001/******************************************************************************* 002 * Copyright 2017 The MIT Internet Trust Consortium 003 * 004 * Portions copyright 2011-2013 The MITRE Corporation 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); 007 * you may not use this file except in compliance with the License. 008 * You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 *******************************************************************************/ 018/** 019 * 020 */ 021package org.mitre.oauth2.model; 022 023import java.util.Date; 024import java.util.HashMap; 025import java.util.HashSet; 026import java.util.Map; 027import java.util.Set; 028 029import javax.persistence.Basic; 030import javax.persistence.CollectionTable; 031import javax.persistence.Column; 032import javax.persistence.Convert; 033import javax.persistence.ElementCollection; 034import javax.persistence.Entity; 035import javax.persistence.EnumType; 036import javax.persistence.Enumerated; 037import javax.persistence.FetchType; 038import javax.persistence.GeneratedValue; 039import javax.persistence.GenerationType; 040import javax.persistence.Id; 041import javax.persistence.JoinColumn; 042import javax.persistence.NamedQueries; 043import javax.persistence.NamedQuery; 044import javax.persistence.PrePersist; 045import javax.persistence.PreUpdate; 046import javax.persistence.Table; 047import javax.persistence.Temporal; 048import javax.persistence.TemporalType; 049import javax.persistence.Transient; 050 051import org.mitre.oauth2.model.convert.JWEAlgorithmStringConverter; 052import org.mitre.oauth2.model.convert.JWEEncryptionMethodStringConverter; 053import org.mitre.oauth2.model.convert.JWKSetStringConverter; 054import org.mitre.oauth2.model.convert.JWSAlgorithmStringConverter; 055import org.mitre.oauth2.model.convert.JWTStringConverter; 056import org.mitre.oauth2.model.convert.PKCEAlgorithmStringConverter; 057import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter; 058import org.springframework.security.core.GrantedAuthority; 059import org.springframework.security.oauth2.provider.ClientDetails; 060 061import com.nimbusds.jose.EncryptionMethod; 062import com.nimbusds.jose.JWEAlgorithm; 063import com.nimbusds.jose.JWSAlgorithm; 064import com.nimbusds.jose.jwk.JWKSet; 065import com.nimbusds.jwt.JWT; 066 067/** 068 * @author jricher 069 * 070 */ 071@Entity 072@Table(name = "client_details") 073@NamedQueries({ 074 @NamedQuery(name = ClientDetailsEntity.QUERY_ALL, query = "SELECT c FROM ClientDetailsEntity c"), 075 @NamedQuery(name = ClientDetailsEntity.QUERY_BY_CLIENT_ID, query = "select c from ClientDetailsEntity c where c.clientId = :" + ClientDetailsEntity.PARAM_CLIENT_ID) 076}) 077public class ClientDetailsEntity implements ClientDetails { 078 079 public static final String QUERY_BY_CLIENT_ID = "ClientDetailsEntity.getByClientId"; 080 public static final String QUERY_ALL = "ClientDetailsEntity.findAll"; 081 082 public static final String PARAM_CLIENT_ID = "clientId"; 083 084 private static final int DEFAULT_ID_TOKEN_VALIDITY_SECONDS = 600; 085 086 private static final long serialVersionUID = -1617727085733786296L; 087 088 private Long id; 089 090 /** Fields from the OAuth2 Dynamic Registration Specification */ 091 private String clientId = null; // client_id 092 private String clientSecret = null; // client_secret 093 private Set<String> redirectUris = new HashSet<>(); // redirect_uris 094 private String clientName; // client_name 095 private String clientUri; // client_uri 096 private String logoUri; // logo_uri 097 private Set<String> contacts; // contacts 098 private String tosUri; // tos_uri 099 private AuthMethod tokenEndpointAuthMethod = AuthMethod.SECRET_BASIC; // token_endpoint_auth_method 