removed embedded JOSE classes in favor of converters

2015-05-20 18:09:41 -04:00 · 2015-05-20 18:09:41 -04:00 · cb8abca0f6
parent cf1cb34a5f
commit cb8abca0f6
15 changed files with 304 additions and 823 deletions
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java
+++ b/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java
@ -1,110 +0,0 @@
 /*******************************************************************************
 * Copyright 2015 The MITRE Corporation
 *   and the MIT Kerberos and Internet Trust Consortium
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
 /**
 * 
 */
 package org.mitre.jose;
 import javax.persistence.Basic;
 import javax.persistence.Embeddable;
 import javax.persistence.Transient;
 import com.google.common.base.Strings;
 import com.nimbusds.jose.JWEAlgorithm;
 /**
 * 
 * Wrapper class for Nimbus JOSE objects to fit into JPA
 * 
 * @author jricher
 *
 */
@Embeddable
 public class JWEAlgorithmEmbed {
 	public static final JWEAlgorithmEmbed NONE = getForAlgorithmName("none");
 	private JWEAlgorithm algorithm;
 	public JWEAlgorithmEmbed() {
 	}
 	public JWEAlgorithmEmbed(JWEAlgorithm algorithm) {
 		this.algorithm = algorithm;
 	}
 	public static JWEAlgorithmEmbed getForAlgorithmName (String algorithmName) {
 		JWEAlgorithmEmbed ent = new JWEAlgorithmEmbed();
 		ent.setAlgorithmName(algorithmName);
 		if (ent.getAlgorithm() == null) {
 			return null;
 		} else {
 			return ent;
 		}
 	}
 	/**
 	 * Get the name of this algorithm, return null if no algorithm set.
 	 * @return
 	 */
 	@Basic
 	public String getAlgorithmName() {
 		if (algorithm != null) {
 			return algorithm.getName();
 		} else {
 			return null;
 		}
 	}
 	/**
 	 * Set the name of this algorithm.
 	 * Calls JWEAlgorithm.parse()
 	 * @param algorithmName
 	 */
 	public void setAlgorithmName(String algorithmName) {
 		if (!Strings.isNullOrEmpty(algorithmName)) {
 			algorithm = JWEAlgorithm.parse(algorithmName);
 		} else {
 			algorithm = null;
 		}
 	}
 	/* (non-Javadoc)
 	 * @see java.lang.Object#toString()
 	 */
 	@Override
 	public String toString() {
 		return "JWEAlgorithmEmbed [algorithm=" + algorithm + "]";
 	}
 	/**
 	 * @return the algorithm
 	 */
 	@Transient
 	public JWEAlgorithm getAlgorithm() {
 		return algorithm;
 	}
 	/**
 	 * @param algorithm the algorithm to set
 	 */
 	public void setAlgorithm(JWEAlgorithm algorithm) {
 		this.algorithm = algorithm;
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java
+++ b/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java
@ -1,108 +0,0 @@
 /*******************************************************************************
 * Copyright 2015 The MITRE Corporation
 *   and the MIT Kerberos and Internet Trust Consortium
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
 /**
 * 
 */
 package org.mitre.jose;
 import javax.persistence.Basic;
 import javax.persistence.Embeddable;
 import javax.persistence.Transient;
 import com.google.common.base.Strings;
 import com.nimbusds.jose.EncryptionMethod;
 /**
 * @author jricher
 *
 */
@Embeddable
 public class JWEEncryptionMethodEmbed {
 	public static final JWEEncryptionMethodEmbed NONE  = getForAlgorithmName("none");
 	private EncryptionMethod algorithm;
 	public JWEEncryptionMethodEmbed() {
 	}
 	public JWEEncryptionMethodEmbed(EncryptionMethod algorithm) {
 		this.algorithm = algorithm;
 	}
 	public static JWEEncryptionMethodEmbed getForAlgorithmName (String algorithmName) {
 		JWEEncryptionMethodEmbed ent = new JWEEncryptionMethodEmbed();
 		ent.setAlgorithmName(algorithmName);
 		if (ent.getAlgorithm() == null) {
 			return null;
 		} else {
 			return ent;
 		}
 	}
 	/**
 	 * Get the name of this algorithm, return null if no algorithm set.
 	 * @return
 	 */
 	@Basic
 	public String getAlgorithmName() {
 		if (algorithm != null) {
 			return algorithm.getName();
 		} else {
 			return null;
 		}
 	}
 	/**
 	 * Set the name of this algorithm.
