Deprecated API

Contents

• For Removal
• Interfaces
• Classes
• Enums
• Exceptions
• Fields
• Methods
• Constructors
• Enum Constants
• Annotation Type Elements

For Removal

Element	Description
com.sun.identity.saml2.plugins.SAML2IdentityProviderAdapter.preSendFailureResponse(HttpServletRequest, HttpServletResponse, String, String)	since 7.2.0 use SAML2IdentityProviderAdapter.preSendFailureResponse(String, String, HttpServletRequest, HttpServletResponse, String, String).
org.forgerock.http.header.SetCookie2Header	This header is no longer supported by browsers. Use SetCookieHeader instead.
org.forgerock.http.oauth2.AccessTokenResolver.resolve(Context, String)	Use AccessTokenResolver.resolve(Context, Supplier, String) instead.
org.forgerock.http.oauth2.EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.buildSecretReferences()	for removal with EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose). Will be removed in winter 2021 season.
org.forgerock.http.oauth2.EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose<DataEncryptionKey>)	Please use EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionSecretReference(SecretReference) instead. Will be removed in winter 2021 season.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.buildSecretReferences()	for removal with PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose). Will be removed in winter 2021 season.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.withSecretsProvider(SecretsProvider)	Please use SecretReference API instead. Will be removed in winter 2021 season.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose<SigningKey>)	Please use PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningSecretReference(SecretReference) instead. Will be removed in winter 2021 season.
org.forgerock.oauth.clients.apple.AppleClient(Handler, OpenIDConnectClientConfiguration, Clock, SecureRandom, OpenIdResolverService, OpenIdResolverServiceConfigurator)	use AppleClient(Handler, AppleClientConfiguration, Clock, SecureRandom, OpenIdResolverService, OpenIdResolverServiceConfigurator) instead.

Interfaces

Interface	Description
com.sun.identity.federation.common.IFSConstants
com.sun.identity.log.spi.IAuthorizer
com.sun.identity.log.spi.IVerifierOutput
com.sun.identity.plugin.log.Logger
com.sun.identity.policy.interfaces.Condition
com.sun.identity.policy.interfaces.PolicyListener
com.sun.identity.policy.interfaces.Referral
com.sun.identity.policy.interfaces.ResourceName
com.sun.identity.policy.interfaces.ResponseProvider
com.sun.identity.policy.interfaces.Subject
org.forgerock.guava.common.collect.ListMultimap	Use ListMultimap instead.
org.forgerock.guava.common.collect.Multimap	Use Multimap instead.
org.forgerock.guava.common.collect.Multiset	Use Multiset instead.
org.forgerock.http.session.SessionManager
org.forgerock.oauth2.core.ScopeValidator	since 7.2.0

