Package com.nimbusds.openid.connect.sdk.validators

Class AbstractJWTValidator

java.lang.Object
com.nimbusds.openid.connect.sdk.validators.AbstractJWTValidator
All Implemented Interfaces:
com.nimbusds.jwt.proc.ClockSkewAware
Direct Known Subclasses:
IDTokenValidator, JARMValidator, LogoutTokenValidator
public abstract class AbstractJWTValidator extends Object implements com.nimbusds.jwt.proc.ClockSkewAware
Abstract JSON Web Token (JWT) validator for ID tokens and logout tokens.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    DEFAULT_MAX_CLOCK_SKEW
    The default maximum acceptable clock skew for verifying token timestamps, in seconds.

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractJWTValidator(com.nimbusds.jose.JOSEObjectType jwtType, Issuer expectedIssuer, ClientID clientID, com.nimbusds.jose.proc.JWSKeySelector jwsKeySelector, com.nimbusds.jose.proc.JWEKeySelector jweKeySelector)
    Creates a new abstract JWT validator.
    AbstractJWTValidator(Issuer expectedIssuer, ClientID clientID, com.nimbusds.jose.proc.JWSKeySelector jwsKeySelector, com.nimbusds.jose.proc.JWEKeySelector jweKeySelector)
    Deprecated.

  • Method Summary

    Modifier and Type
    Method
    Description
    ClientID
    getClientID()
    Returns the client ID (the expected JWT audience).
    Issuer
    getExpectedIssuer()
    Returns the expected token issuer.
    com.nimbusds.jose.JOSEObjectType
    getExpectedJWTType()
    Returns the expected JWT "typ" (type) header.
    com.nimbusds.jose.proc.JWEKeySelector
    getJWEKeySelector()
    Returns the configured JWE key selector for encrypted token decryption.
    com.nimbusds.jose.proc.JWSKeySelector
    getJWSKeySelector()
    Returns the configured JWS key selector for signed token verification.
    int
    getMaxClockSkew()
    Gets the maximum acceptable clock skew for verifying the token timestamps.
    void
    setMaxClockSkew(int maxClockSkew)
    Sets the maximum acceptable clock skew for verifying the token timestamps.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • AbstractJWTValidator

      @Deprecated public AbstractJWTValidator(Issuer expectedIssuer, ClientID clientID, com.nimbusds.jose.proc.JWSKeySelector jwsKeySelector, com.nimbusds.jose.proc.JWEKeySelector jweKeySelector)
      Deprecated.
      Creates a new abstract JWT validator.
      Parameters:
      expectedIssuer - The expected token issuer (OpenID Provider). Must not be null.
      clientID - The client ID. Must not be null.
      jwsKeySelector - The key selector for JWS verification, null if unsecured (plain) tokens are expected.
      jweKeySelector - The key selector for JWE decryption, null if encrypted tokens are not expected.

    • AbstractJWTValidator

      public AbstractJWTValidator(com.nimbusds.jose.JOSEObjectType jwtType, Issuer expectedIssuer, ClientID clientID, com.nimbusds.jose.proc.JWSKeySelector jwsKeySelector, com.nimbusds.jose.proc.JWEKeySelector jweKeySelector)
      Creates a new abstract JWT validator.
      Parameters:
      jwtType - The expected JWT "typ" (type) header, null if none.
      expectedIssuer - The expected token issuer (OpenID Provider). Must not be null.
      clientID - The client ID. Must not be null.
      jwsKeySelector - The key selector for JWS verification, null if unsecured (plain) tokens are expected.
      jweKeySelector - The key selector for JWE decryption, null if encrypted tokens are not expected.

  • Method Details

    • getExpectedJWTType

      public com.nimbusds.jose.JOSEObjectType getExpectedJWTType()
      Returns the expected JWT "typ" (type) header.
      Returns:
      The expected JWT "typ" (type) header, null if none.

    • getExpectedIssuer

      public Issuer getExpectedIssuer()
      Returns the expected token issuer.
      Returns:
      The token issuer.

    • getClientID

      public ClientID getClientID()
      Returns the client ID (the expected JWT audience).
      Returns:
      The client ID.

    • getJWSKeySelector

      public com.nimbusds.jose.proc.JWSKeySelector getJWSKeySelector()
      Returns the configured JWS key selector for signed token verification.
      Returns:
      The JWS key selector, null if none.

    • getJWEKeySelector

      public com.nimbusds.jose.proc.JWEKeySelector getJWEKeySelector()
      Returns the configured JWE key selector for encrypted token decryption.
      Returns:
      The JWE key selector, null.

    • getMaxClockSkew

      public int getMaxClockSkew()
      Gets the maximum acceptable clock skew for verifying the token timestamps.
      Specified by:
      getMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware
      Returns:
      The maximum acceptable clock skew, in seconds. Zero indicates none.

    • setMaxClockSkew

      public void setMaxClockSkew(int maxClockSkew)
      Sets the maximum acceptable clock skew for verifying the token timestamps.
      Specified by:
      setMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware
      Parameters:
      maxClockSkew - The maximum acceptable clock skew, in seconds. Zero indicates none. Must not be negative.