 	 * Calls EncryptionMethod.parse()
 	 * @param algorithmName
 	 */
 	public void setAlgorithmName(String algorithmName) {
 		if (!Strings.isNullOrEmpty(algorithmName)) {
 			algorithm = EncryptionMethod.parse(algorithmName);
 		} else {
 			algorithm = null;
 		}
 	}
 	/* (non-Javadoc)
 	 * @see java.lang.Object#toString()
 	 */
 	@Override
 	public String toString() {
 		return "JWEEncryptionMethodEmbed [algorithm=" + algorithm + "]";
 	}
 	/**
 	 * @return the algorithm
 	 */
 	@Transient
 	public EncryptionMethod getAlgorithm() {
 		return algorithm;
 	}
 	/**
 	 * @param algorithm the algorithm to set
 	 */
 	public void setAlgorithm(EncryptionMethod algorithm) {
 		this.algorithm = algorithm;
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java
+++ b/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java
@ -1,117 +0,0 @@
 /*******************************************************************************
 * Copyright 2015 The MITRE Corporation
 *   and the MIT Kerberos and Internet Trust Consortium
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
 /**
 * 
 */
 package org.mitre.jose;
 import javax.persistence.Basic;
 import javax.persistence.Embeddable;
 import javax.persistence.Transient;
 import com.google.common.base.Strings;
 import com.nimbusds.jose.JWSAlgorithm;
 /**
 * 
 * Wrapper class for Nimbus JOSE objects to fit into JPA
 * 
 * @author jricher
 *
 */
@Embeddable
 public class JWSAlgorithmEmbed {
 	public static final JWSAlgorithmEmbed NONE = getForAlgorithmName("none");
 	private JWSAlgorithm algorithm;
 	public JWSAlgorithmEmbed() {
 	}
 	public JWSAlgorithmEmbed(JWSAlgorithm algorithm) {
 		this.algorithm = algorithm;
 	}
 	/**
 	 * 
 	 * @param algorithmName
 	 * @return null if algorithmName is empty or null
 	 */
 	public static JWSAlgorithmEmbed getForAlgorithmName (String algorithmName) {
 		JWSAlgorithmEmbed ent = new JWSAlgorithmEmbed();
 		ent.setAlgorithmName(algorithmName);
 		if (ent.getAlgorithm() == null) {
 			return null;
 		} else {
 			return ent;
 		}
 	}
 	/**
 	 * Get the name of this algorithm, return null if no algorithm set.
 	 * @return
 	 */
 	@Basic
 	public String getAlgorithmName() {
 		if (algorithm != null) {
 			return algorithm.getName();
 		} else {
 			return null;
 		}
 	}
 	/**
 	 * Set the name of this algorithm.
 	 * Calls JWSAlgorithm.parse()
 	 * @param algorithmName
 	 */
 	public void setAlgorithmName(String algorithmName) {
 		if (!Strings.isNullOrEmpty(algorithmName)) {
 			algorithm = JWSAlgorithm.parse(algorithmName);
 		} else {
 			algorithm = null;
 		}
 	}
 	/**
 	 * @return the algorithm
 	 */
 	@Transient
 	public JWSAlgorithm getAlgorithm() {
 		return algorithm;
 	}
 	/**
 	 * @param algorithm the algorithm to set
 	 */
 	public void setAlgorithm(JWSAlgorithm algorithm) {
 		this.algorithm = algorithm;
 	}
 	/* (non-Javadoc)
 	 * @see java.lang.Object#toString()
 	 */
 	@Override
 	public String toString() {
 		return "JWSAlgorithmEmbed [algorithm=" + algorithm + "]";
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@ -25,13 +25,11 @@ import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import javax.persistence.AttributeOverride;
 import javax.persistence.AttributeOverrides;
 import javax.persistence.Basic;
 import javax.persistence.CollectionTable;
 import javax.persistence.Column;
 import javax.persistence.Convert;
 import javax.persistence.ElementCollection;
 import javax.persistence.Embedded;
 import javax.persistence.Entity;
 import javax.persistence.EnumType;
 import javax.persistence.Enumerated;
@ -49,9 +47,6 @@ import javax.persistence.Temporal;
 import javax.persistence.TemporalType;
 import javax.persistence.Transient;
 import org.mitre.jose.JWEAlgorithmEmbed;
 import org.mitre.jose.JWEEncryptionMethodEmbed;
 import org.mitre.jose.JWSAlgorithmEmbed;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.provider.ClientDetails;
@ -103,17 +98,17 @@ public class ClientDetailsEntity implements ClientDetails {
 	private String sectorIdentifierUri; // sector_identifier_uri
 	private SubjectType subjectType; // subject_type
-	private JWSAlgorithmEmbed requestObjectSigningAlg = null; // request_object_signing_alg
+	private JWSAlgorithm requestObjectSigningAlg = null; // request_object_signing_alg
-	private JWSAlgorithmEmbed userInfoSignedResponseAlg = null; // user_info_signed_response_alg
+	private JWSAlgorithm userInfoSignedResponseAlg = null; // user_info_signed_response_alg
-	private JWEAlgorithmEmbed userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg
+	private JWEAlgorithm userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg
-	private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc
+	private EncryptionMethod userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc
-	private JWSAlgorithmEmbed idTokenSignedResponseAlg = null; // id_token_signed_response_alg
+	private JWSAlgorithm idTokenSignedResponseAlg = null; // id_token_signed_response_alg
-	private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg
+	private JWEAlgorithm idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg
-	private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc
+	private EncryptionMethod idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc
-	private JWSAlgorithmEmbed tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg
+	private JWSAlgorithm tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg
 	private Integer defaultMaxAge; // default_max_age
 	private Boolean requireAuthTime; // require_auth_time
@ -700,212 +695,94 @@ public class ClientDetailsEntity implements ClientDetails {
 		this.sectorIdentifierUri = sectorIdentifierUri;
 	}
-	@Embedded
+	@Basic
-	@AttributeOverrides({
+	@Column(name = "request_object_signing_alg")
-		@AttributeOverride(name = "algorithmName", column=@Column(name="request_object_signing_alg"))