Classes

Class	Description
com.sun.identity.log.LogConstants
com.sun.identity.log.Logger
com.sun.identity.log.LogManager
com.sun.identity.log.LogQuery
com.sun.identity.log.LogReader
com.sun.identity.log.LogRecord
com.sun.identity.log.QueryElement
com.sun.identity.log.spi.Authorizer
com.sun.identity.policy.ActionDecision	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ConditionDecision	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ConditionTypeManager	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.Policy	As of OpenSSO Express 8.0, use Entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.PolicyDecision	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.PolicyEvaluator	As of OpenSSO Express 8.0, use Evaluator instead as Entitlement has replaced Policy.
com.sun.identity.policy.PolicyEvent	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.PolicyManager	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ProtectedResource	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ProxyPolicyEvaluator	As of OpenSSO Express 8.0, use Evaluator instead as Entitlement has replaced Policy.
com.sun.identity.policy.ProxyPolicyEvaluatorFactory	As of OpenSSO Express 8.0, use Evaluator instead as Entitlement has replaced Policy.
com.sun.identity.policy.ReferralTypeManager	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ResourceMatch	As of OpenSSO Express 8.0, use ResourceMatch instead as Entitlement has replaced Policy.
com.sun.identity.policy.ResourceResult	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ResponseProviderTypeManager	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.Rule	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.SubjectTypeManager	As of OpenSSO Express 8.0, use EntitlementSubject instead as Entitlement has replaced Policy.
com.sun.identity.policy.Syntax	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ValidValues	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.shared.debug.Debug	Use Logger instead.
org.forgerock.http.client.ChfHttpClient	Will be replaced in a later release by Client.
org.forgerock.http.header.SetCookie2Header	This header is no longer supported by browsers. Use SetCookieHeader instead.
org.forgerock.http.oauth2.ClientSecretBasicAuthenticationFilter	since 26.2. See Filters.newUrlEncodedHttpBasicAuthFilter(String, SecretReference) for a replacement.
org.forgerock.http.oauth2.resolver.OpenAmAccessTokenResolver	The “/oauth2/tokeninfo” endpoint was deprecated in AM 6.5. OpenAmAccessTokenResolver is deprecated and should not be used.
org.forgerock.jaspi.modules.session.jwt.KeyStoreJwtCryptographyHandler	The AuthenticatedEncryptionCryptographyHandler should be preferred.
org.forgerock.jaspi.modules.session.jwt.SecretsProviderJwtCryptographyHandler	The AuthenticatedEncryptionCryptographyHandler should be preferred.
org.forgerock.json.jose.builders.SignedEncryptedJwsHeaderBuilder	Use EncryptedThenSignedJwtHeaderBuilder instead.
org.forgerock.json.jose.builders.SignedEncryptedJwtBuilder	Use EncryptedThenSignedJwtBuilder instead.
org.forgerock.json.jose.jwe.handlers.encryption.AbstractEncryptionHandler	Use ContentEncryptionHandler instead.
org.forgerock.json.jose.jwe.handlers.encryption.RSA15AES128CBCHS256EncryptionHandler	Use RSAEncryptionHandler and AESCBCHMACSHA2ContentEncryptionHandler instead.
org.forgerock.json.jose.jwe.handlers.encryption.RSA15AES256CBCHS512EncryptionHandler	Use RSAEncryptionHandler and AESCBCHMACSHA2ContentEncryptionHandler instead.
org.forgerock.json.jose.jws.handlers.ECDSASigningHandler	Use SecretECDSASigningHandler instead
org.forgerock.json.jose.jws.handlers.EdDSASigningHandler	Use SecretEdDSASigningHandler instead.
org.forgerock.json.jose.jws.handlers.HmacSigningHandler	Use SecretHmacSigningHandler instead
org.forgerock.json.jose.jws.handlers.NOPSigningHandler	This algorithm is inherently insecure and shouldn't be used.
org.forgerock.json.jose.jws.handlers.RSASigningHandler	Use SecretRSASigningHandler instead
org.forgerock.json.jose.jws.SignedEncryptedJwt	Use EncryptedThenSignedJwt instead.
org.forgerock.json.jose.tokenhandler.JwtTokenHandler	Prefer SecretsJwtTokenHandler instead.
org.forgerock.json.resource.AbstractRequestHandler	RequestHandler now has default methods which implement the not-supported behavior. This class is here for transition from pre-JDK8 impelementations.
org.forgerock.openidconnect.Claim	use Claim
org.forgerock.util.Utils	Use Strings, Closeables, Objects or Threads instead.

Enums

Enum	Description
org.forgerock.security.keystore.KeyStoreType	Specify the keystore type string directly in preference to this enum, as it is extensible at runtime

Exceptions

Exceptions	Description
com.iplanet.log.ConnectionException
com.iplanet.log.DriverLoadException
com.iplanet.log.LogException
com.iplanet.log.NullLocationException
com.sun.identity.plugin.log.LogException

Fields

Field	Description
org.forgerock.openam.auth.node.api.Action.universalId	use Action.identifiedIdentity instead.
org.forgerock.openam.auth.node.api.TreeContext.sharedState	Use TreeContext.getStateFor(Node) instead as this method does not leak implementation detail of the specific type of state.
org.forgerock.openam.auth.node.api.TreeContext.transientState	Use TreeContext.getStateFor(Node) instead as this method does not leak implementation detail of the specific type of state.

