Class BaseSelfContainedAccessTokenClaimsCodec
java.lang.Object
com.nimbusds.openid.connect.provider.spi.tokens.BaseSelfContainedAccessTokenClaimsCodec
- All Implemented Interfaces:
Lifecycle,SelfContainedAccessTokenClaimsCodec
@ThreadSafe
public abstract class BaseSelfContainedAccessTokenClaimsCodec
extends Object
implements SelfContainedAccessTokenClaimsCodec
Base implementation of the SPI for encoding and decoding authorisations for
self-contained access tokens into JWT claims sets.
Provides encoding and decoding for all token parameters for which there is an appropriate standard JWT claim (see JSON Web Token (JWT) (RFC 7519), section 4.1, OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens (RFC 8705), section 3.1), and OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (draft-ietf-oauth-dpop-16), section 6:
subject- "sub"actor- "act"expiration time- "exp"issue time- "iat"issuer- "iss"audience- "aud"JWT ID- "jti"client X.509 certificate SHA-256 thumbprint (mTLS)- "cnf.x5t#S256"JWK SHA-256 thumbprint confirmation (DPoP)- "cnf.jkt"
The extending class should implement encoding and decoding for the remaining token parameters:
-
Field Summary
FieldsModifier and TypeFieldDescriptionThe supported claim names. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionadvancedDecode(JWTDetails jwtDetails, TokenCodecContext context) Decodes the specified JWT details into an access token authorisation.advancedEncode(AccessTokenAuthorization tokenAuthz, TokenEncoderContext context) Encodes the specified access token authorisation into a JWT.decode(com.nimbusds.jwt.JWTClaimsSet claimsSet, TokenCodecContext context) Decodes the specified JWT claims set into an access token authorisation.com.nimbusds.jwt.JWTClaimsSetencode(AccessTokenAuthorization tokenAuthz, TokenEncoderContext context) Encodes the specified access token authorisation into a JWT claims set.
-
Field Details
-
SUPPORTED_CLAIM_NAMES
The supported claim names.
-
-
Constructor Details
-
BaseSelfContainedAccessTokenClaimsCodec
-
-
Method Details
-
encode
public com.nimbusds.jwt.JWTClaimsSet encode(AccessTokenAuthorization tokenAuthz, TokenEncoderContext context) Description copied from interface:SelfContainedAccessTokenClaimsCodecEncodes the specified access token authorisation into a JWT claims set.- Specified by:
encodein interfaceSelfContainedAccessTokenClaimsCodec- Parameters:
tokenAuthz- The access token authorisation. Notnull.context- The token encoder context. Notnull.- Returns:
- The JWT claims set.
-
advancedEncode
Description copied from interface:SelfContainedAccessTokenClaimsCodecEncodes the specified access token authorisation into a JWT.- Specified by:
advancedEncodein interfaceSelfContainedAccessTokenClaimsCodec- Parameters:
tokenAuthz- The access token authorisation. Notnull.context- The token encoder context. Notnull.- Returns:
- The JWT claims set and other details.
-
decode
public AccessTokenAuthorization decode(com.nimbusds.jwt.JWTClaimsSet claimsSet, TokenCodecContext context) throws TokenDecodeException Description copied from interface:SelfContainedAccessTokenClaimsCodecDecodes the specified JWT claims set into an access token authorisation.- Specified by:
decodein interfaceSelfContainedAccessTokenClaimsCodec- Parameters:
claimsSet- The JWT claims set. Notnull.context- The token codec context. Notnull.- Returns:
- The access token authorisation.
- Throws:
TokenDecodeException- If decoding failed.
-
advancedDecode
public AccessTokenAuthorization advancedDecode(JWTDetails jwtDetails, TokenCodecContext context) throws TokenDecodeException Description copied from interface:SelfContainedAccessTokenClaimsCodecDecodes the specified JWT details into an access token authorisation.- Specified by:
advancedDecodein interfaceSelfContainedAccessTokenClaimsCodec- Parameters:
jwtDetails- The JWT claims set and other details. Notnull.context- The token codec context. Notnull.- Returns:
- The access token authorisation.
- Throws:
TokenDecodeException- If decoding failed.
-