+	@Convert(converter = JWSAlgorithmStringConverter.class)
-	})
+	public JWSAlgorithm getRequestObjectSigningAlg() {
 	public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() {
 		return requestObjectSigningAlg;
 	}
-	public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) {
+	public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) {
 		this.requestObjectSigningAlg = requestObjectSigningAlg;
 	}
-	@Embedded
+	@Basic
-	@AttributeOverrides({
+	@Column(name = "user_info_signed_response_alg")
-		@AttributeOverride(name = "algorithmName", column=@Column(name="user_info_signed_response_alg"))
+	@Convert(converter = JWSAlgorithmStringConverter.class)
-	})
+	public JWSAlgorithm getUserInfoSignedResponseAlg() {
 	public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() {
 		return userInfoSignedResponseAlg;
 	}
-	public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) {
+	public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) {
 		this.userInfoSignedResponseAlg = userInfoSignedResponseAlg;
 	}
-	@Embedded
+	@Basic
-	@AttributeOverrides({
+	@Column(name = "user_info_encrypted_response_alg")
-		@AttributeOverride(name = "algorithmName", column=@Column(name="user_info_encrypted_response_alg"))
+	@Convert(converter = JWEAlgorithmStringConverter.class)
-	})
+	public JWEAlgorithm getUserInfoEncryptedResponseAlg() {
 	public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() {
 		return userInfoEncryptedResponseAlg;
 	}
-	public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) {
+	public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) {
 		this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg;
 	}
-	@Embedded
+	@Basic
-	@AttributeOverrides({
+	@Column(name = "user_info_encrypted_response_enc")
-		@AttributeOverride(name = "algorithmName", column=@Column(name="user_info_encrypted_response_enc"))
+	@Convert(converter = JWEEncryptionMethodStringConverter.class)
-	})
+	public EncryptionMethod getUserInfoEncryptedResponseEnc() {
 	public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() {
 		return userInfoEncryptedResponseEnc;
 	}
-	public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) {
+	public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) {
 		this.userInfoEncryptedResponseEnc = userInfoEncryptedResponseEnc;
 	}
-	@Embedded
+	@Basic
-	@AttributeOverrides({
+	@Column(name="id_token_signed_response_alg")
-		@AttributeOverride(name = "algorithmName", column=@Column(name="id_token_signed_response_alg"))
+	@Convert(converter = JWSAlgorithmStringConverter.class)
-	})
+	public JWSAlgorithm getIdTokenSignedResponseAlg() {
 	public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() {
 		return idTokenSignedResponseAlg;
 	}
-	public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) {
+	public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) {
 		this.idTokenSignedResponseAlg = idTokenSignedResponseAlg;
 	}
-	@Embedded
+	@Basic
-	@AttributeOverrides({
+	@Column(name = "id_token_encrypted_response_alg")
-		@AttributeOverride(name = "algorithmName", column=@Column(name="id_token_encrypted_response_alg"))
+	@Convert(converter = JWEAlgorithmStringConverter.class)
-	})
+	public JWEAlgorithm getIdTokenEncryptedResponseAlg() {
 	public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() {
 		return idTokenEncryptedResponseAlg;
 	}
-	public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) {
+	public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) {
 		this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg;
 	}
-	@Embedded
+	@Basic
-	@AttributeOverrides({
+	@Column(name = "id_token_encrypted_response_enc")
-		@AttributeOverride(name = "algorithmName", column=@Column(name="id_token_encrypted_response_enc"))
+	@Convert(converter = JWEEncryptionMethodStringConverter.class)
-	})
+	public EncryptionMethod getIdTokenEncryptedResponseEnc() {
 	public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() {
 		return idTokenEncryptedResponseEnc;
 	}
-	public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) {
+	public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
 		this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc;
 	}
-	@Embedded
+	@Basic
-	@AttributeOverrides({
+	@Column(name="token_endpoint_auth_signing_alg")
-		@AttributeOverride(name = "algorithmName", column=@Column(name="token_endpoint_auth_signing_alg"))
+	@Convert(converter = JWSAlgorithmStringConverter.class)
-	})
+	public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
 	public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() {
 		return tokenEndpointAuthSigningAlg;
 	}
 	public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) {
 		this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlgEmbed;
 	}
 	//
 	// Transient passthrough methods for JOSE elements
 	//
 	@Transient
 	public JWSAlgorithm getRequestObjectSigningAlg() {
 		if (requestObjectSigningAlg != null) {
 			return requestObjectSigningAlg.getAlgorithm();
 		} else {
 			return null;
 		}
 	}
 	public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) {
 		this.requestObjectSigningAlg = new JWSAlgorithmEmbed(requestObjectSigningAlg);
 	}
 	@Transient
 	public JWSAlgorithm getUserInfoSignedResponseAlg() {
 		if (userInfoSignedResponseAlg != null) {
 			return userInfoSignedResponseAlg.getAlgorithm();
 		} else {
 			return null;
 		}
 	}
 	public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) {
 		this.userInfoSignedResponseAlg = new JWSAlgorithmEmbed(userInfoSignedResponseAlg);
 	}
 	@Transient
 	public JWEAlgorithm getUserInfoEncryptedResponseAlg() {
 		if (userInfoEncryptedResponseAlg != null) {
 			return userInfoEncryptedResponseAlg.getAlgorithm();
 		} else {
 			return null;
 		}
 	}