Methods

Method	Description
com.iplanet.am.util.SystemProperties.getPlatform()	use getAll()
com.sun.identity.authentication.spi.AMLoginModule.validatePassword(String)
com.sun.identity.entitlement.ConditionDecision.addAdvices(ConditionDecision)
com.sun.identity.entitlement.ConditionDecision.clearAdvices()
com.sun.identity.entitlement.ResourceAttribute.getPResponseProviderName()
com.sun.identity.entitlement.ResourceAttribute.setPResponseProviderName(String)
com.sun.identity.idm.IdRepoException.getLDAPErrorCode()	Use #getLdapErrorIntCode() instead. The ldap error code is always an int
com.sun.identity.idm.IdRepoListener.objectChanged(String, int, Map)	As of Sun Java System Access Manager 7.1.
com.sun.identity.idm.IdSearchControl.isRecursive()	This method is deprecated. The setting for recursive search should be configured via the data store.
com.sun.identity.idm.IdSearchControl.setRecursive(boolean)	This method is deprecated. The setting for recursive search should be configured via the data store.
com.sun.identity.saml2.common.XmlSerializable.toXMLString(boolean, boolean)	Use XmlSerializable.toDocumentFragment(Document, boolean, boolean) instead.
com.sun.identity.saml2.plugins.IDPAuthnContextMapper.getIDPAuthnContextInfo(AuthnRequest, String, String)	use IDPAuthnContextMapper.getIDPAuthnContextInfo(AuthnRequest, String, String, String) instead
com.sun.identity.saml2.plugins.SAML2IdentityProviderAdapter.preSendFailureResponse(HttpServletRequest, HttpServletResponse, String, String)	since 7.2.0 use SAML2IdentityProviderAdapter.preSendFailureResponse(String, String, HttpServletRequest, HttpServletResponse, String, String).
com.sun.identity.sm.OrganizationConfigManager.addListener(ServiceListener)	Use ServiceConfigManager.addListener(ServiceListener) instead.
com.sun.identity.sm.OrganizationConfigManager.getConfiguredServices()	This method has been deprecated, use getAssignedServices() instead.
com.sun.identity.sm.OrganizationConfigManager.removeListener(String)	Use ServiceConfigManager.removeListener(String) instead.
com.sun.identity.sm.ServiceConfig.deleteLabeledUri(String)	The labeledURI setting shall not be used for storing configuration data.
com.sun.identity.sm.ServiceConfig.getLabeledUri()	The labeledURI setting shall not be used for storing configuration data.
com.sun.identity.sm.ServiceConfig.setLabeledUri(String)	The labeledURI setting shall not be used for storing configuration data.
com.sun.identity.sm.ServiceConfigManager.removeOrganizationConfiguration(String, String)
org.forgerock.config.resolvers.PropertyResolver.getProperty(String)	In favour of PropertyResolver.getProperty(String, boolean)
org.forgerock.http.filter.Filters.newSessionFilter(SessionManager)
org.forgerock.http.header.ContentTypeHeader.getAdditionalParameters()	Replaced by ContentTypeHeader.getDirectives()
org.forgerock.http.oauth2.AccessTokenResolver.resolve(Context, String)	Use AccessTokenResolver.resolve(Context, Supplier, String) instead.
org.forgerock.http.oauth2.EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.buildSecretReferences()	for removal with EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose). Will be removed in winter 2021 season.
org.forgerock.http.oauth2.EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose<DataEncryptionKey>)	Please use EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionSecretReference(SecretReference) instead. Will be removed in winter 2021 season.
