistration.Builder for further configurations

    • build

      public OidcClientRegistration build()
      Validate the claims and build the OidcClientRegistration.

      The following claims are REQUIRED: client_id, redirect_uris.

      Returns:
      the OidcClientRegistration