Class JWTAssertionDetailsVerifier
- java.lang.Object
-
- com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
-
- com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionDetailsVerifier
-
- All Implemented Interfaces:
com.nimbusds.jwt.proc.ClockSkewAware
,com.nimbusds.jwt.proc.JWTClaimsSetVerifier
@Immutable public class JWTAssertionDetailsVerifier extends com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
JSON Web Token (JWT) bearer assertion details (claims set) verifier for OAuth 2.0 client authentication and authorisation grants. Intended for initial validation of JWT assertions:- Audience check
- Expiration time check
- Expiration time too far ahead check (optional)
- Not-before time check (if set)
- Subject and issuer presence check
Related specifications:
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).
-
-
Constructor Summary
Constructors Constructor Description JWTAssertionDetailsVerifier(Set<Audience> expectedAudience)
Creates a new JWT bearer assertion details (claims set) verifier.JWTAssertionDetailsVerifier(Set<Audience> expectedAudience, long expMaxAhead)
Creates a new JWT bearer assertion details (claims set) verifier.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description Set<Audience>
getExpectedAudience()
Deprecated.long
getExpirationTimeMaxAhead()
Returns the maximum number of seconds the expiration time (exp) claim can be ahead of the current time.void
verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext context)
-
-
-
Constructor Detail
-
JWTAssertionDetailsVerifier
public JWTAssertionDetailsVerifier(Set<Audience> expectedAudience)
Creates a new JWT bearer assertion details (claims set) verifier.- Parameters:
expectedAudience
- The expected audience (aud) claim values. Must not be empty ornull
. Should typically contain the token endpoint URI and for OpenID provider it may also include the issuer URI.
-
JWTAssertionDetailsVerifier
public JWTAssertionDetailsVerifier(Set<Audience> expectedAudience, long expMaxAhead)
Creates a new JWT bearer assertion details (claims set) verifier.- Parameters:
expectedAudience
- The expected audience (aud) claim values. Must not be empty ornull
. Should typically contain the token endpoint URI and for OpenID provider it may also include the issuer URI.expMaxAhead
- The maximum number of seconds the expiration time (exp) claim can be ahead of the current time, if zero or negative this check is disabled.
-
-
Method Detail
-
getExpectedAudience
@Deprecated public Set<Audience> getExpectedAudience()
Deprecated.Returns the expected audience values.- Returns:
- The expected audience (aud) claim values.
-
getExpirationTimeMaxAhead
public long getExpirationTimeMaxAhead()
Returns the maximum number of seconds the expiration time (exp) claim can be ahead of the current time.- Returns:
- The maximum number of seconds, if zero or negative this check is disabled.
-
verify
public void verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext context) throws com.nimbusds.jwt.proc.BadJWTException
- Specified by:
verify
in interfacecom.nimbusds.jwt.proc.JWTClaimsSetVerifier
- Overrides:
verify
in classcom.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
- Throws:
com.nimbusds.jwt.proc.BadJWTException
-
-