feat: CIMD Metadata Policy (#153)

TakahikoKawasaki · web-flow · commit 9ee8b1770b8d · 2025-12-13T18:05:39.000+09:00
diff --git a/CHANGES.ja.md b/CHANGES.ja.md
@@ -1,6 +1,13 @@
 変更点
 ======
 
+- `Service` クラス
+    * `isCimdMetadataPolicyEnabled()` メソッドを追加。
+    * `setCimdMetadataPolicyEnabled(boolean)` メソッドを追加。
+    * `getCimdMetadataPolicy()` メソッドを追加。
+    * `setCimdMetadataPolicy(String)` メソッドを追加。
+
+
 4.32 (2025 年 12 月 01 日)
 --------------------------
 
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,6 +1,13 @@
 CHANGES
 =======
 
+- `Service` class
+    * Added the `isCimdMetadataPolicyEnabled()` method.
+    * Added the `setCimdMetadataPolicyEnabled(boolean)` method.
+    * Added the `getCimdMetadataPolicy()` method.
+    * Added the `setCimdMetadataPolicy(String)` method.
+
+
 4.32 (2025-12-01)
 -----------------
 
diff --git a/src/main/java/com/authlete/common/dto/Service.java b/src/main/java/com/authlete/common/dto/Service.java
@@ -330,7 +330,7 @@
  */
 public class Service implements Serializable
 {
-    private static final long serialVersionUID = 88L;
+    private static final long serialVersionUID = 89L;
 
 
     /*
@@ -1951,6 +1951,26 @@ public class Service implements Serializable
     private boolean cimdQueryPermitted;
 
 
+    /**
+     * Whether to apply the metadata policy to client metadata that is obtained
+     * through the CIMD mechanism.
+     *
+     * @since 4.33
+     * @since Authlete 3.0.23
+     */
+    private boolean cimdMetadataPolicyEnabled;
+
+
+    /**
+     * The metadata policy applied to client metadata that is obtained through
+     * the CIMD mechanism.
+     *
+     * @since 4.33
+     * @since Authlete 3.0.23
+     */
+    private String cimdMetadataPolicy;
+
+
     /**
      * Whether to prohibit client ID aliases that start with {@code https://}
      * or {@code http://}.
@@ -12724,6 +12744,206 @@ public Service setCimdQueryPermitted(boolean permitted)
     }
 