100 private Set<String> scope = new HashSet<>(); // scope 101 private Set<String> grantTypes = new HashSet<>(); // grant_types 102 private Set<String> responseTypes = new HashSet<>(); // response_types 103 private String policyUri; 104 private String jwksUri; // URI pointer to keys 105 private JWKSet jwks; // public key stored by value 106 private String softwareId; 107 private String softwareVersion; 108 109 /** Fields from OIDC Client Registration Specification **/ 110 private AppType applicationType; // application_type 111 private String sectorIdentifierUri; // sector_identifier_uri 112 private SubjectType subjectType; // subject_type 113 114 private JWSAlgorithm requestObjectSigningAlg = null; // request_object_signing_alg 115 116 private JWSAlgorithm userInfoSignedResponseAlg = null; // user_info_signed_response_alg 117 private JWEAlgorithm userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg 118 private EncryptionMethod userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc 119 120 private JWSAlgorithm idTokenSignedResponseAlg = null; // id_token_signed_response_alg 121 private JWEAlgorithm idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg 122 private EncryptionMethod idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc 123 124 private JWSAlgorithm tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg 125 126 private Integer defaultMaxAge; // default_max_age 127 private Boolean requireAuthTime; // require_auth_time 128 private Set<String> defaultACRvalues; // default_acr_values 129 130 private String initiateLoginUri; // initiate_login_uri 131 private Set<String> postLogoutRedirectUris; // post_logout_redirect_uris 132 133 private Set<String> requestUris; // request_uris 134 135 /** Fields to support the ClientDetails interface **/ 136 private Set<GrantedAuthority> authorities = new HashSet<>(); 137 private Integer accessTokenValiditySeconds = 0; // in seconds 138 private Integer refreshTokenValiditySeconds = 0; // in seconds 139 private Set<String> resourceIds = new HashSet<>(); 140 private Map<String, Object> additionalInformation = new HashMap<>(); 141 142 /** Our own fields **/ 143 private String clientDescription = ""; // human-readable description 144 private boolean reuseRefreshToken = true; // do we let someone reuse a refresh token? 145 private boolean dynamicallyRegistered = false; // was this client dynamically registered? 146 private boolean allowIntrospection = false; // do we let this client call the introspection endpoint? 147 private Integer idTokenValiditySeconds; //timeout for id tokens 148 private Date createdAt; // time the client was created 149 private boolean clearAccessTokensOnRefresh = true; // do we clear access tokens on refresh? 150 private Integer deviceCodeValiditySeconds; // timeout for device codes 151 152 /** fields for UMA */ 153 private Set<String> claimsRedirectUris; 154 155 /** Software statement **/ 156 private JWT softwareStatement; 157 158 /** PKCE **/ 159 private PKCEAlgorithm codeChallengeMethod; 160 161 public enum AuthMethod { 162 SECRET_POST("client_secret_post"), 163 SECRET_BASIC("client_secret_basic"), 164 SECRET_JWT("client_secret_jwt"), 165 PRIVATE_KEY("private_key_jwt"), 166 NONE("none"); 167 168 private final String value; 169 170 // map to aid reverse lookup 171 private static final Map<String, AuthMethod> lookup = new HashMap<>(); 172 static { 173 for (AuthMethod a : AuthMethod.values()) { 174 lookup.put(a.getValue(), a); 175 } 176 } 177 178 AuthMethod(String value) { 179 this.value = value; 180 } 181 182 public String getValue() { 183 return value; 184 } 185 186 public static AuthMethod getByValue(String value) { 187 return lookup.get(value); 