org.forgerock.http.oauth2.OAuth2Error.toWWWAuthenticateHeader()	Use OAuth2Error.asWwwAuthenticateHeader() instead.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.buildSecretReferences()	for removal with PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose). Will be removed in winter 2021 season.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.withSecretsProvider(SecretsProvider)	Please use SecretReference API instead. Will be removed in winter 2021 season.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose<SigningKey>)	Please use PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningSecretReference(SecretReference) instead. Will be removed in winter 2021 season.
org.forgerock.http.protocol.Cookie.getComment()	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.getCommentURL()	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.getDiscard()	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.getPort()	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.getVersion()	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.setComment(String)	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.setCommentURL(String)	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.setDiscard(Boolean)	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.setPort(List<Integer>)	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.setVersion(Integer)	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Form.fromRequestEntity(Request)	Because Entity content should be read asynchronously. Instead retrieve the Form with Entity.getFormAsync().
org.forgerock.http.protocol.Form.fromString(String)	use Form.fromFormString(String) instead.
org.forgerock.http.protocol.Form.toString()	use Form.toFormString() instead.
org.forgerock.http.protocol.Request.getForm()	Use Request.getQueryParams() or Entity.getForm()
org.forgerock.jaspi.modules.session.jwt.FallbackJwtCryptographyHandler.decrypt(EncryptedThenSignedJwt)
org.forgerock.jaspi.modules.session.jwt.FallbackJwtCryptographyHandler.jwe(JwtBuilderFactory)
org.forgerock.jaspi.modules.session.jwt.FallbackJwtCryptographyHandler.sign(EncryptedJwtBuilder)
org.forgerock.jaspi.modules.session.jwt.FallbackJwtCryptographyHandler.verify(EncryptedThenSignedJwt)
org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler.decrypt(EncryptedThenSignedJwt)	Use JwtCryptographyHandler.decryptAndVerify(JwtBuilderFactory, String) instead.
org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler.jwe(JwtBuilderFactory)	Use JwtCryptographyHandler.buildJwt(JwtBuilderFactory, JwtClaimsSet) instead.
org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler.sign(EncryptedJwtBuilder)	Use JwtCryptographyHandler.buildJwt(JwtBuilderFactory, JwtClaimsSet) instead.
org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler.verify(EncryptedThenSignedJwt)	Use JwtCryptographyHandler.decryptAndVerify(JwtBuilderFactory, String) instead.
org.forgerock.json.jose.builders.EncryptedJwtBuilder.sign(SigningHandler, JwsAlgorithm)	Use EncryptedJwtBuilder.signedWith(SigningHandler, JwsAlgorithm) instead.
org.forgerock.json.jose.builders.JweHeaderBuilder.epk(String)	Use JweHeaderBuilder.epk(JWK) instead.
org.forgerock.json.jose.builders.JwtBuilderFactory.jwe(Key)	Prefer JwtBuilderFactory.jwe(EncryptionKey) instead.
org.forgerock.json.jose.builders.JwtBuilderFactory.jwt()	This method provides no security at all and shouldn't be used.
org.forgerock.json.jose.builders.SignedJwtBuilderImpl.encrypt(Key)	Prefer SignedJwtBuilderImpl.encrypt(EncryptionKey) instead.
org.forgerock.json.jose.jwe.EncryptedJwt.decrypt(Key)	Prefer EncryptedJwt.decrypt(SecretsProvider, Purpose) instead.
org.forgerock.json.jose.jwe.EncryptedJwt.decryptRawPayload(Key)	Prefer EncryptedJwt.decryptRawPayload(SecretsProvider, Purpose) instead.
org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler.decryptContentEncryptionKey(Key, byte[])	Use EncryptionHandler.decryptContentEncryptionKey(Key, byte[], JweHeader) instead.