 	public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) {
 		this.userInfoEncryptedResponseAlg = new JWEAlgorithmEmbed(userInfoEncryptedResponseAlg);
 	}
 	@Transient
 	public EncryptionMethod getUserInfoEncryptedResponseEnc() {
 		if (userInfoEncryptedResponseEnc != null) {
 			return userInfoEncryptedResponseEnc.getAlgorithm();
 		} else {
 			return null;
 		}
 	}
 	public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) {
 		this.userInfoEncryptedResponseEnc = new JWEEncryptionMethodEmbed(userInfoEncryptedResponseEnc);
 	}
 	@Transient
 	public JWSAlgorithm getIdTokenSignedResponseAlg() {
 		if (idTokenSignedResponseAlg != null) {
 			return idTokenSignedResponseAlg.getAlgorithm();
 		} else {
 			return null;
 		}
 	}
 	public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) {
 		this.idTokenSignedResponseAlg = new JWSAlgorithmEmbed(idTokenSignedResponseAlg);
 	}
 	@Transient
 	public JWEAlgorithm getIdTokenEncryptedResponseAlg() {
 		if (idTokenEncryptedResponseAlg != null) {
 			return idTokenEncryptedResponseAlg.getAlgorithm();
 		} else {
 			return null;
 		}
 	}
 	public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) {
 		this.idTokenEncryptedResponseAlg = new JWEAlgorithmEmbed(idTokenEncryptedResponseAlg);
 	}
 	@Transient
 	public EncryptionMethod getIdTokenEncryptedResponseEnc() {
 		if (idTokenEncryptedResponseEnc != null) {
 			return idTokenEncryptedResponseEnc.getAlgorithm();
 		} else {
 			return null;
 		}
 	}
 	public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
 		this.idTokenEncryptedResponseEnc = new JWEEncryptionMethodEmbed(idTokenEncryptedResponseEnc);
 	}
 	@Transient
 	public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
 		if (tokenEndpointAuthSigningAlg != null) {
 			return tokenEndpointAuthSigningAlg.getAlgorithm();
 		} else {
 			return null;
 		}
 	}
 	public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) {
-		this.tokenEndpointAuthSigningAlg = new JWSAlgorithmEmbed(tokenEndpointAuthSigningAlg);
+		this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg;
 	}
 	// END Transient JOSE methods
 	@Basic
 	@Column(name="default_max_age")
 	public Integer getDefaultMaxAge() {
@ -1045,5 +922,5 @@ public class ClientDetailsEntity implements ClientDetails {
 	public boolean isAutoApprove(String scope) {
 		return false;
 	}
-
+	
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEAlgorithmStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEAlgorithmStringConverter.java
@ -0,0 +1,48 @@
 /*******************************************************************************
 * Copyright 2015 The MITRE Corporation
 *   and the MIT Kerberos and Internet Trust Consortium
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
 package org.mitre.oauth2.model;
 import javax.persistence.AttributeConverter;
 import javax.persistence.Converter;
 import com.nimbusds.jose.JWEAlgorithm;
@Converter
 public class JWEAlgorithmStringConverter implements AttributeConverter<JWEAlgorithm, String> {
 	@Override
 	public String convertToDatabaseColumn(JWEAlgorithm attribute) {
 		if (attribute != null) {
 			return attribute.getName();
 		} else {
 			return null;
 		}
 	}
 	/* (non-Javadoc)
 	 * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
 	 */
 	@Override
 	public JWEAlgorithm convertToEntityAttribute(String dbData) {
 		if (dbData != null) {
 			return JWEAlgorithm.parse(dbData);
 		} else {
 			return null;
 		}
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEEncryptionMethodStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEEncryptionMethodStringConverter.java
@ -0,0 +1,48 @@
 /*******************************************************************************
 * Copyright 2015 The MITRE Corporation
 *   and the MIT Kerberos and Internet Trust Consortium
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
 package org.mitre.oauth2.model;
 import javax.persistence.AttributeConverter;
 import javax.persistence.Converter;
 import com.nimbusds.jose.EncryptionMethod;
@Converter
 public class JWEEncryptionMethodStringConverter implements AttributeConverter<EncryptionMethod, String> {
 	@Override
 	public String convertToDatabaseColumn(EncryptionMethod attribute) {
 		if (attribute != null) {
 			return attribute.getName();
 		} else {
 			return null;
 		}
 	}
 	/* (non-Javadoc)
 	 * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
 	 */
 	@Override
 	public EncryptionMethod convertToEntityAttribute(String dbData) {
 		if (dbData != null) {
 			return EncryptionMethod.parse(dbData);
 		} else {
 			return null;
 		}
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWSAlgorithmStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWSAlgorithmStringConverter.java
@ -0,0 +1,48 @@
 /*******************************************************************************
 * Copyright 2015 The MITRE Corporation
 *   and the MIT Kerberos and Internet Trust Consortium
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
 package org.mitre.oauth2.model;
 import javax.persistence.AttributeConverter;
 import javax.persistence.Converter;
 import com.nimbusds.jose.JWSAlgorithm;
@Converter
 public class JWSAlgorithmStringConverter implements AttributeConverter<JWSAlgorithm, String> {
 	@Override
 	public String convertToDatabaseColumn(JWSAlgorithm attribute) {
 		if (attribute != null) {
 			return attribute.getName();
 		} else {
 			return null;
 		}
 	}
 	/* (non-Javadoc)
 	 * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
 	 */
 	@Override
 	public JWSAlgorithm convertToEntityAttribute(String dbData) {
 		if (dbData != null) {
 			return JWSAlgorithm.parse(dbData);
 		} else {
 			return null;
 		}
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
@ -23,9 +23,6 @@ import java.util.Date;
 import java.util.Map;
 import java.util.Set;