188 } 189 } 190 191 public enum AppType { 192 WEB("web"), NATIVE("native"); 193 194 private final String value; 195 196 // map to aid reverse lookup 197 private static final Map<String, AppType> lookup = new HashMap<>(); 198 static { 199 for (AppType a : AppType.values()) { 200 lookup.put(a.getValue(), a); 201 } 202 } 203 204 AppType(String value) { 205 this.value = value; 206 } 207 208 public String getValue() { 209 return value; 210 } 211 212 public static AppType getByValue(String value) { 213 return lookup.get(value); 214 } 215 } 216 217 public enum SubjectType { 218 PAIRWISE("pairwise"), PUBLIC("public"); 219 220 private final String value; 221 222 // map to aid reverse lookup 223 private static final Map<String, SubjectType> lookup = new HashMap<>(); 224 static { 225 for (SubjectType u : SubjectType.values()) { 226 lookup.put(u.getValue(), u); 227 } 228 } 229 230 SubjectType(String value) { 231 this.value = value; 232 } 233 234 public String getValue() { 235 return value; 236 } 237 238 public static SubjectType getByValue(String value) { 239 return lookup.get(value); 240 } 241 } 242 243 /** 244 * Create a blank ClientDetailsEntity 245 */ 246 public ClientDetailsEntity() { 247 248 } 249 250 @PrePersist 251 @PreUpdate 252 private void prePersist() { 253 // make sure that ID tokens always time out, default to 5 minutes 254 if (getIdTokenValiditySeconds() == null) { 255 setIdTokenValiditySeconds(DEFAULT_ID_TOKEN_VALIDITY_SECONDS); 256 } 257 } 258 259 /** 260 * @return the id 261 */ 262 @Id 263 @GeneratedValue(strategy = GenerationType.IDENTITY) 264 @Column(name = "id") 265 public Long getId() { 266 return id; 267 } 268 269 /** 270 * 271 * @param id the id to set 272 */ 273 public void setId(Long id) { 274 this.id = id; 275 } 276 277 /** 278 * @return the clientDescription 279 */ 280 @Basic 281 @Column(name="client_description") 282 public String getClientDescription() { 283 return clientDescription; 284 } 285 286 /** 287 * @param clientDescription Human-readable long description of the client (optional) 288 */ 289 public void setClientDescription(String clientDescription) { 290 this.clientDescription = clientDescription; 291 } 292 293 /** 294 * @return the allowRefresh 295 */ 296 @Transient 297 public boolean isAllowRefresh() { 298 if (grantTypes != null) { 299 return getAuthorizedGrantTypes().contains("refresh_token"); 300 } else { 301 return false; // if there are no grants, we can't be refreshing them, can we? 302 } 303 } 304 305 @Basic 306 @Column(name="reuse_refresh_tokens") 307 public boolean isReuseRefreshToken() { 308 return reuseRefreshToken; 309 } 310 311 public void setReuseRefreshToken(boolean reuseRefreshToken) { 312 this.reuseRefreshToken = reuseRefreshToken; 313 } 314 315 /** 316 * Number of seconds ID token is valid for. MUST be a positive integer, can not be null. 317 * 318 * @return the idTokenValiditySeconds 319 */ 320 @Basic 321 @Column(name="id_token_validity_seconds") 322 public Integer getIdTokenValiditySeconds() { 323 return idTokenValiditySeconds; 324 } 325 326 /** 327 * @param idTokenValiditySeconds the idTokenValiditySeconds to set 328 */ 329 public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) { 330 this.idTokenValiditySeconds = idTokenValiditySeconds; 331 } 332 333 /** 334 * @return the dynamicallyRegistered 335 */ 336 @Basic 337 @Column(name="dynamically_registered") 338 public boolean isDynamicallyRegistered() { 339 return dynamicallyRegistered; 340 } 341 342 /** 343 * @param dynamicallyRegistered the dynamicallyRegistered to set 344 */ 345 public void setDynamicallyRegistered(boolean dynamicallyRegistered) { 346 this.dynamicallyRegistered = dynamicallyRegistered; 347 } 348 349 350 351 352 353 /** 354 * @return