001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2014-2017 ForgeRock AS. 015 */ 016 017package org.forgerock.oauth2.core; 018 019import java.net.URI; 020import java.util.Locale; 021import java.util.Map; 022import java.util.Set; 023 024import org.forgerock.json.jose.jws.JwsAlgorithm; 025import org.forgerock.oauth2.core.exceptions.ServerException; 026 027/** 028 * Models a client registration in the OAuth2 provider. 029 * 030 * @since 12.0.0 031 * @supported.all.api 032 */ 033public interface ClientRegistration { 034 035 /** 036 * Gets the registered redirect uris for the client. 037 * 038 * @return The redirect uris. 039 */ 040 Set<URI> getRedirectUris(); 041 042 /** 043 * Gets the registered post logout redirect uris for the client. 044 * 045 * @return The redirect uris. 046 */ 047 Set<URI> getPostLogoutRedirectUris(); 048 049 /** 050 * Gets the allowed response types. 051 * 052 * @return The allowed response types. 053 */ 054 Set<String> getAllowedResponseTypes(); 055 056 /** 057 * Gets the client's identifier. 058 * 059 * @return The client's id. 060 */ 061 String getClientId(); 062 063 /** 064 * Gets the client's secret. 065 * 066 * @return The client's secret. 067 */ 068 String getClientSecret(); 069 070 /** 071 * Gets the type of access token the client requires. 072 * 073 * @return The access token type. 074 */ 075 String getAccessTokenType(); 076 077 /** 078 * Gets the display name of the client in the specified locale. 079 * 080 * @param locale The locale. 081 * @return The display name. 082 */ 083 String getDisplayName(Locale locale); 084 085 /** 086 * Gets the display description of the client in the specified locale. 087 * 088 * @param locale The locale. 089 * @return The display description. 090 */ 091 String getDisplayDescription(Locale locale); 092 093 /** 094 * Gets the display descriptions for the allowed and default scopes combined, in the specified locale. 095 * 096 * @param locale The locale. 097 * @return The descriptions of the allowed and default scopes combined. 098 */ 099 Map<String, String> getScopeDescriptions(Locale locale) throws ServerException; 100 101 /** 102 * Gets the display descriptions for the allowed and default scopes combined, in the specified locale. 103 * 104 * @param locale The locale. 105 * @return The descriptions of the allowed and default scopes combined. 106 */ 107 Map<String, String> getClaimDescriptions(Locale locale) throws ServerException; 108 109 /** 110 * Gets the default scopes configured for the client. 111 * 112 * @return The default scopes. 113 */ 114 Set<String> getDefaultScopes(); 115 116 /** 117 * Gets the allowed scopes configured for the client. 118 * 119 * @return The allowed scopes. 120 */ 121 Set<String> getAllowedScopes(); 122 123 /** 124 * Gets whether the client is confidential or not. 125 * 126 * @return {@code true} if the client is confidential. 127 */ 128 boolean isConfidential(); 129 130 /** 131 * Gets the client's session URI. 132 * 133 * @return The client's session URI. 134 */ 135 String getClientSessionURI(); 136 137 /** 138 * Gets the subject type of this client. PAIRWISE or PUBLIC. 139 */ 140 String getSubjectType(); 141 142 /** 143 * Verifies that the supplied jwt is signed by this client. 144 */ 145 boolean verifyJwtBearerForClientAuthentication(OAuth2Jwt jwt); 146 147 /** 148 * Verifies that the supplied jwt is signed by AM. 149 */ 150 boolean verifyJwtSignedByOAuth2Provider(OAuth2Jwt jwt, JwsAlgorithm expectedJwsAlgorithm); 151 152 /** 153 * Gets whether or not the client wants the OAuth2 implementation to skip asking the resource owner for consent. 154 * 155 * @return true if the client is configured to skip resource owner consent. 156 */ 157 boolean isConsentImplied(); 158}