 import org.mitre.jose.JWEAlgorithmEmbed;
 import org.mitre.jose.JWEEncryptionMethodEmbed;
 import org.mitre.jose.JWSAlgorithmEmbed;
 import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
@ -575,118 +572,7 @@ public class RegisteredClient {
 	public void setRequestUris(Set<String> requestUris) {
 		client.setRequestUris(requestUris);
 	}
-	/**
+	
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlgEmbed()
 	 */
 	public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() {
 		return client.getRequestObjectSigningAlgEmbed();
 	}
 	/**
 	 * @param requestObjectSigningAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
 	 */
 	public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) {
 		client.setRequestObjectSigningAlgEmbed(requestObjectSigningAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlgEmbed()
 	 */
 	public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() {
 		return client.getUserInfoSignedResponseAlgEmbed();
 	}
 	/**
 	 * @param userInfoSignedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
 	 */
 	public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) {
 		client.setUserInfoSignedResponseAlgEmbed(userInfoSignedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlgEmbed()
 	 */
 	public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() {
 		return client.getUserInfoEncryptedResponseAlgEmbed();
 	}
 	/**
 	 * @param userInfoEncryptedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed)
 	 */
 	public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) {
 		client.setUserInfoEncryptedResponseAlgEmbed(userInfoEncryptedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEncEmbed()
 	 */
 	public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() {
 		return client.getUserInfoEncryptedResponseEncEmbed();
 	}
 	/**
 	 * @param userInfoEncryptedResponseEnc
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed)
 	 */
 	public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) {
 		client.setUserInfoEncryptedResponseEncEmbed(userInfoEncryptedResponseEnc);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlgEmbed()
 	 */
 	public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() {
 		return client.getIdTokenSignedResponseAlgEmbed();
 	}
 	/**
 	 * @param idTokenSignedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
 	 */
 	public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) {
 		client.setIdTokenSignedResponseAlgEmbed(idTokenSignedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlgEmbed()
 	 */
 	public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() {
 		return client.getIdTokenEncryptedResponseAlgEmbed();
 	}
 	/**
 	 * @param idTokenEncryptedResponseAlg
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed)
 	 */
 	public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) {
 		client.setIdTokenEncryptedResponseAlgEmbed(idTokenEncryptedResponseAlg);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEncEmbed()
 	 */
 	public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() {
 		return client.getIdTokenEncryptedResponseEncEmbed();
 	}
 	/**
 	 * @param idTokenEncryptedResponseEnc
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed)
 	 */
 	public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) {
 		client.setIdTokenEncryptedResponseEncEmbed(idTokenEncryptedResponseEnc);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg()
@ -799,22 +685,6 @@ public class RegisteredClient {
 		client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlgEmbed()
 	 */
 	public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() {
 		return client.getTokenEndpointAuthSigningAlgEmbed();
 	}
 	/**
 	 * @param tokenEndpointAuthSigningAlgEmbed
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
 	 */
 	public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) {
 		client.setTokenEndpointAuthSigningAlgEmbed(tokenEndpointAuthSigningAlgEmbed);
 	}
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlg()
--- a/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java
+++ b/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java
@ -1,118 +0,0 @@
 /*******************************************************************************
 * Copyright 2015 The MITRE Corporation
 *   and the MIT Kerberos and Internet Trust Consortium
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
 /**
 * 
 */
 package org.mitre.jose;
 import org.junit.Test;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
 import static org.junit.Assert.assertEquals;
 /**
 * 
 * These tests make sure that the algorithm name processing
 * is functional on the three embedded JOSE classes.
 * 
 * @author jricher, tsitkov
 *
 */
 public class JOSEEmbedTest {
 	@Test
 	public void testJWSAlgorithmEmbed() {
 		JWSAlgorithmEmbed a = new JWSAlgorithmEmbed(JWSAlgorithm.HS256);
 		assertEquals(JWSAlgorithm.HS256, a.getAlgorithm());
 		assertEquals("HS256", a.getAlgorithmName());
 		a.setAlgorithm(JWSAlgorithm.HS384);
 		assertEquals(JWSAlgorithm.HS384, a.getAlgorithm());
 		JWSAlgorithmEmbed null_a = new JWSAlgorithmEmbed(null);
 		assertEquals(null, null_a.getAlgorithm());
 		assertEquals(null, null_a.getAlgorithmName());
 	}
 	@Test
 	public void testJWSAlgorithmEmbedGetForAlgoirthmName() {
 		JWSAlgorithmEmbed a = JWSAlgorithmEmbed.getForAlgorithmName("RS256");
 		assertEquals(JWSAlgorithm.RS256, a.getAlgorithm());
 		assertEquals("RS256", a.getAlgorithmName());
 		JWSAlgorithmEmbed null_a = JWSAlgorithmEmbed.getForAlgorithmName("");
 		assertEquals(null, null_a);
 	}
 	@Test
 	public void testJWEAlgorithmEmbed() {
 		JWEAlgorithmEmbed a = new JWEAlgorithmEmbed(JWEAlgorithm.A128KW);
 		assertEquals(JWEAlgorithm.A128KW, a.getAlgorithm());
 		assertEquals("A128KW", a.getAlgorithmName());
 		a.setAlgorithm(JWEAlgorithm.A256KW);
