Package com.nimbusds.oauth2.sdk.assertions.jwt

Class JWTAssertionDetailsVerifier

java.lang.Object
com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionDetailsVerifier
All Implemented Interfaces:
com.nimbusds.jwt.proc.ClockSkewAware, com.nimbusds.jwt.proc.JWTClaimsSetVerifier
@Immutable public class JWTAssertionDetailsVerifier extends com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
JSON Web Token (JWT) bearer assertion details (claims set) verifier for OAuth 2.0 client authentication and authorisation grants. Intended for initial validation of JWT assertions:
  • Audience check
  • Expiration time check
  • Expiration time too far ahead check (optional)
  • Not-before time check (if set)
  • Subject and issuer presence check

Related specifications:

  • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).

  • Field Summary

    Fields inherited from class com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier

    DEFAULT_MAX_CLOCK_SKEW_SECONDS

  • Constructor Summary

    Constructors
    Constructor
    Description
    JWTAssertionDetailsVerifier(Set<Audience> expectedAudience)
    Creates a new JWT bearer assertion details (claims set) verifier.
    JWTAssertionDetailsVerifier(Set<Audience> expectedAudience, long expMaxAhead)
    Creates a new JWT bearer assertion details (claims set) verifier.

  • Method Summary

    Modifier and Type
    Method
    Description
    Set<Audience>
    getExpectedAudience()
    Deprecated.
    long
    getExpirationTimeMaxAhead()
    Returns the maximum number of seconds the expiration time (exp) claim can be ahead of the current time.
    void
    verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext context)
     

    Methods inherited from class com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier

    currentTime, getAcceptedAudienceValues, getExactMatchClaims, getMaxClockSkew, getProhibitedClaims, getRequiredClaims, setMaxClockSkew

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • JWTAssertionDetailsVerifier

      public JWTAssertionDetailsVerifier(Set<Audience> expectedAudience)
      Creates a new JWT bearer assertion details (claims set) verifier.
      Parameters:
      expectedAudience - The expected audience (aud) claim values. Must not be empty or null. Should typically contain the token endpoint URI and for OpenID provider it may also include the issuer URI.

    • JWTAssertionDetailsVerifier

      public JWTAssertionDetailsVerifier(Set<Audience> expectedAudience, long expMaxAhead)
      Creates a new JWT bearer assertion details (claims set) verifier.
      Parameters:
      expectedAudience - The expected audience (aud) claim values. Must not be empty or null. Should typically contain the token endpoint URI and for OpenID provider it may also include the issuer URI.
      expMaxAhead - The maximum number of seconds the expiration time (exp) claim can be ahead of the current time, if zero or negative this check is disabled.

  • Method Details

    • getExpectedAudience

      @Deprecated public Set<Audience> getExpectedAudience()
      Deprecated.
      Returns the expected audience values.
      Returns:
      The expected audience (aud) claim values.

    • getExpirationTimeMaxAhead

      public long getExpirationTimeMaxAhead()
      Returns the maximum number of seconds the expiration time (exp) claim can be ahead of the current time.
      Returns:
      The maximum number of seconds, if zero or negative this check is disabled.

    • verify

      public void verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext context) throws com.nimbusds.jwt.proc.BadJWTException
      Specified by:
      verify in interface com.nimbusds.jwt.proc.JWTClaimsSetVerifier
      Overrides:
      verify in class com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
      Throws:
      com.nimbusds.jwt.proc.BadJWTException