org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler.generateJWEEncryptedKey(Key, Key)	Use EncryptionHandler.generateJWEEncryptedKey(Key, Key, JweHeader) instead.
org.forgerock.json.jose.jwe.SignedThenEncryptedJwt.decryptAndVerify(Key, SigningHandler)	Prefer SignedThenEncryptedJwt.decryptAndVerify(SecretsProvider, Purpose, Purpose) instead.
org.forgerock.json.jose.jwk.EcJWK.getCurve()	replaced by EcJWK.getEllipticCurve().
org.forgerock.json.jose.jwk.JWK.Builder.x509Thumbnail(String)	Use JWK.Builder.x509Thumbprint(String) or JWK.Builder.x509ThumbprintS256(String) instead.
org.forgerock.json.jose.jwk.JWK.getAlgorithm()	replaced by JWK.getJwaAlgorithm()
org.forgerock.json.jose.jwk.JWK.getX509Thumbnail()	Use JWK.getX509Thumbprint() instead.
org.forgerock.json.jose.jwk.JWKSetParser.jwkSet(URL)	Use JWKSetParser.jwkSetAsync(URL) instead.
org.forgerock.json.jose.jwk.store.JwksStore.findJwk(Algorithm, String)	Use JwksStore.findJwkAsync(String) instead.
org.forgerock.json.jose.jwk.store.JwksStore.reloadJwks()	Use JwksStore.reloadJwksAsync() instead.
org.forgerock.json.jose.jwk.store.JwksStore.setJwkUrl(URL)	Use JwksStore.setJwkUrlAsync(URL) instead.
org.forgerock.json.jose.jwk.store.JwksStoreService.configureJwksStore(String, Duration, Duration, URL)	Use JwksStoreService.configureJwksStore(String, Duration, Duration, URL, Clock) with an explicit clock.
org.forgerock.json.jose.jws.EncryptedThenSignedJwt.decrypt(Key)	Prefer EncryptedThenSignedJwt.decrypt(SecretsProvider, Purpose) instead.
org.forgerock.json.jose.jws.JwsAlgorithm.getJwsAlgorithm(String)	Replaced by JwsAlgorithm.parseCryptographicAlgorithm(String)
org.forgerock.json.jose.jws.SigningManager.newEcdsaSigningHandler(PrivateKey)	use SigningManager.newEcdsaSigningHandler(SigningKey)} instead
org.forgerock.json.jose.jws.SigningManager.newEcdsaVerificationHandler(ECPublicKey)	use SigningManager.newEcdsaVerificationHandler(VerificationKey) instead
org.forgerock.json.jose.jws.SigningManager.newEdDsaSigningHandler(byte[])	Use SigningManager.newEdDsaSigningHandler(SigningKey) instead
org.forgerock.json.jose.jws.SigningManager.newEdDsaVerificationHandler(byte[])	Use SigningManager.newEdDsaVerificationHandler(VerificationKey) instead.
org.forgerock.json.jose.jws.SigningManager.newHmacSigningHandler(byte[])	use SigningManager.newHmacSigningHandler(SigningKey) instead
org.forgerock.json.jose.jws.SigningManager.newNopSigningHandler()	This method is inherently insecure and shouldn't be used.
org.forgerock.json.jose.jws.SigningManager.newRsaSigningHandler(Key)	use SigningManager.newRsaVerificationHandler(VerificationKey) instead
org.forgerock.json.jose.jws.SigningManager.newSigningHandler(Key)	Use SigningManager.newSigningHandler(SigningKey) instead
org.forgerock.json.jose.jws.SigningManager.newVerificationHandler(Key)	Use SigningManager.newVerificationHandler(VerificationKey) instead
org.forgerock.json.jose.utils.Utils.base64urlDecode(String)	Use Utils.decodeJwtComponent(String).
org.forgerock.json.jose.utils.Utils.base64urlEncode(String)	Use Utils.encodeJwtComponent(String).
org.forgerock.json.resource.ResourceException.getException(int)	in favor of ResourceException.newResourceException(int)
org.forgerock.json.resource.Resources.newAnnotatedRequestHandler(Object)	Use Resources.newHandler(Object) instead.
org.forgerock.json.resource.Resources.newCollection(Object)	Use Resources.newHandler(Object) instead.
org.forgerock.json.resource.Resources.newSingleton(Object)	Use Resources.newHandler(Object) instead.
org.forgerock.json.resource.Responses.newRemainingResultsResponse(String, int)	Use Responses.newQueryResponse(String, CountPolicy, int) instead.
org.forgerock.oauth.clients.oauth2.OAuth2Client.createAuthRedirectUri(String)	Use OAuth2Client.createAuthRedirectUri(String, String) and specify a PKCE challenge.