 		assertEquals(JWEAlgorithm.A256KW, a.getAlgorithm());
 		JWEAlgorithmEmbed null_a = new JWEAlgorithmEmbed(null);
 		assertEquals(null, null_a.getAlgorithm());
 		assertEquals(null, null_a.getAlgorithmName());
 	}
 	@Test
 	public void testJWEAlgorithmEmbedGetForAlgoirthmName() {
 		JWEAlgorithmEmbed a = JWEAlgorithmEmbed.getForAlgorithmName("RSA1_5");
 		assertEquals(JWEAlgorithm.RSA1_5, a.getAlgorithm());
 		assertEquals("RSA1_5", a.getAlgorithmName());
 		JWEAlgorithmEmbed null_a = JWEAlgorithmEmbed.getForAlgorithmName("");
 		assertEquals(null, null_a);
 	}
 	@Test
 	public void testJWEEncryptionMethodEmbed() {
 		JWEEncryptionMethodEmbed a = new JWEEncryptionMethodEmbed(EncryptionMethod.A128CBC_HS256);
 		assertEquals(EncryptionMethod.A128CBC_HS256, a.getAlgorithm());
 		assertEquals("A128CBC-HS256", a.getAlgorithmName());
 		a.setAlgorithm(EncryptionMethod.A256GCM);
 		assertEquals(EncryptionMethod.A256GCM, a.getAlgorithm());
 		JWEEncryptionMethodEmbed null_a = new JWEEncryptionMethodEmbed(null);
 		assertEquals(null, null_a.getAlgorithm());
 		assertEquals(null, null_a.getAlgorithmName());
 	}
 	@Test
 	public void testJWEEncryptionMethodEmbedGetForAlgoirthmName() {
 		JWEEncryptionMethodEmbed a = JWEEncryptionMethodEmbed.getForAlgorithmName("A256GCM");
 		assertEquals(EncryptionMethod.A256GCM, a.getAlgorithm());
 		assertEquals("A256GCM", a.getAlgorithmName());
 		JWEEncryptionMethodEmbed null_a = JWEEncryptionMethodEmbed.getForAlgorithmName("");
 		assertEquals(null, null_a);
 	}
 }
--- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
@ -51,7 +51,7 @@ CREATE TABLE IF NOT EXISTS authentication_holder (
 CREATE TABLE IF NOT EXISTS client_authority (
 	owner_id BIGINT,
-	authority LONGVARBINARY
+	authority VARCHAR(256)
 );
 CREATE TABLE IF NOT EXISTS authorization_code (
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
@ -26,9 +26,6 @@ import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
 import org.mitre.jose.JWEAlgorithmEmbed;
 import org.mitre.jose.JWEEncryptionMethodEmbed;
 import org.mitre.jose.JWSAlgorithmEmbed;
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
@ -62,6 +59,9 @@ import com.google.common.collect.Sets;
 import com.google.gson.stream.JsonReader;
 import com.google.gson.stream.JsonToken;
 import com.google.gson.stream.JsonWriter;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
 import static org.mitre.util.JsonUtils.base64UrlDecodeObject;
 import static org.mitre.util.JsonUtils.readMap;
@ -664,17 +664,29 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 						SubjectType st = SubjectType.getByValue(reader.nextString());
 						client.setSubjectType(st);
 					} else if (name.equals("requestObjectSigningAlg")) {
-						JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
+						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setRequestObjectSigningAlgEmbed(alg);
+						client.setRequestObjectSigningAlg(alg);
 					} else if (name.equals("userInfoEncryptedResponseAlg")) {
-						JWEAlgorithmEmbed alg = JWEAlgorithmEmbed.getForAlgorithmName(reader.nextString());
+						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseAlgEmbed(alg);
+						client.setUserInfoEncryptedResponseAlg(alg);
 					} else if (name.equals("userInfoEncryptedResponseEnc")) {
-						JWEEncryptionMethodEmbed alg = JWEEncryptionMethodEmbed.getForAlgorithmName(reader.nextString());
+						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseEncEmbed(alg);
+						client.setUserInfoEncryptedResponseEnc(alg);
 					} else if (name.equals("userInfoSignedResponseAlg")) {
-						JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
+						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setUserInfoSignedResponseAlgEmbed(alg);
+						client.setUserInfoSignedResponseAlg(alg);
 					} else if (name.equals("idTokenSignedResonseAlg")) {
 						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
 						client.setIdTokenSignedResponseAlg(alg);
 					} else if (name.equals("idTokenEncryptedResponseAlg")) {
 						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
 						client.setIdTokenEncryptedResponseAlg(alg);
 					} else if (name.equals("idTokenEncryptedResponseEnc")) {
 						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
 						client.setIdTokenEncryptedResponseEnc(alg);
 					} else if (name.equals("tokenEndpointAuthSigningAlg")) {
 						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
 						client.setTokenEndpointAuthSigningAlg(alg);
 					} else if (name.equals("defaultMaxAge")) {
 						client.setDefaultMaxAge(reader.nextInt());
 					} else if (name.equals("requireAuthTime")) {
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
@ -28,9 +28,6 @@ import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Set;
 import org.mitre.jose.JWEAlgorithmEmbed;
 import org.mitre.jose.JWEEncryptionMethodEmbed;
 import org.mitre.jose.JWSAlgorithmEmbed;
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
@ -64,6 +61,9 @@ import com.google.common.collect.Sets;
 import com.google.gson.stream.JsonReader;
 import com.google.gson.stream.JsonToken;
 import com.google.gson.stream.JsonWriter;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
 import static org.mitre.util.JsonUtils.base64UrlDecodeObject;
 import static org.mitre.util.JsonUtils.readMap;
@ -672,17 +672,29 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 						SubjectType st = SubjectType.getByValue(reader.nextString());
 						client.setSubjectType(st);
 					} else if (name.equals("requestObjectSigningAlg")) {
-						JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
+						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setRequestObjectSigningAlgEmbed(alg);
+						client.setRequestObjectSigningAlg(alg);
 					} else if (name.equals("userInfoEncryptedResponseAlg")) {
