Class BaseSelfContainedAccessTokenClaimsCodec
- java.lang.Object
-
- com.nimbusds.openid.connect.provider.spi.tokens.BaseSelfContainedAccessTokenClaimsCodec
-
- All Implemented Interfaces:
SelfContainedAccessTokenClaimsCodec
@ThreadSafe public abstract class BaseSelfContainedAccessTokenClaimsCodec extends Object implements SelfContainedAccessTokenClaimsCodec
Base implementation of the SPI for encoding and decoding authorisations for self-contained access tokens into JWT claims sets.Provides encoding and decoding for all token parameters for which there is an appropriate standard JWT claim (see JSON Web Token (JWT) (RFC 7519), section 4.1, OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens (RFC 8705), section 3.1), and OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (draft-ietf-oauth-dpop-03), section 6:
subject
- "sub"actor
- "act"expiration time
- "exp"issue time
- "iat"issuer
- "iss"audience
- "aud"JWT ID
- "jti"client X.509 certificate SHA-256 thumbprint (mTLS)
- "cnf.x5t#S256"JWK SHA-256 thumbprint confirmation (DPoP)
- "cnf.jkt"
The extending class should implement encoding and decoding for the remaining token parameters:
-
-
Field Summary
Fields Modifier and Type Field Description static Set<String>
SUPPORTED_CLAIM_NAMES
The supported claim names.
-
Constructor Summary
Constructors Constructor Description BaseSelfContainedAccessTokenClaimsCodec()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AccessTokenAuthorization
advancedDecode(JWTDetails jwtDetails, TokenCodecContext context)
Decodes the specified JWT details into an access token authorisation.JWTDetails
advancedEncode(AccessTokenAuthorization tokenAuthz, TokenEncoderContext context)
Encodes the specified access token authorisation into a JWT.AccessTokenAuthorization
decode(com.nimbusds.jwt.JWTClaimsSet claimsSet, TokenCodecContext context)
Decodes the specified JWT claims set into an access token authorisation.com.nimbusds.jwt.JWTClaimsSet
encode(AccessTokenAuthorization tokenAuthz, TokenEncoderContext context)
Encodes the specified access token authorisation into a JWT claims set.
-
-
-
Field Detail
-
SUPPORTED_CLAIM_NAMES
public static final Set<String> SUPPORTED_CLAIM_NAMES
The supported claim names.
-
-
Constructor Detail
-
BaseSelfContainedAccessTokenClaimsCodec
public BaseSelfContainedAccessTokenClaimsCodec()
-
-
Method Detail
-
encode
public com.nimbusds.jwt.JWTClaimsSet encode(AccessTokenAuthorization tokenAuthz, TokenEncoderContext context)
Description copied from interface:SelfContainedAccessTokenClaimsCodec
Encodes the specified access token authorisation into a JWT claims set.- Specified by:
encode
in interfaceSelfContainedAccessTokenClaimsCodec
- Parameters:
tokenAuthz
- The access token authorisation. Notnull
.context
- The token encoder context. Notnull
.- Returns:
- The JWT claims set.
-
advancedEncode
public JWTDetails advancedEncode(AccessTokenAuthorization tokenAuthz, TokenEncoderContext context)
Description copied from interface:SelfContainedAccessTokenClaimsCodec
Encodes the specified access token authorisation into a JWT.- Specified by:
advancedEncode
in interfaceSelfContainedAccessTokenClaimsCodec
- Parameters:
tokenAuthz
- The access token authorisation. Notnull
.context
- The token encoder context. Notnull
.- Returns:
- The JWT claims set and other details.
-
decode
public AccessTokenAuthorization decode(com.nimbusds.jwt.JWTClaimsSet claimsSet, TokenCodecContext context) throws TokenDecodeException
Description copied from interface:SelfContainedAccessTokenClaimsCodec
Decodes the specified JWT claims set into an access token authorisation.- Specified by:
decode
in interfaceSelfContainedAccessTokenClaimsCodec
- Parameters:
claimsSet
- The JWT claims set. Notnull
.context
- The token codec context. Notnull
.- Returns:
- The access token authorisation.
- Throws:
TokenDecodeException
- If decoding failed.
-
advancedDecode
public AccessTokenAuthorization advancedDecode(JWTDetails jwtDetails, TokenCodecContext context) throws TokenDecodeException
Description copied from interface:SelfContainedAccessTokenClaimsCodec
Decodes the specified JWT details into an access token authorisation.- Specified by:
advancedDecode
in interfaceSelfContainedAccessTokenClaimsCodec
- Parameters:
jwtDetails
- The JWT claims set and other details. Notnull
.context
- The token codec context. Notnull
.- Returns:
- The access token authorisation.
- Throws:
TokenDecodeException
- If decoding failed.
-
-