the allowIntrospection 355 */ 356 @Basic 357 @Column(name="allow_introspection") 358 public boolean isAllowIntrospection() { 359 return allowIntrospection; 360 } 361 362 /** 363 * @param allowIntrospection the allowIntrospection to set 364 */ 365 public void setAllowIntrospection(boolean allowIntrospection) { 366 this.allowIntrospection = allowIntrospection; 367 } 368 369 /** 370 * 371 */ 372 @Override 373 @Transient 374 public boolean isSecretRequired() { 375 if (getTokenEndpointAuthMethod() != null && 376 (getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) || 377 getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST) || 378 getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT))) { 379 return true; 380 } else { 381 return false; 382 } 383 384 } 385 386 /** 387 * If the scope list is not null or empty, then this client has been scoped. 388 */ 389 @Override 390 @Transient 391 public boolean isScoped() { 392 return getScope() != null && !getScope().isEmpty(); 393 } 394 395 /** 396 * @return the clientId 397 */ 398 @Basic 399 @Override 400 @Column(name="client_id") 401 public String getClientId() { 402 return clientId; 403 } 404 405 /** 406 * @param clientId The OAuth2 client_id, must be unique to this client 407 */ 408 public void setClientId(String clientId) { 409 this.clientId = clientId; 410 } 411 412 /** 413 * @return the clientSecret 414 */ 415 @Basic 416 @Override 417 @Column(name="client_secret") 418 public String getClientSecret() { 419 return clientSecret; 420 } 421 422 /** 423 * @param clientSecret the OAuth2 client_secret (optional) 424 */ 425 public void setClientSecret(String clientSecret) { 426 this.clientSecret = clientSecret; 427 } 428 429 /** 430 * @return the scope 431 */ 432 @ElementCollection(fetch = FetchType.EAGER) 433 @CollectionTable( 434 name="client_scope", 435 joinColumns=@JoinColumn(name="owner_id") 436 ) 437 @Override 438 @Column(name="scope") 439 public Set<String> getScope() { 440 return scope; 441 } 442 443 /** 444 * @param scope the set of scopes allowed to be issued to this client 445 */ 446 public void setScope(Set<String> scope) { 447 this.scope = scope; 448 } 449 450 /** 451 * @return the authorizedGrantTypes 452 */ 453 @ElementCollection(fetch = FetchType.EAGER) 454 @CollectionTable( 455 name="client_grant_type", 456 joinColumns=@JoinColumn(name="owner_id") 457 ) 458 @Column(name="grant_type") 459 public Set<String> getGrantTypes() { 460 return grantTypes; 461 } 462 463 /** 464 * @param authorizedGrantTypes the OAuth2 grant types that this client is allowed to use 465 */ 466 public void setGrantTypes(Set<String> grantTypes) { 467 this.grantTypes = grantTypes; 468 } 469 470 /** 471 * passthrough for SECOAUTH api 472 */ 473 @Override 474 @Transient 475 public Set<String> getAuthorizedGrantTypes() { 476 return getGrantTypes(); 477 } 478 479 /** 480 * @return the authorities 481 */ 482 @ElementCollection(fetch = FetchType.EAGER) 483 @CollectionTable( 484 name="client_authority", 485 joinColumns=@JoinColumn(name="owner_id") 486 ) 487 @Override 488 @Convert(converter = SimpleGrantedAuthorityStringConverter.class) 489 @Column(name="authority") 490 public Set<GrantedAuthority> getAuthorities() { 491 return authorities; 492 } 493 494 /** 495 * @param authorities the Spring Security authorities this client is given 496 */ 497 public void setAuthorities(Set<GrantedAuthority> authorities) { 498 this.authorities = authorities; 499 } 500 501 @Override 502 @Basic 503 @Column(name="access_token_validity_seconds") 504 public Integer getAccessTokenValiditySeconds() { 505 return accessTokenValiditySeconds; 506 } 507 508 /** 509 * @param accessTokenTimeout the accessTokenTimeout to set 510 */ 511 