-						JWEAlgorithmEmbed alg = JWEAlgorithmEmbed.getForAlgorithmName(reader.nextString());
+						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseAlgEmbed(alg);
+						client.setUserInfoEncryptedResponseAlg(alg);
 					} else if (name.equals("userInfoEncryptedResponseEnc")) {
-						JWEEncryptionMethodEmbed alg = JWEEncryptionMethodEmbed.getForAlgorithmName(reader.nextString());
+						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseEncEmbed(alg);
+						client.setUserInfoEncryptedResponseEnc(alg);
 					} else if (name.equals("userInfoSignedResponseAlg")) {
-						JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
+						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setUserInfoSignedResponseAlgEmbed(alg);
+						client.setUserInfoSignedResponseAlg(alg);
 					} else if (name.equals("idTokenSignedResonseAlg")) {
 						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
 						client.setIdTokenSignedResponseAlg(alg);
 					} else if (name.equals("idTokenEncryptedResponseAlg")) {
 						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
 						client.setIdTokenEncryptedResponseAlg(alg);
 					} else if (name.equals("idTokenEncryptedResponseEnc")) {
 						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
 						client.setIdTokenEncryptedResponseEnc(alg);
 					} else if (name.equals("tokenEndpointAuthSigningAlg")) {
 						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
 						client.setTokenEndpointAuthSigningAlg(alg);
 					} else if (name.equals("defaultMaxAge")) {
 						client.setDefaultMaxAge(reader.nextInt());
 					} else if (name.equals("requireAuthTime")) {
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
@ -28,9 +28,6 @@ import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Set;
 import org.mitre.jose.JWEAlgorithmEmbed;
 import org.mitre.jose.JWEEncryptionMethodEmbed;
 import org.mitre.jose.JWSAlgorithmEmbed;
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
@ -60,10 +57,12 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.stereotype.Service;
 import com.google.common.collect.Sets;
 import com.google.gson.stream.JsonReader;
 import com.google.gson.stream.JsonToken;
 import com.google.gson.stream.JsonWriter;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
 import static org.mitre.util.JsonUtils.base64UrlDecodeObject;
 import static org.mitre.util.JsonUtils.base64UrlEncodeObject;
@ -387,13 +386,21 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 				writer.name("subjectType")
 				.value((client.getSubjectType() != null) ? client.getSubjectType().getValue() : null);
 				writer.name("requestObjectSigningAlg")
-				.value((client.getRequestObjectSigningAlgEmbed() != null) ? client.getRequestObjectSigningAlgEmbed().getAlgorithmName() : null);
+				.value((client.getRequestObjectSigningAlg() != null) ? client.getRequestObjectSigningAlg().getName() : null);
-				writer.name("userInfoEncryptedResponseAlg")
+				writer.name("idTokenSignedResponseAlg")
-				.value((client.getUserInfoEncryptedResponseAlgEmbed() != null) ? client.getUserInfoEncryptedResponseAlgEmbed().getAlgorithmName() : null);
+				.value((client.getIdTokenSignedResponseAlg() != null) ? client.getIdTokenSignedResponseAlg().getName() : null);
-				writer.name("userInfoEncryptedResponseEnc")
+				writer.name("idTokenEncryptedResponseAlg")
-				.value((client.getUserInfoEncryptedResponseEncEmbed() != null) ? client.getUserInfoEncryptedResponseEncEmbed().getAlgorithmName() : null);
+				.value((client.getIdTokenEncryptedResponseAlg() != null) ? client.getIdTokenEncryptedResponseAlg().getName() : null);
 				writer.name("idTokenEncryptedResponseEnc")
 				.value((client.getIdTokenEncryptedResponseEnc() != null) ? client.getIdTokenEncryptedResponseEnc().getName() : null);
 				writer.name("userInfoSignedResponseAlg")
-				.value((client.getUserInfoSignedResponseAlgEmbed() != null) ? client.getUserInfoSignedResponseAlgEmbed().getAlgorithmName() : null);
+				.value((client.getUserInfoSignedResponseAlg() != null) ? client.getUserInfoSignedResponseAlg().getName() : null);
 				writer.name("userInfoEncryptedResponseAlg")
 				.value((client.getUserInfoEncryptedResponseAlg() != null) ? client.getUserInfoEncryptedResponseAlg().getName() : null);
 				writer.name("userInfoEncryptedResponseEnc")
 				.value((client.getUserInfoEncryptedResponseEnc() != null) ? client.getUserInfoEncryptedResponseEnc().getName() : null);
 				writer.name("tokenEndpointAuthSigningAlg")
 				.value((client.getTokenEndpointAuthSigningAlg() != null) ? client.getTokenEndpointAuthSigningAlg().getName() : null);
 				writer.name("defaultMaxAge").value(client.getDefaultMaxAge());
 				Boolean requireAuthTime = null;
 				try {
@ -1012,17 +1019,29 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 						SubjectType st = SubjectType.getByValue(reader.nextString());
 						client.setSubjectType(st);
 					} else if (name.equals("requestObjectSigningAlg")) {
-						JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
+						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setRequestObjectSigningAlgEmbed(alg);
+						client.setRequestObjectSigningAlg(alg);
 					} else if (name.equals("userInfoEncryptedResponseAlg")) {
-						JWEAlgorithmEmbed alg = JWEAlgorithmEmbed.getForAlgorithmName(reader.nextString());
+						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseAlgEmbed(alg);
+						client.setUserInfoEncryptedResponseAlg(alg);
 					} else if (name.equals("userInfoEncryptedResponseEnc")) {
-						JWEEncryptionMethodEmbed alg = JWEEncryptionMethodEmbed.getForAlgorithmName(reader.nextString());
+						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseEncEmbed(alg);
+						client.setUserInfoEncryptedResponseEnc(alg);
 					} else if (name.equals("userInfoSignedResponseAlg")) {
