001/*
002 * DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2012 ForgeRock AS. All rights reserved.
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * http://forgerock.org/license/CDDLv1.0.html
013 * See the License for the specific language governing
014 * permission and limitations under the License.
015 *
016 * When distributing Covered Code, include this CDDL
017 * Header Notice in each file and include the License file
018 * at http://forgerock.org/license/CDDLv1.0.html
019 * If applicable, add the following below the CDDL Header,
020 * with the fields enclosed by brackets [] replaced by
021 * your own identifying information:
022 * "Portions Copyrighted [2012] [ForgeRock Inc]"
023 */
024package org.forgerock.openam.oauth2.provider;
025
026import java.util.Collection;
027
028import org.forgerock.openam.oauth2.exceptions.OAuthProblemException;
029import org.forgerock.openam.oauth2.model.ClientApplication;
030import org.restlet.Request;
031import org.restlet.Response;
032import org.restlet.data.ChallengeScheme;
033
034/**
035 * The authorization server SHOULD require all clients to register their
036 * redirection endpoint prior to utilizing the authorization endpoint
037 * <p/>
038 * The authorization server SHOULD require the client to provide the complete
039 * redirection URI (the client MAY use the "state" request parameter to achieve
040 * per-request customization). If requiring the registration of the complete
041 * redirection URI is not possible, the authorization server SHOULD require the
042 * registration of the URI scheme, authority, and path (allowing the client to
043 * dynamically vary only the query component of the redirection URI when
044 * requesting authorization).
045 * <p/>
046 * The authorization server MAY allow the client to register multiple
047 * redirection endpoints.
048 * 
049 * @supported.all.api
050 */
051public interface ClientVerifier {
052    /**
053     * Authenticates the client
054     *
055     * @param request
056     *            the HTTP Request
057     * @param response
058     *            the HTTP Response
059     * @return Client if the credentials are correct
060     * @throws OAuthProblemException
061     *             when authentication failed or null if authentication fails
062     */
063    public ClientApplication verify(Request request, Response response)
064            throws OAuthProblemException;
065
066    /**
067     * Get the configured HTTP Authentication scheme for the given
068     * {@code client_id}
069     * <p/>
070     * The authorization server MAY support any suitable HTTP authentication
071     * scheme matching its security requirements. When using other
072     * authentication methods, the authorization server MUST define a mapping
073     * between the client identifier (registration record) and authentication
074     * scheme.
075     * 
076     * @param client_id
077     * @return
078     */
079    public Collection<ChallengeScheme> getRequiredAuthenticationScheme(String client_id);
080
081
082    /**
083     * Find the client given a clientId.
084     * @param clientId the client id to find
085     * @param request the request that wants the client
086     * @return
087     * @throws OAuthProblemException
088     */
089    public ClientApplication findClient(String clientId, Request request) throws OAuthProblemException;
090
091}