public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) { 512 this.accessTokenValiditySeconds = accessTokenValiditySeconds; 513 } 514 515 @Override 516 @Basic 517 @Column(name="refresh_token_validity_seconds") 518 public Integer getRefreshTokenValiditySeconds() { 519 return refreshTokenValiditySeconds; 520 } 521 522 /** 523 * @param refreshTokenTimeout Lifetime of refresh tokens, in seconds (optional - leave null for no timeout) 524 */ 525 public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) { 526 this.refreshTokenValiditySeconds = refreshTokenValiditySeconds; 527 } 528 529 /** 530 * @return the registeredRedirectUri 531 */ 532 @ElementCollection(fetch = FetchType.EAGER) 533 @CollectionTable( 534 name="client_redirect_uri", 535 joinColumns=@JoinColumn(name="owner_id") 536 ) 537 @Column(name="redirect_uri") 538 public Set<String> getRedirectUris() { 539 return redirectUris; 540 } 541 542 /** 543 * @param registeredRedirectUri the registeredRedirectUri to set 544 */ 545 public void setRedirectUris(Set<String> redirectUris) { 546 this.redirectUris = redirectUris; 547 } 548 549 /** 550 * Pass-through method to fulfill the ClientDetails interface with a bad name 551 */ 552 @Override 553 @Transient 554 public Set<String> getRegisteredRedirectUri() { 555 return getRedirectUris(); 556 } 557 558 /** 559 * @return the resourceIds 560 */ 561 @Override 562 @ElementCollection(fetch = FetchType.EAGER) 563 @CollectionTable( 564 name="client_resource", 565 joinColumns=@JoinColumn(name="owner_id") 566 ) 567 @Column(name="resource_id") 568 public Set<String> getResourceIds() { 569 return resourceIds; 570 } 571 572 /** 573 * @param resourceIds the resourceIds to set 574 */ 575 public void setResourceIds(Set<String> resourceIds) { 576 this.resourceIds = resourceIds; 577 } 578 579 580 /** 581 * This library does not make use of this field, so it is not 582 * stored using our persistence layer. 583 * 584 * However, it's somehow required by SECOUATH. 585 * 586 * @return an empty map 587 */ 588 @Override 589 @Transient 590 public Map<String, Object> getAdditionalInformation() { 591 return this.additionalInformation; 592 } 593 594 595 596 597 @Enumerated(EnumType.STRING) 598 @Column(name="application_type") 599 public AppType getApplicationType() { 600 return applicationType; 601 } 602 603 public void setApplicationType(AppType applicationType) { 604 this.applicationType = applicationType; 605 } 606 607 @Basic 608 @Column(name="client_name") 609 public String getClientName() { 610 return clientName; 611 } 612 613 public void setClientName(String clientName) { 614 this.clientName = clientName; 615 } 616 617 @Enumerated(EnumType.STRING) 618 @Column(name="token_endpoint_auth_method") 619 public AuthMethod getTokenEndpointAuthMethod() { 620 return tokenEndpointAuthMethod; 621 } 622 623 public void setTokenEndpointAuthMethod(AuthMethod tokenEndpointAuthMethod) { 624 this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; 625 } 626 627 @Enumerated(EnumType.STRING) 628 @Column(name="subject_type") 629 public SubjectType getSubjectType() { 630 return subjectType; 631 } 632 633 public void setSubjectType(SubjectType subjectType) { 634 this.subjectType = subjectType; 635 } 636 637 @ElementCollection(fetch = FetchType.EAGER) 638 @CollectionTable( 639 name="client_contact", 640 joinColumns=@JoinColumn(name="owner_id") 641 ) 642 @Column(name="contact") 643 public Set<String> getContacts() { 644 return contacts; 645 } 646 647 public void setContacts(Set<String> contacts) { 648 this.contacts = contacts; 649 } 650 651 @Basic 652 @Column(name="logo_uri") 653 public String getLogoUri() { 654 return logoUri; 655 } 656 657 public void setLogoUri(String logoUri) { 658 this.logoUri = logoUri; 659 } 660 