org.forgerock.oauth.clients.oauth2.OAuth2Client.createRequestForTokenEndpoint(String)	Use OAuth2Client.createAuthRedirectUri(String, String) and specify a PKCE verifier.
org.forgerock.oauth.clients.oauth2.OAuth2ClientConfiguration.Builder.withClientSecret(String)	Use OAuth2ClientConfiguration.Builder.withClientSecret(SecretReference) instead.
org.forgerock.oauth.clients.oauth2.OAuth2ClientConfiguration.getClientSecret()	Use OAuth2ClientConfiguration.getClientSecretReference() instead.
org.forgerock.oauth.clients.oidc.OpenIDConnectClient.createAuthRedirectUri(String, String)	Use OpenIDConnectClient.createAuthRedirectUri(String, String, String) and specify a PKCE challenge.
org.forgerock.oauth.resolvers.OpenIdResolverFactory.createJWKResolver(String, URL, int, int)	Replaced by OpenIdResolverFactory.createJWKResolver(String, URL) ()}
org.forgerock.oauth2.core.AccessToken.addExtraData(String, String)	Use AccessToken.addExtraData(String, Supplier) instead.
org.forgerock.oauth2.core.ScopeValidator.additionalDataToReturnFromAuthorizeEndpoint(Map<String, Token>, OAuth2Request)	since 7.2.0 Use AuthorizeEndpointDataProvider.provide(Map, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.additionalDataToReturnFromTokenEndpoint(AccessToken, OAuth2Request)	since 7.2.0 Use AccessTokenModifier.modifyAccessToken(AccessToken, OAuth2Request) instead. Functionality provided by Access Token Modification plugin supersedes the functionality this extension point was originally intended to provide.
org.forgerock.oauth2.core.ScopeValidator.evaluateScope(AccessToken)	since 7.2.0 Use ScopeEvaluator.evaluateScope(AccessToken) instead.
org.forgerock.oauth2.core.ScopeValidator.getUserInfo(ClientRegistration, AccessToken, OAuth2Request)	since 7.2.0 Use UserInfoClaimsPlugin.getUserInfo(ClientRegistration, AccessToken, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.modifyAccessToken(AccessToken, OAuth2Request)	since 7.2.0 Use AccessTokenModifier.modifyAccessToken(AccessToken, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.validateAccessTokenScope(ClientRegistration, Set<String>, OAuth2Request)	since 7.2.0 Use #validateAccessTokenScope(ClientRegistration, Set, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.validateAuthorizationScope(ClientRegistration, Set<String>, OAuth2Request)	since 7.2.0 Use #validateAuthorizationScope(ClientRegistration, Set, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.validateBackChannelAuthorizationScope(ClientRegistration, Set<String>, OAuth2Request)	since 7.2.0 Use #validateBackChannelAuthorizationScope(ClientRegistration, Set, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.validateRefreshTokenScope(ClientRegistration, Set<String>, Set<String>, OAuth2Request)	since 7.2.0 Use #validateRefreshTokenScope(ClientRegistration, Set, Set, OAuth2Request) instead.
org.forgerock.openam.annotations.sm.SubConfig.treatAsService()	Create a new service instead.
org.forgerock.openam.auth.node.api.AbstractNodeAmPlugin.getNodes()	in favour of AbstractNodeAmPlugin.getNodesByVersion()
org.forgerock.openam.auth.node.api.Action.ActionBuilder.withUniversalId(String)	use Action.ActionBuilder.withIdentifiedIdentity(java.lang.String, java.lang.String) instead.
org.forgerock.openam.auth.node.api.TreeContext.getSecureState(String)	Use TreeContext.getStateFor(Node) instead as this method does not leak implementation detail of the specific type of state.
org.forgerock.openam.auth.node.api.TreeContext.getState(String)	Use TreeContext.getStateFor(Node) instead as this method performs the same function but supports filtering of the available state based on the nodes declared inputs.
org.forgerock.openam.auth.node.api.TreeContext.getTransientState(String)	Use TreeContext.getStateFor(Node) instead as this method does not leak implementation detail of the specific type of state.
