Class JWTAssertionDetailsVerifier
java.lang.Object
com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionDetailsVerifier
- All Implemented Interfaces:
com.nimbusds.jwt.proc.ClockSkewAware
,com.nimbusds.jwt.proc.JWTClaimsSetVerifier
@Immutable
public class JWTAssertionDetailsVerifier
extends com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
JSON Web Token (JWT) bearer assertion details (claims set) verifier for
OAuth 2.0 client authentication and authorisation grants. Intended for
initial validation of JWT assertions:
- Audience check
- Expiration time check
- Expiration time too far ahead check (optional)
- Not-before time check (if set)
- Subject and issuer presence check
Related specifications:
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).
-
Field Summary
Fields inherited from class com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
DEFAULT_MAX_CLOCK_SKEW_SECONDS
-
Constructor Summary
ConstructorsConstructorDescriptionJWTAssertionDetailsVerifier
(Set<Audience> expectedAudience) Creates a new JWT bearer assertion details (claims set) verifier.JWTAssertionDetailsVerifier
(Set<Audience> expectedAudience, long expMaxAhead) Creates a new JWT bearer assertion details (claims set) verifier. -
Method Summary
Modifier and TypeMethodDescriptionDeprecated.long
Returns the maximum number of seconds the expiration time (exp) claim can be ahead of the current time.void
verify
(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext context) Methods inherited from class com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
currentTime, getAcceptedAudienceValues, getExactMatchClaims, getMaxClockSkew, getProhibitedClaims, getRequiredClaims, setMaxClockSkew
-
Constructor Details
-
JWTAssertionDetailsVerifier
Creates a new JWT bearer assertion details (claims set) verifier.- Parameters:
expectedAudience
- The expected audience (aud) claim values. Must not be empty ornull
. Should typically contain the token endpoint URI and for OpenID provider it may also include the issuer URI.
-
JWTAssertionDetailsVerifier
Creates a new JWT bearer assertion details (claims set) verifier.- Parameters:
expectedAudience
- The expected audience (aud) claim values. Must not be empty ornull
. Should typically contain the token endpoint URI and for OpenID provider it may also include the issuer URI.expMaxAhead
- The maximum number of seconds the expiration time (exp) claim can be ahead of the current time, if zero or negative this check is disabled.
-
-
Method Details
-
getExpectedAudience
Deprecated.Returns the expected audience values.- Returns:
- The expected audience (aud) claim values.
-
getExpirationTimeMaxAhead
Returns the maximum number of seconds the expiration time (exp) claim can be ahead of the current time.- Returns:
- The maximum number of seconds, if zero or negative this check is disabled.
-
verify
public void verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext context) throws com.nimbusds.jwt.proc.BadJWTException - Specified by:
verify
in interfacecom.nimbusds.jwt.proc.JWTClaimsSetVerifier
- Overrides:
verify
in classcom.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
- Throws:
com.nimbusds.jwt.proc.BadJWTException
-