661 @Basic 662 @Column(name="policy_uri") 663 public String getPolicyUri() { 664 return policyUri; 665 } 666 667 public void setPolicyUri(String policyUri) { 668 this.policyUri = policyUri; 669 } 670 671 /** 672 * @return the clientUrl 673 */ 674 @Basic 675 @Column(name="client_uri") 676 public String getClientUri() { 677 return clientUri; 678 } 679 680 /** 681 * @param clientUrl the clientUrl to set 682 */ 683 public void setClientUri(String clientUri) { 684 this.clientUri = clientUri; 685 } 686 687 /** 688 * @return the tosUrl 689 */ 690 @Basic 691 @Column(name="tos_uri") 692 public String getTosUri() { 693 return tosUri; 694 } 695 696 /** 697 * @param tosUrl the tosUrl to set 698 */ 699 public void setTosUri(String tosUri) { 700 this.tosUri = tosUri; 701 } 702 703 @Basic 704 @Column(name="jwks_uri") 705 public String getJwksUri() { 706 return jwksUri; 707 } 708 709 public void setJwksUri(String jwksUri) { 710 this.jwksUri = jwksUri; 711 } 712 713 /** 714 * @return the jwks 715 */ 716 @Basic 717 @Column(name="jwks") 718 @Convert(converter = JWKSetStringConverter.class) 719 public JWKSet getJwks() { 720 return jwks; 721 } 722 723 /** 724 * @param jwks the jwks to set 725 */ 726 public void setJwks(JWKSet jwks) { 727 this.jwks = jwks; 728 } 729 730 @Basic 731 @Column(name="sector_identifier_uri") 732 public String getSectorIdentifierUri() { 733 return sectorIdentifierUri; 734 } 735 736 public void setSectorIdentifierUri(String sectorIdentifierUri) { 737 this.sectorIdentifierUri = sectorIdentifierUri; 738 } 739 740 @Basic 741 @Column(name = "request_object_signing_alg") 742 @Convert(converter = JWSAlgorithmStringConverter.class) 743 public JWSAlgorithm getRequestObjectSigningAlg() { 744 return requestObjectSigningAlg; 745 } 746 747 public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) { 748 this.requestObjectSigningAlg = requestObjectSigningAlg; 749 } 750 751 @Basic 752 @Column(name = "user_info_signed_response_alg") 753 @Convert(converter = JWSAlgorithmStringConverter.class) 754 public JWSAlgorithm getUserInfoSignedResponseAlg() { 755 return userInfoSignedResponseAlg; 756 } 757 758 public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) { 759 this.userInfoSignedResponseAlg = userInfoSignedResponseAlg; 760 } 761 762 @Basic 763 @Column(name = "user_info_encrypted_response_alg") 764 @Convert(converter = JWEAlgorithmStringConverter.class) 765 public JWEAlgorithm getUserInfoEncryptedResponseAlg() { 766 return userInfoEncryptedResponseAlg; 767 } 768 769 public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) { 770 this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg; 771 } 772 773 @Basic 774 @Column(name = "user_info_encrypted_response_enc") 775 @Convert(converter = JWEEncryptionMethodStringConverter.class) 776 public EncryptionMethod getUserInfoEncryptedResponseEnc() { 777 return userInfoEncryptedResponseEnc; 778 } 779 780 public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) { 781 this.userInfoEncryptedResponseEnc = userInfoEncryptedResponseEnc; 782 } 783 784 @Basic 785 @Column(name="id_token_signed_response_alg") 786 @Convert(converter = JWSAlgorithmStringConverter.class) 787 public JWSAlgorithm getIdTokenSignedResponseAlg() { 788 return idTokenSignedResponseAlg; 789 } 790 791 public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) { 792 this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; 793 } 794 795 @Basic 796 @Column(name = "id_token_encrypted_response_alg") 797 @Convert(converter = JWEAlgorithmStringConverter.class) 798 public JWEAlgorithm getIdTokenEncryptedResponseAlg() { 799 return idTokenEncryptedResponseAlg; 800 } 801 802 public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) { 803 