org.forgerock.openam.plugins.AmPlugin.onStartup()	Use AmPlugin.onStartup(StartupType) instead.
org.forgerock.openam.plugins.PluginTools.registerAuthNode(Class<?>)	Use PluginTools.installAuthNode(Class) and PluginTools.startAuthNode(Class) as appropriate.
org.forgerock.openam.plugins.PluginTools.registerService(Class<?>)	Use PluginTools.installService(Class) and PluginTools.startService(Class) as appropriate.
org.forgerock.opendj.ldap.Dn.isRootDn()	use Dn.isEmpty() instead
org.forgerock.opendj.ldap.Dn.rootDn()	use Dn.emptyDn() instead
org.forgerock.secrets.gcpkms.GoogleKmsSignature.engineGetParameter(String)
org.forgerock.secrets.gcpkms.GoogleKmsSignature.engineSetParameter(String, Object)
org.forgerock.secrets.SecretBuilder.build(Class<T>)	Use SecretBuilder.build(Purpose) instead.
org.forgerock.secrets.vault.VaultSignature.engineGetParameter(String)
org.forgerock.secrets.vault.VaultSignature.engineSetParameter(String, Object)
org.forgerock.secrets.vault.VaultSignature.GenericRsaPssSignature.engineGetParameter(String)
org.forgerock.secrets.vault.VaultSignature.GenericRsaPssSignature.engineSetParameter(String, Object)
org.forgerock.security.keystore.KeyStoreBuilder.withKeyStoreType(KeyStoreType)	Use withKeyStoreType(String) instead. Use of the KeyStoreType enum is deprecated as it restricts the keystore type to those specified in the enum. Library consumers may want to specify the keystore type at runtime.
org.forgerock.util.encode.Base64.decodeFast(byte[])	Use Base64.decode(byte[]) instead.
org.forgerock.util.promise.Promise.getOrThrowUninterruptibly()	Since 25.0.0. Prefer using Promise.getOrThrow() and handle properly the InterruptedException in the calling code, or use Promise.getOrThrowIfInterrupted().
org.forgerock.util.promise.PromiseImpl.getOrThrowUninterruptibly()
org.forgerock.util.Reject.ifFalse(boolean)	Experience has shown that Reject.ifFalse can be hard to read. Prefer to use Reject.unless(boolean) (which works identically) or rewrite to use Reject.ifTrue(boolean) instead.
org.forgerock.util.thread.ExecutorServiceFactory.createCachedThreadPool()	ExecutorServiceFactory.createCachedThreadPool(String) or ExecutorServiceFactory.createCachedThreadPool(ThreadFactory) should be used so that threads have meaningful names.
org.forgerock.util.thread.ExecutorServiceFactory.createFixedThreadPool(int)	ExecutorServiceFactory.createFixedThreadPool(int, String) should be used so that threads have meaningful names.
org.forgerock.util.thread.ExecutorServiceFactory.createScheduledService(int)	ExecutorServiceFactory.createScheduledService(int, String) should be used so that threads have meaningful names.
org.forgerock.util.thread.ExecutorServiceFactory.createThreadPool(int, int, long, TimeUnit, BlockingQueue<Runnable>)	ExecutorServiceFactory.createThreadPool(int, int, long, TimeUnit, BlockingQueue, String) should be used so that threads have meaningful names.
org.forgerock.util.Utils.asEnum(String, Class<T>)	Use Strings.asEnum(String, Class)
org.forgerock.util.Utils.closeSilently(Closeable...)	Use Closeables.closeSilently(Closeable...)
org.forgerock.util.Utils.compareValues(Object, Object)	Use Objects.compareValues(Object, Object)
org.forgerock.util.Utils.isBlank(CharSequence)	Use Strings.isBlank(CharSequence)
org.forgerock.util.Utils.isCompatible(Object, Object)	Use Objects.isCompatible(Object, Object)
org.forgerock.util.Utils.isNullOrEmpty(String)	Use Strings.isNullOrEmpty(String)
org.forgerock.util.Utils.joinAsString(String, Object...)	Use Strings.joinAsString(String, Object...)
org.forgerock.util.Utils.newThreadFactory(ThreadGroup, String, boolean)	Use Threads.newThreadFactory(ThreadGroup, String, boolean)

