Nimbus OAuth 2.0 SDK with OpenID Connect extensions

  • Comprehensive Java library for developing OAuth 2.0 and OpenID Connect clients and servers
  • Standards compliant, robust and extensible
  • Open source (Apache 2.0 licence)

This library is your starting point for developing OAuth 2.0 and OpenID Connect applications in Java. It provides ready and simple-to-use classes for dealing with tokens and representing the protocol messages, ensuring standards compliance and thus interoperability.

The OAuth 2.0 and OpenID Connect standards permit application-specific profiles and extensions, and this library also caters for that, with suitable interfaces and base classes where required.

OAuth 2.0

Supported operations for OAuth 2.0 authorisation server development:

  • Parse and process requests at the Authorisation Endpoint, then generate the appropriate responses with an authorisation code or access token;

  • Parse and process requests at the Token Endpoint, then generate the appropriate responses;

  • Parse and process requests at the Token Introspection Endpoint;

  • Parse and process requests at the Token Revocation Endpoint;

  • Parse and process requests at the Client Registration Endpoint, then generate the appropriate responses.

For OAuth 2.0 client development:

  • Make requests to an OAuth 2.0 Authorisation Endpoint and parse the responses;

  • Make requests to an OAuth 2.0 Token Endpoint and parse the responses;

  • Make requests to an OAuth 2.0 Token Introspection Endpoint and process the responses;

  • Make requests to an OAuth 2.0 Token Revocation Endpoint and parse the responses;

  • Make requests to a protected resource using an OAuth 2.0 access token.

OpenID Connect

For OpenID Connect provider (OP) development:

  • Parse and process requests at the OpenID Connect Authorisation Endpoint, then generate the appropriate responses with an authorisation code, ID Token and / or UserInfo access token;

  • Parse and process requests at the OpenID Connect Token Endpoint, then generate the appropriate responses;

  • Parse and process requests at the OpenID Connect UserInfo Endpoint, then generate the appropriate responses;

  • Parse and process requests at the OpenID Connect Client Registration Endpoint, then generate the appropriate responses;

  • Parse and process requests at the OpenID Connect End-Session (Logout) Endpoint.

  • Make requests to a Relying Party Back-Channel Logout Endpoint.

For OpenID Connect relying party (RP) development:

  • Make requests to an OpenID Connect Authorisation Endpoint and process the responses;

  • Make requests to an OpenID Connect Token Endpoint and process the responses;

  • Make requests to an OpenID Connect UserInfo Endpoint and process the responses;

  • Make requests to an OpenID Connect Client Registration Endpoint and process the responses.

  • Make requests to an OpenID Connect End-Session (Logout) Endpoint.

  • Parse and process requests at a Back-Channel Logout Endpoint.

Additional features

  • Process plain, signed and encrypted JSON Web Tokens (JWTs) with help of the Nimbus JOSE + JWT library.

  • Full OpenID Connect UserInfo i10n and l10n support with help of the Nimbus Language Tags library.

Specifications

The following standards and drafts are implemented:

  • The OAuth 2.0 Authorization Framework (RFC 6749)

  • The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750)

  • OAuth 2.0 Token Introspection (RFC 7662)

  • OAuth 2.0 Token Revocation (RFC 7009)

  • OAuth 2.0 Authorization Server Metadata (draft-ietf-oauth-discovery-04)

  • OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591)

  • OAuth 2.0 Dynamic Client Registration Management Protocol (RFC 7592)

  • Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521)

  • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523)

  • SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7522)

  • Proof Key for Code Exchange by OAuth Public Clients (RFC 7636)

  • Authentication Method Reference Values (RFC 8176)

  • Mutual TLS Profile for OAuth 2.0 (draft-ietf-oauth-mtls-02)

  • OpenID Connect Core 1.0 (2014-02-25)

  • OpenID Connect Discovery 1.0 (2014-02-25)

  • OpenID Connect Dynamic Registration 1.0 (2014-02-25)

  • OpenID Connect Session Management 1.0 (2017-01-25)

  • OpenID Connect Front-Channel Logout 1.0 (2017-01-25)

  • OpenID Connect Back-Channel Logout 1.0 (2017-01-25)

  • OAuth 2.0 Multiple Response Type Encoding Practices 1.0 (2014-02-25)

  • Financial Services – Financial API - Part 1: Read Only API Security Profile (2017-02-02)

  • Financial Services – Financial API - Part 2: Read and Write API Security Profile (2017-07-17).

JavaDocs

The SDK code comes with excellent JavaDocs. These are available from Maven Central just as the code JARs are. You can also browse them online.

Licensing

This library is free and made available under the terms of the open source Apache 2.0 license.

Acknowledgements