this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg; 804 } 805 806 @Basic 807 @Column(name = "id_token_encrypted_response_enc") 808 @Convert(converter = JWEEncryptionMethodStringConverter.class) 809 public EncryptionMethod getIdTokenEncryptedResponseEnc() { 810 return idTokenEncryptedResponseEnc; 811 } 812 813 public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) { 814 this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; 815 } 816 817 @Basic 818 @Column(name="token_endpoint_auth_signing_alg") 819 @Convert(converter = JWSAlgorithmStringConverter.class) 820 public JWSAlgorithm getTokenEndpointAuthSigningAlg() { 821 return tokenEndpointAuthSigningAlg; 822 } 823 824 public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) { 825 this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; 826 } 827 828 @Basic 829 @Column(name="default_max_age") 830 public Integer getDefaultMaxAge() { 831 return defaultMaxAge; 832 } 833 834 public void setDefaultMaxAge(Integer defaultMaxAge) { 835 this.defaultMaxAge = defaultMaxAge; 836 } 837 838 @Basic 839 @Column(name="require_auth_time") 840 public Boolean getRequireAuthTime() { 841 return requireAuthTime; 842 } 843 844 public void setRequireAuthTime(Boolean requireAuthTime) { 845 this.requireAuthTime = requireAuthTime; 846 } 847 848 /** 849 * @return the responseTypes 850 */ 851 @ElementCollection(fetch = FetchType.EAGER) 852 @CollectionTable( 853 name="client_response_type", 854 joinColumns=@JoinColumn(name="owner_id") 855 ) 856 @Column(name="response_type") 857 public Set<String> getResponseTypes() { 858 return responseTypes; 859 } 860 861 /** 862 * @param responseTypes the responseTypes to set 863 */ 864 public void setResponseTypes(Set<String> responseTypes) { 865 this.responseTypes = responseTypes; 866 } 867 868 /** 869 * @return the defaultACRvalues 870 */ 871 @ElementCollection(fetch = FetchType.EAGER) 872 @CollectionTable( 873 name="client_default_acr_value", 874 joinColumns=@JoinColumn(name="owner_id") 875 ) 876 @Column(name="default_acr_value") 877 public Set<String> getDefaultACRvalues() { 878 return defaultACRvalues; 879 } 880 881 /** 882 * @param defaultACRvalues the defaultACRvalues to set 883 */ 884 public void setDefaultACRvalues(Set<String> defaultACRvalues) { 885 this.defaultACRvalues = defaultACRvalues; 886 } 887 888 /** 889 * @return the initiateLoginUri 890 */ 891 @Basic 892 @Column(name="initiate_login_uri") 893 public String getInitiateLoginUri() { 894 return initiateLoginUri; 895 } 896 897 /** 898 * @param initiateLoginUri the initiateLoginUri to set 899 */ 900 public void setInitiateLoginUri(String initiateLoginUri) { 901 this.initiateLoginUri = initiateLoginUri; 902 } 903 904 /** 905 * @return the postLogoutRedirectUri 906 */ 907 @ElementCollection(fetch = FetchType.EAGER) 908 @CollectionTable( 909 name="client_post_logout_redirect_uri", 910 joinColumns=@JoinColumn(name="owner_id") 911 ) 912 @Column(name="post_logout_redirect_uri") 913 public Set<String> getPostLogoutRedirectUris() { 914 return postLogoutRedirectUris; 915 } 916 917 /** 918 * @param postLogoutRedirectUri the postLogoutRedirectUri to set 919 */ 920 public void setPostLogoutRedirectUris(Set<String> postLogoutRedirectUri) { 921 this.postLogoutRedirectUris = postLogoutRedirectUri; 922 } 923 924 /** 925 * @return the requestUris 926 */ 927 @ElementCollection(fetch = FetchType.EAGER) 928 @CollectionTable( 929 name="client_request_uri", 930 joinColumns=@JoinColumn(name="owner_id") 931 ) 932 @Column(name="request_uri") 933 public Set<String> getRequestUris() { 934 return requestUris; 935 } 936 937 /** 938 * @param requestUris the requestUris to set 939 */ 940 public void setRequestUris(Set<String> requestUris) { 941 this.requestUris = requestUris; 942 } 943 944 /** 945 * @return the createdAt 946 */ 947 @Temporal(TemporalType.TIMESTAMP) 948 @Column(name="created_at") 949 public Date getCreatedAt() { 950 return createdAt; 951 } 952 953 /** 954 * @param createdAt the createdAt to set 955 */ 956 public void setCreatedAt(Date createdAt) { 957 this.createdAt = createdAt; 958 } 959 960 /** 961 * Our framework doesn't use this construct, we use WhitelistedSites and ApprovedSites instead. 