Package com.nimbusds.openid.connect.sdk.validators

Class AbstractJWTValidator

java.lang.Object

com.nimbusds.openid.connect.sdk.validators.AbstractJWTValidator

All Implemented Interfaces:

com.nimbusds.jwt.proc.ClockSkewAware

Direct Known Subclasses:

IDTokenValidator, JARMValidator, LogoutTokenValidator

public abstract class AbstractJWTValidator
extends Object
implements com.nimbusds.jwt.proc.ClockSkewAware

Abstract JSON Web Token (JWT) validator for ID tokens and logout tokens.

Field Summary

Fields

Modifier and Type	Field	Description
static int	DEFAULT_MAX_CLOCK_SKEW	The default maximum acceptable clock skew for verifying token timestamps, in seconds.

Constructor Summary

Constructors

Constructor	Description
AbstractJWTValidator(com.nimbusds.jose.JOSEObjectType jwtType, Issuer expectedIssuer, ClientID clientID, com.nimbusds.jose.proc.JWSKeySelector jwsKeySelector, com.nimbusds.jose.proc.JWEKeySelector jweKeySelector)	Creates a new abstract JWT validator.
AbstractJWTValidator(Issuer expectedIssuer, ClientID clientID, com.nimbusds.jose.proc.JWSKeySelector jwsKeySelector, com.nimbusds.jose.proc.JWEKeySelector jweKeySelector)	Deprecated.

Method Summary

Modifier and Type	Method	Description
ClientID	getClientID()	Returns the client ID (the expected JWT audience).
Issuer	getExpectedIssuer()	Returns the expected token issuer.
com.nimbusds.jose.JOSEObjectType	getExpectedJWTType()	Returns the expected JWT "typ" (type) header.
com.nimbusds.jose.proc.JWEKeySelector	getJWEKeySelector()	Returns the configured JWE key selector for encrypted token decryption.
com.nimbusds.jose.proc.JWSKeySelector	getJWSKeySelector()	Returns the configured JWS key selector for signed token verification.
int	getMaxClockSkew()	Gets the maximum acceptable clock skew for verifying the token timestamps.
void	setMaxClockSkew(int maxClockSkew)	Sets the maximum acceptable clock skew for verifying the token timestamps.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_MAX_CLOCK_SKEW

public static final int DEFAULT_MAX_CLOCK_SKEW

The default maximum acceptable clock skew for verifying token timestamps, in seconds.

See Also:

Constant Field Values

Constructor Detail

AbstractJWTValidator

@Deprecated
public AbstractJWTValidator(Issuer expectedIssuer,
                            ClientID clientID,
                            com.nimbusds.jose.proc.JWSKeySelector jwsKeySelector,
                            com.nimbusds.jose.proc.JWEKeySelector jweKeySelector)

Deprecated.

Creates a new abstract JWT validator.

Parameters:

expectedIssuer - The expected token issuer (OpenID Provider). Must not be null.

clientID - The client ID. Must not be null.

jwsKeySelector - The key selector for JWS verification, null if unsecured (plain) tokens are expected.

jweKeySelector - The key selector for JWE decryption, null if encrypted tokens are not expected.

AbstractJWTValidator

public AbstractJWTValidator(com.nimbusds.jose.JOSEObjectType jwtType,
                            Issuer expectedIssuer,
                            ClientID clientID,
                            com.nimbusds.jose.proc.JWSKeySelector jwsKeySelector,
                            com.nimbusds.jose.proc.JWEKeySelector jweKeySelector)

Creates a new abstract JWT validator.

Parameters:

jwtType - The expected JWT "typ" (type) header, null if none.

expectedIssuer - The expected token issuer (OpenID Provider). Must not be null.

clientID - The client ID. Must not be null.

jwsKeySelector - The key selector for JWS verification, null if unsecured (plain) tokens are expected.

jweKeySelector - The key selector for JWE decryption, null if encrypted tokens are not expected.

Method Detail

getExpectedJWTType

public com.nimbusds.jose.JOSEObjectType getExpectedJWTType()

Returns the expected JWT "typ" (type) header.

Returns:

The expected JWT "typ" (type) header, null if none.

getExpectedIssuer

public Issuer getExpectedIssuer()

Returns the expected token issuer.

Returns:

The token issuer.

getClientID

public ClientID getClientID()

Returns the client ID (the expected JWT audience).

Returns:

The client ID.

getJWSKeySelector

public com.nimbusds.jose.proc.JWSKeySelector getJWSKeySelector()

Returns the configured JWS key selector for signed token verification.

Returns:

The JWS key selector, null if none.

getJWEKeySelector

public com.nimbusds.jose.proc.JWEKeySelector getJWEKeySelector()

Returns the configured JWE key selector for encrypted token decryption.

Returns:

The JWE key selector, null.

getMaxClockSkew

public int getMaxClockSkew()

Gets the maximum acceptable clock skew for verifying the token timestamps.

Specified by:

getMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware

Returns:

The maximum acceptable clock skew, in seconds. Zero indicates none.

setMaxClockSkew

public void setMaxClockSkew(int maxClockSkew)

Sets the maximum acceptable clock skew for verifying the token timestamps.

Specified by:

setMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware

Parameters:

maxClockSkew - The maximum acceptable clock skew, in seconds. Zero indicates none. Must not be negative.