Constructors

Constructor	Description
com.sun.identity.entitlement.ConditionDecision(boolean, Map<String, Set<String>>)
com.sun.identity.idm.AMIdentityRepository(SSOToken, String)
com.sun.identity.idm.IdRepoException(String, String, String, Object[])	Passing in an ldapErrorCode as a String is not recommended, use the OO ctor instead.
org.forgerock.http.filter.TransactionIdInboundFilter()	Replaced by TransactionIdInboundFilter(boolean)
org.forgerock.http.header.ContentTypeHeader(String, String, String)	Replaced by ContentTypeHeader(String, Map)
org.forgerock.http.io.PipeBufferedStream()	Since 25.0.0. Prefer using PipeBufferedStream(Factory) to provide your own Buffer Factory
org.forgerock.http.oauth2.ResourceServerFilter(AccessTokenResolver, Clock, ResourceAccess, String)	The clock attribute is not used anymore. Use ResourceServerFilter(AccessTokenResolver, ResourceAccess, String) instead. Deprecated in 25.0.0.
org.forgerock.json.jose.builders.EncryptedJwtBuilder(Key)	Use JwtBuilderFactory.jwe(org.forgerock.secrets.keys.EncryptionKey) instead.
org.forgerock.json.jose.jwk.EcJWK(ECPublicKey, String, String)	Use the builder instead.
org.forgerock.json.jose.jwk.JWK(KeyType, String, String, String)	Use the builder instead.
org.forgerock.json.jose.jwk.OctJWK(String, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.RsaJWK(String, String, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.store.JwksStore(Duration, Duration, URL, JWKSetParser, Clock)	It is recommended to use JwksStore.newJwksStore(Duration, Duration, URL, JWKSetParser, Clock).
org.forgerock.json.jose.jwk.store.JwksStoreService()	Prefer using the constructor JwksStoreService(Client client) in which you provide your own instance of Client. This one does instantiate a specific instance of AsyncHttpClient but does not allow any custom filter processing, nor does it close it properly.
org.forgerock.json.jose.jws.handlers.RSASigningHandler(Key, SignatureUtil)	Please use RSASigningHandler(Key).
org.forgerock.json.jose.jws.SigningManager()	use SigningManager(SecretsProvider) instead
org.forgerock.json.jose.tokenhandler.SecretsJwtTokenHandler(JweAlgorithm, EncryptionMethod, JwsAlgorithm, Optional<Long>, KeyPair, SigningManager, Purpose<SigningKey>, Purpose<VerificationKey>, Clock)	Use SecretsJwtTokenHandler.builder() instead.
org.forgerock.json.JsonPointer()	Use JsonPointer.rootPtr() instead.
org.forgerock.oauth.clients.apple.AppleClient(Handler, OpenIDConnectClientConfiguration, Clock, SecureRandom, OpenIdResolverService, OpenIdResolverServiceConfigurator)	use AppleClient(Handler, AppleClientConfiguration, Clock, SecureRandom, OpenIdResolverService, OpenIdResolverServiceConfigurator) instead.
org.forgerock.oauth.resolvers.OpenIdResolverFactory(int, int)	Use org.forgerock.oauth.resolvers.OpenIdResolverFactory#OpenIdResolverFactory (org.forgerock.http.Client) instead
org.forgerock.oauth.resolvers.service.OpenIdResolverServiceImpl(int, int)	Use org.forgerock.oauth.resolvers.service.OpenIdResolverServiceImpl#OpenIdResolverServiceImpl (org.forgerock.http.Client) instead.
org.forgerock.oauth.resolvers.WellKnownOpenIdConfigurationFactory(int, int)	Use org.forgerock.oauth.resolvers.WellKnownOpenIdConfigurationFactory# WellKnownOpenIdConfigurationFactory(org.forgerock.http.Client) instead
org.forgerock.openidconnect.Claim(String)	use Claim.ClaimBuilder
org.forgerock.secrets.SecretReference(SecretsProvider, Purpose<T>, Clock)	Use SecretsProvider.createActiveReference(Purpose) or SecretReference.active(SecretsProvider, Purpose, Clock) instead.
org.forgerock.secrets.SecretsProvider()	Prefer using SecretsProvider(Clock) and provide your own clock instance.
org.forgerock.services.context.RequestAuditContext(Context)	Prefer using RequestAuditContext(Context, Instant) not to rely on the system clock.
org.forgerock.util.time.Duration(Long, TimeUnit)	Prefer the use of Duration.duration(long, TimeUnit).

Enum Constants

Enum Constant	Description
org.forgerock.http.handler.HttpClientHandler.HostnameVerifier.ALLOW_ALL	this should never be used as it is a security risk.
org.forgerock.json.jose.jwe.JweAlgorithm.RSAES_PKCS1_V1_5	RSA1_5 is an insecure encryption mode. Use JweAlgorithm.RSA_OAEP_256 instead.
org.forgerock.json.jose.jws.JwsAlgorithm.NONE	This algorithm is inherently insecure and should not be used.
org.forgerock.json.jose.jws.JwsAlgorithmType.NONE	This algorithm is inherently insecure and shouldn't be used.
org.forgerock.openam.secrets.config.PropertyFormat.BASE64_HMAC_KEY	Prefer PropertyFormat.PEM for keys.
org.forgerock.openam.secrets.config.PropertyFormat.ENCRYPTED_HMAC_KEY	Prefer PropertyFormat.ENCRYPTED_PEM for keys.
org.forgerock.openam.secrets.config.PropertyFormat.GOOGLE_KMS_ENCRYPTED_HMAC_KEY	Prefer PropertyFormat.GOOGLE_KMS_ENCRYPTED_PEM for keys.

Annotation Type Elements

Annotation Type Element	Description
org.forgerock.openam.annotations.sm.SubConfig.treatAsService()	Create a new service instead.