962 */ 963 @Override 964 public boolean isAutoApprove(String scope) { 965 return false; 966 } 967 968 /** 969 * @return the clearAccessTokensOnRefresh 970 */ 971 @Basic 972 @Column(name = "clear_access_tokens_on_refresh") 973 public boolean isClearAccessTokensOnRefresh() { 974 return clearAccessTokensOnRefresh; 975 } 976 977 /** 978 * @param clearAccessTokensOnRefresh the clearAccessTokensOnRefresh to set 979 */ 980 public void setClearAccessTokensOnRefresh(boolean clearAccessTokensOnRefresh) { 981 this.clearAccessTokensOnRefresh = clearAccessTokensOnRefresh; 982 } 983 984 /** 985 * @return the claimsRedirectUris 986 */ 987 @ElementCollection(fetch = FetchType.EAGER) 988 @CollectionTable( 989 name="client_claims_redirect_uri", 990 joinColumns=@JoinColumn(name="owner_id") 991 ) 992 @Column(name="redirect_uri") 993 public Set<String> getClaimsRedirectUris() { 994 return claimsRedirectUris; 995 } 996 997 /** 998 * @param claimsRedirectUris the claimsRedirectUris to set 999 */ 1000 public void setClaimsRedirectUris(Set<String> claimsRedirectUris) { 1001 this.claimsRedirectUris = claimsRedirectUris; 1002 } 1003 1004 /** 1005 * @return the softwareStatement 1006 */ 1007 @Basic 1008 @Column(name = "software_statement") 1009 @Convert(converter = JWTStringConverter.class) 1010 public JWT getSoftwareStatement() { 1011 return softwareStatement; 1012 } 1013 1014 /** 1015 * @param softwareStatement the softwareStatement to set 1016 */ 1017 public void setSoftwareStatement(JWT softwareStatement) { 1018 this.softwareStatement = softwareStatement; 1019 } 1020 1021 /** 1022 * @return the codeChallengeMethod 1023 */ 1024 @Basic 1025 @Column(name = "code_challenge_method") 1026 @Convert(converter = PKCEAlgorithmStringConverter.class) 1027 public PKCEAlgorithm getCodeChallengeMethod() { 1028 return codeChallengeMethod; 1029 } 1030 1031 /** 1032 * @param codeChallengeMethod the codeChallengeMethod to set 1033 */ 1034 public void setCodeChallengeMethod(PKCEAlgorithm codeChallengeMethod) { 1035 this.codeChallengeMethod = codeChallengeMethod; 1036 } 1037 1038 /** 1039 * @return the deviceCodeValiditySeconds 1040 */ 1041 @Basic 1042 @Column(name="device_code_validity_seconds") 1043 public Integer getDeviceCodeValiditySeconds() { 1044 return deviceCodeValiditySeconds; 1045 } 1046 1047 /** 1048 * @param deviceCodeValiditySeconds the deviceCodeValiditySeconds to set 1049 */ 1050 public void setDeviceCodeValiditySeconds(Integer deviceCodeValiditySeconds) { 1051 this.deviceCodeValiditySeconds = deviceCodeValiditySeconds; 1052 } 1053 1054 /** 1055 * @return the softwareId 1056 */ 1057 @Basic 1058 @Column(name="software_id") 1059 public String getSoftwareId() { 1060 return softwareId; 1061 } 1062 1063 /** 1064 * @param softwareId the softwareId to set 1065 */ 1066 public void setSoftwareId(String softwareId) { 1067 this.softwareId = softwareId; 1068 } 1069 1070 /** 1071 * @return the softwareVersion 1072 */ 1073 @Basic 1074 @Column(name="software_version") 1075 public String getSoftwareVersion() { 1076 return softwareVersion; 1077 } 1078 1079 /** 1080 * @param softwareVersion the softwareVersion to set 1081 */ 1082 public void setSoftwareVersion(String softwareVersion) { 1083 this.softwareVersion = softwareVersion; 1084 } 1085 1086}