-						JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
+						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setUserInfoSignedResponseAlgEmbed(alg);
+						client.setUserInfoSignedResponseAlg(alg);
 					} else if (name.equals("idTokenSignedResonseAlg")) {
 						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
 						client.setIdTokenSignedResponseAlg(alg);
 					} else if (name.equals("idTokenEncryptedResponseAlg")) {
 						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
 						client.setIdTokenEncryptedResponseAlg(alg);
 					} else if (name.equals("idTokenEncryptedResponseEnc")) {
 						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
 						client.setIdTokenEncryptedResponseEnc(alg);
 					} else if (name.equals("tokenEndpointAuthSigningAlg")) {
 						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
 						client.setTokenEndpointAuthSigningAlg(alg);
 					} else if (name.equals("defaultMaxAge")) {
 						client.setDefaultMaxAge(reader.nextInt());
 					} else if (name.equals("requireAuthTime")) {
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
@ -27,9 +27,6 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.mitre.jose.JWEAlgorithmEmbed;
 import org.mitre.jose.JWEEncryptionMethodEmbed;
 import org.mitre.jose.JWSAlgorithmEmbed;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
@ -43,6 +40,9 @@ import com.google.gson.JsonElement;
 import com.google.gson.JsonPrimitive;
 import com.google.gson.JsonSerializationContext;
 import com.google.gson.JsonSerializer;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
 /**
 * 
@ -62,31 +62,31 @@ public abstract class AbstractClientEntityView extends AbstractView {
 	private Gson gson = new GsonBuilder()
 	.setExclusionStrategies(getExclusionStrategy())
-	.registerTypeAdapter(JWSAlgorithmEmbed.class, new JsonSerializer<JWSAlgorithmEmbed>() {
+	.registerTypeAdapter(JWSAlgorithm.class, new JsonSerializer<JWSAlgorithm>() {
 		@Override
-		public JsonElement serialize(JWSAlgorithmEmbed src, Type typeOfSrc, JsonSerializationContext context) {
+		public JsonElement serialize(JWSAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
 			if (src != null) {
-				return new JsonPrimitive(src.getAlgorithmName());
+				return new JsonPrimitive(src.getName());
 			} else {
 				return null;
 			}
 		}
 	})
-	.registerTypeAdapter(JWEAlgorithmEmbed.class, new JsonSerializer<JWEAlgorithmEmbed>() {
+	.registerTypeAdapter(JWEAlgorithm.class, new JsonSerializer<JWEAlgorithm>() {
 		@Override
-		public JsonElement serialize(JWEAlgorithmEmbed src, Type typeOfSrc, JsonSerializationContext context) {
+		public JsonElement serialize(JWEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
 			if (src != null) {
-				return new JsonPrimitive(src.getAlgorithmName());
+				return new JsonPrimitive(src.getName());
 			} else {
 				return null;
 			}
 		}
 	})
-	.registerTypeAdapter(JWEEncryptionMethodEmbed.class, new JsonSerializer<JWEEncryptionMethodEmbed>() {
+	.registerTypeAdapter(EncryptionMethod.class, new JsonSerializer<EncryptionMethod>() {
 		@Override
-		public JsonElement serialize(JWEEncryptionMethodEmbed src, Type typeOfSrc, JsonSerializationContext context) {
+		public JsonElement serialize(EncryptionMethod src, Type typeOfSrc, JsonSerializationContext context) {
 			if (src != null) {
-				return new JsonPrimitive(src.getAlgorithmName());
+				return new JsonPrimitive(src.getName());
 			} else {
 				return null;
 			}
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
@ -19,9 +19,6 @@ package org.mitre.openid.connect.web;
 import java.lang.reflect.Type;
 import java.util.Collection;
 import org.mitre.jose.JWEAlgorithmEmbed;
 import org.mitre.jose.JWEEncryptionMethodEmbed;
 import org.mitre.jose.JWSAlgorithmEmbed;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
@ -40,7 +37,6 @@ import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 import org.springframework.stereotype.Controller;
@ -62,6 +58,10 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
 /**
 * @author Michael Jett <mjett@mitre.org>
@ -87,31 +87,31 @@ public class ClientAPI {
 	private Gson gson = new GsonBuilder()
 	.serializeNulls()
-	.registerTypeAdapter(JWSAlgorithmEmbed.class, new JsonDeserializer<JWSAlgorithmEmbed>() {
+	.registerTypeAdapter(JWSAlgorithm.class, new JsonDeserializer<Algorithm>() {
 		@Override
-		public JWSAlgorithmEmbed deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+		public JWSAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
 			if (json.isJsonPrimitive()) {
-				return JWSAlgorithmEmbed.getForAlgorithmName(json.getAsString());
+				return JWSAlgorithm.parse(json.getAsString());
 			} else {
 				return null;
 			}
 		}
 	})
-	.registerTypeAdapter(JWEAlgorithmEmbed.class, new JsonDeserializer<JWEAlgorithmEmbed>() {
+	.registerTypeAdapter(JWEAlgorithm.class, new JsonDeserializer<Algorithm>() {
 		@Override
-		public JWEAlgorithmEmbed deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+		public JWEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
 			if (json.isJsonPrimitive()) {
-				return JWEAlgorithmEmbed.getForAlgorithmName(json.getAsString());
+				return JWEAlgorithm.parse(json.getAsString());
 			} else {
 				return null;
 			}
 		}
 	})
-	.registerTypeAdapter(JWEEncryptionMethodEmbed.class, new JsonDeserializer<JWEEncryptionMethodEmbed>() {
+	.registerTypeAdapter(EncryptionMethod.class, new JsonDeserializer<Algorithm>() {
 		@Override
-		public JWEEncryptionMethodEmbed deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+		public EncryptionMethod deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
 			if (json.isJsonPrimitive()) {
-				return JWEEncryptionMethodEmbed.getForAlgorithmName(json.getAsString());
+				return EncryptionMethod.parse(json.getAsString());
 			} else {
 				return null;
 			}