 
+    /**
+     * Get the flag that indicates whether to apply the metadata policy to
+     * client metadata that is obtained through the <a href=
+     * "https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/"
+     * >CIMD</a> mechanism.
+     *
+     * <p>
+     * If this flag is set to {@code true}, the metadata policy specified by
+     * the {@code cimdMetadataPolicy} property, if available, is applied to
+     * the client metadata that is obtained through the CIMD mechanism.
+     * </p>
+     *
+     * @return
+     *         {@code true} if the metadata policy is applied to client
+     *         metadata that is obtained through the CIMD mechanism.
+     *
+     * @since 4.33
+     * @since Authlete 3.0.23
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/">
+     *      OAuth Client ID Metadata Document</a>
+     */
+    public boolean isCimdMetadataPolicyEnabled()
+    {
+        return cimdMetadataPolicyEnabled;
+    }
+
+
+    /**
+     * Set the flag that indicates whether to apply the metadata policy to
+     * client metadata that is obtained through the <a href=
+     * "https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/"
+     * >CIMD</a> mechanism.
+     *
+     * <p>
+     * If this flag is set to {@code true}, the metadata policy specified by
+     * the {@code cimdMetadataPolicy} property, if available, is applied to
+     * the client metadata that is obtained through the CIMD mechanism.
+     * </p>
+     *
+     * @param enabled
+     *         {@code true} to apply the metadata policy to client metadata
+     *         that is obtained through the CIMD mechanism.
+     *
+     * @return
+     *         {@code this} object.
+     *
+     * @since 4.33
+     * @since Authlete 3.0.23
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/">
+     *      OAuth Client ID Metadata Document</a>
+     */
+    public Service setCimdMetadataPolicyEnabled(boolean enabled)
+    {
+        this.cimdMetadataPolicyEnabled = enabled;
+
+        return this;
+    }
+
+
+    /**
+     * Get the metadata policy applied to client metadata that is obtained
+     * through the <a href=
+     * "https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/"
+     * >CIMD</a> mechanism.
+     *
+     * <p>
+     * If the {@code cimdMetadataPolicyEnabled} property is set to {@code true},
+     * the metadata policy specified by this {@code cimdMetadataPolicy} property
+     * is applied to client metadata that is obtained through the CIMD mechanism.
+     * </p>
+     *
+     * <p>
+     * The metadata policy must comply with the grammar defined in <a href=
+     * "https://openid.net/specs/openid-federation-1_0.html#name-metadata-policy"
+     * >6.1. Metadata Policy</a> of the <a href=
+     * "https://openid.net/specs/openid-federation-1_0.html">OpenID Federation
+     * 1.0</a> specification. Below is an example of metadata policy:
+     * </p>
+     *
+     * <pre style="border: 1px solid black; margin: 1em; padding-top: 0.5em; padding-bottom: 0.5em;">
+     * {
+     *   <font color="navy">"grant_types"</font>: {
+     *     <font color="darkgreen">"default"</font>: [
+     *       <font color="brown">"authorization_code"</font>
+     *     ],
+     *     <font color="darkgreen">"subset_of"</font>: [
+     *       <font color="brown">"authorization_code"</font>,
+     *       <font color="brown">"refresh_token"</font>
+     *     ],
+     *     <font color="darkgreen">"superset_of"</font>: [
+     *       <font color="brown">"authorization_code"</font>
+     *     ]
+     *   },
+     *   <font color="navy">"token_endpoint_auth_method"</font>: {
+     *     <font color="darkgreen">"one_of"</font>: [
+     *       <font color="brown">"private_key_jwt"</font>,
+     *       <font color="brown">"self_signed_tls_client_auth"</font>
+     *     ],
+     *     <font color="darkgreen">"essential"</font>: <font color="chocolate">true</font>
+     *   },
+     *   <font color="navy">"token_endpoint_auth_signing_alg"</font> : {
+     *     <font color="darkgreen">"one_of"</font>: [
+     *       <font color="brown">"PS256"</font>,
+     *       <font color="brown">"ES256</font>"
+     *     ]
+     *   }
+     * }</pre>
+     *
+     * @return
+     *         The metadata policy applied to client metadata that is obtained
+     *         through the CIMD mechanism.
+     *
+     * @since 4.33
+     * @since Authlete 3.0.23
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/">
+     *      OAuth Client ID Metadata Document</a>
+     * @see <a href="https://openid.net/specs/openid-federation-1_0.html#name-metadata-policy">
+     *      OpenID Federation 1.0, Section 6.1. Metadata Policy</a>
+     */
+    public String getCimdMetadataPolicy()
+    {
+        return cimdMetadataPolicy;
+    }
+
+
+    /**
+     * Set the metadata policy applied to client metadata that is obtained
+     * through the <a href=
+     * "https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/"
+     * >CIMD</a> mechanism.
+     *
+     * <p>
+     * If the {@code cimdMetadataPolicyEnabled} property is set to {@code true},
+     * the metadata policy specified by this {@code cimdMetadataPolicy} property
+     * is applied to client metadata that is obtained through the CIMD mechanism.
+     * </p>
+     *
+     * <p>
+     * The metadata policy must comply with the grammar defined in <a href=
+     * "https://openid.net/specs/openid-federation-1_0.html#name-metadata-policy"
+     * >6.1. Metadata Policy</a> of the <a href=
+     * "https://openid.net/specs/openid-federation-1_0.html">OpenID Federation
+     * 1.0</a> specification. Below is an example of metadata policy:
+     * </p>
+     *
+     * <pre style="border: 1px solid black; margin: 1em; padding-top: 0.5em; padding-bottom: 0.5em;">
+     * {
+     *   <font color="navy">"grant_types"</font>: {
+     *     <font color="darkgreen">"default"</font>: [
+     *       <font color="brown">"authorization_code"</font>
+     *     ],
+     *     <font color="darkgreen">"subset_of"</font>: [
+     *       <font color="brown">"authorization_code"</font>,
+     *       <font color="brown">"refresh_token"</font>
+     *     ],
+     *     <font color="darkgreen">"superset_of"</font>: [
+     *       <font color="brown">"authorization_code"</font>
+     *     ]
+     *   },
+     *   <font color="navy">"token_endpoint_auth_method"</font>: {
+     *     <font color="darkgreen">"one_of"</font>: [
+     *       <font color="brown">"private_key_jwt"</font>,
+     *       <font color="brown">"self_signed_tls_client_auth"</font>
+     *     ],
+     *     <font color="darkgreen">"essential"</font>: <font color="chocolate">true</font>
+     *   },
+     *   <font color="navy">"token_endpoint_auth_signing_alg"</font> : {
+     *     <font color="darkgreen">"one_of"</font>: [
+     *       <font color="brown">"PS256"</font>,
+     *       <font color="brown">"ES256</font>"
+     *     ]
+     *   }
+     * }</pre>
+     *
+     * @param policy
+     *         The metadata policy applied to client metadata that is obtained
+     *         through the CIMD mechanism.
+     *
+     * @return
+     *         {@code this} object.
+     *
+     * @since 4.33
+     * @since Authlete 3.0.23
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/">
+     *      OAuth Client ID Metadata Document</a>
+     * @see <a href="https://openid.net/specs/openid-federation-1_0.html#name-metadata-policy">
+     *      OpenID Federation 1.0, Section 6.1. Metadata Policy</a>
+     */
+    public Service setCimdMetadataPolicy(String policy)
+    {
+        this.cimdMetadataPolicy = policy;
+
+        return this;
+    }
+
+
     /**
      * Get the flag that indicates whether to prohibit client ID aliases that
      * start with {@code https://} or {@code http://}.
