001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyrighted [year] [name of copyright owner]". 013 * 014 * Copyright 2015-2016 ForgeRock AS. 015 */ 016 017package org.forgerock.openam.sts.rest.token.provider; 018 019import org.forgerock.json.JsonValue; 020import org.forgerock.openam.sts.TokenTypeId; 021 022/** 023 * Parameter state passed to JsonTokenProvider instances. Generic type corresponds to the token state necessary to 024 * produce the token produced by the RestTokenProvider. The token creation state necessary to create a SAML2 assertion includes 025 * the SubjectConfirmation and the ProofTokenState (for HolderOfKey assertions). The token creation state necessary to 026 * create a OIDC token includes a nonce and the authentication time. This state is too heterogeneous to subsume in anything 027 * other than a marker interface. Note also that this type is reflected in the RestTokenProvider interface, and it 028 * should be as generic as possible, as to support user-defined RestTokenProvider implementations. 029 * 030 * @supported.all.api 031 */ 032public interface RestTokenProviderParameters<T> { 033 /** 034 * Gets the token state necessary to produce the token - e.g. the SubjectConfirmation 035 * or proof token state for a SAML2 assertion. 036 * 037 * @return the token creation state. 038 */ 039 T getTokenCreationState(); 040 041 /** 042 * Gets the type of the input token. Necessary to generate the authentication context class ref for 043 * a SAML2 assertion - in general, produced tokens may have to have a representation of how the subject encapsulated 044 * in the generated token was authenticated. Published sts instances allow for the specification of a Saml2JsonTokenAuthnContextMapper 045 * implementation which will generate this SAML2 authentication context class ref, a plug-in interface which takes 046 * the TokenTypeId as input. Published rest-sts instances which produce OpenIdConnect tokens have similar mapping 047 * implementations which produce the amr and acr claims. 048 * 049 * @return the type of the input token. 050 */ 051 TokenTypeId getInputTokenType(); 052 053 /** 054 * Gets the json representation of the input token. Necessary to generate the authentication context class ref for 055 * a SAML2 assertion - in general, produced tokens may have to have a representation of how the subject encapsulated 056 * in the generated token was authenticated. Published sts instances allow for the specification of a Saml2JsonTokenAuthnContextMapper 057 * implementation which will generate this SAML2 authentication context class ref, a plug-in interface which takes the json representation 058 * of the token as input. Published rest-sts instances which produce OpenIdConnect tokens have similar mapping 059 * implementations which produce the amr and acr claims. 060 * 061 * @return the json representation of the input token. 062 */ 063 JsonValue getInputToken(); 064}