Class DPoPTokenRequestVerifier
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.dpop.verifiers.DPoPTokenRequestVerifier
-
@ThreadSafe public class DPoPTokenRequestVerifier extends Object
DPoP proof JWT verifier for the OAuth 2.0 token endpoint of an authorisation server.
-
-
Field Summary
Fields Modifier and Type Field Description static Set<com.nimbusds.jose.JWSAlgorithm>
SUPPORTED_JWS_ALGORITHMS
The supported JWS algorithms for the DPoP proof JWTs.
-
Constructor Summary
Constructors Constructor Description DPoPTokenRequestVerifier(Set<com.nimbusds.jose.JWSAlgorithm> acceptedJWSAlgs, URI endpointURI, long maxClockSkewSeconds, SingleUseChecker<Map.Entry<DPoPIssuer,JWTID>> singleUseChecker)
Creates a new DPoP proof JWT verifier for the OAuth 2.0 token endpoint.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description JWKThumbprintConfirmation
verify(DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof)
Deprecated.JWKThumbprintConfirmation
verify(DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof, Nonce nonce)
Verifies the specified DPoP proof and returns the DPoP JWK SHA-256 thumbprint confirmation.
-
-
-
Field Detail
-
SUPPORTED_JWS_ALGORITHMS
public static final Set<com.nimbusds.jose.JWSAlgorithm> SUPPORTED_JWS_ALGORITHMS
The supported JWS algorithms for the DPoP proof JWTs.
-
-
Constructor Detail
-
DPoPTokenRequestVerifier
public DPoPTokenRequestVerifier(Set<com.nimbusds.jose.JWSAlgorithm> acceptedJWSAlgs, URI endpointURI, long maxClockSkewSeconds, SingleUseChecker<Map.Entry<DPoPIssuer,JWTID>> singleUseChecker)
Creates a new DPoP proof JWT verifier for the OAuth 2.0 token endpoint.- Parameters:
acceptedJWSAlgs
- The accepted JWS algorithms. Must be supported and notnull
.endpointURI
- The token endpoint URI. Any query or fragment component will be stripped from it before performing the comparison. Must not benull
.maxClockSkewSeconds
- The max acceptable clock skew for the "iat" (issued-at) claim checks, in seconds. Should be in the order of a few seconds.singleUseChecker
- The single use checker for the DPoP proof "jti" (JWT ID) claims,null
if not specified.
-
-
Method Detail
-
verify
@Deprecated public JWKThumbprintConfirmation verify(DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof) throws InvalidDPoPProofException, com.nimbusds.jose.JOSEException
Deprecated.Verifies the specified DPoP proof and returns the DPoP JWK SHA-256 thumbprint confirmation.- Parameters:
issuer
- Unique identifier for the DPoP proof issuer, typically as its client ID. Must not benull
.proof
- The DPoP proof JWT. Must not benull
.- Returns:
- The DPoP JWK SHA-256 thumbprint confirmation.
- Throws:
InvalidDPoPProofException
- If the DPoP proof is invalid.com.nimbusds.jose.JOSEException
- If an internal JOSE exception is encountered.
-
verify
public JWKThumbprintConfirmation verify(DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof, Nonce nonce) throws InvalidDPoPProofException, com.nimbusds.jose.JOSEException
Verifies the specified DPoP proof and returns the DPoP JWK SHA-256 thumbprint confirmation.- Parameters:
issuer
- Unique identifier for the DPoP proof issuer, typically as its client ID. Must not benull
.proof
- The DPoP proof JWT. Must not benull
.nonce
- The expected DPoP proof JWT nonce,null
if none.- Returns:
- The DPoP JWK SHA-256 thumbprint confirmation.
- Throws:
InvalidDPoPProofException
- If the DPoP proof is invalid.com.nimbusds.jose.JOSEException
- If an internal JOSE exception is encountered.
-
-