com.nimbusds.oauth2.sdk.auth
Class JWTAuthentication

java.lang.Object
  com.nimbusds.oauth2.sdk.auth.ClientAuthentication
      com.nimbusds.oauth2.sdk.auth.JWTAuthentication

Direct Known Subclasses:

ClientSecretJWT, PrivateKeyJWT

public abstract class JWTAuthentication
extends ClientAuthentication

Base abstract class for JSON Web Token (JWT) based client authentication at the Token endpoint.

Related specifications:

• OAuth 2.0 (RFC 6749), section-3.2.1.
• JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (draft-ietf-oauth-jwt-bearer-04)

Author:

Vladimir Dzhuvinov

Field Summary

static String

CLIENT_ASSERTION_TYPE The expected client assertion type, corresponding to the client_assertion_type parameter.

Constructor Summary

protected

JWTAuthentication(ClientAuthenticationMethod method, com.nimbusds.jwt.SignedJWT clientAssertion, ClientID clientID) Creates a new JSON Web Token (JWT) based client authentication.

Method Summary

void	applyTo(HTTPRequest httpRequest) Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).
protected static void	ensureClientAssertionType(Map<String,String> params) Ensures the specified parameters map contains an entry with key "client_assertion_type" pointing to a string that equals the expected CLIENT_ASSERTION_TYPE.
com.nimbusds.jwt.SignedJWT	getClientAssertion() Gets the client assertion, corresponding to the client_assertion parameter.
ClientID	getClientID() Gets the optional client identifier, corresponding to the client_id parameter.
JWTAuthenticationClaimsSet	getJWTAuthenticationClaimsSet() Gets the client authentication claims set contained in the client assertion JSON Web Token (JWT).
static JWTAuthentication	parse(HTTPRequest httpRequest) Parses the specified HTTP request for a JSON Web Token (JWT) based client authentication.
protected static com.nimbusds.jwt.SignedJWT	parseClientAssertion(Map<String,String> params) Parses the specified parameters map for a client assertion.
protected static ClientID	parseClientID(Map<String,String> params) Parses the specified parameters map for an optional client identifier.
Map<String,String>	toParameters() Returns the parameter representation of this JSON Web Token (JWT) based client authentication.

Methods inherited from class com.nimbusds.oauth2.sdk.auth.ClientAuthentication

getMethod

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLIENT_ASSERTION_TYPE

public static final String CLIENT_ASSERTION_TYPE

The expected client assertion type, corresponding to the client_assertion_type parameter. This is a URN string set to "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".

See Also:

Constant Field Values

Constructor Detail

JWTAuthentication

protected JWTAuthentication(ClientAuthenticationMethod method,
                            com.nimbusds.jwt.SignedJWT clientAssertion,
                            ClientID clientID)

Creates a new JSON Web Token (JWT) based client authentication.

Parameters:

method - The client authentication method. Must not be null.

clientAssertion - The client assertion, corresponding to the client_assertion parameter, in the form of a signed JSON Web Token (JWT). Must not be null.

clientID - Optional client identifier, corresponding to the client_id parameter. null if not specified.

Method Detail

getClientAssertion

public com.nimbusds.jwt.SignedJWT getClientAssertion()

Gets the client assertion, corresponding to the client_assertion parameter.

Returns:

The client assertion, in the form of a signed JSON Web Token (JWT).

getClientID

public ClientID getClientID()

Gets the optional client identifier, corresponding to the client_id parameter.

Returns:

The client identifier, null if not specified.

getJWTAuthenticationClaimsSet

public JWTAuthenticationClaimsSet getJWTAuthenticationClaimsSet()
                                                         throws ParseException

Gets the client authentication claims set contained in the client assertion JSON Web Token (JWT).

Returns:

The client authentication claims.

Throws:

ParseException - If the client assertion JSON Web Token (JWT) doesn't contain a client authentication claims set.

toParameters

public Map<String,String> toParameters()
                                throws SerializeException

Returns the parameter representation of this JSON Web Token (JWT) based client authentication. Note that the parameters are not application/x-www-form-urlencoded encoded.

Parameters map:

 "client_assertion" -> [serialised-JWT]
 "client_assertion_type" -> "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
 "client_id" -> [optional-client-id]
 

Returns:

The parameters map, with keys "client_assertion", "client_assertion_type" and "client_id".

Throws:

SerializeException - If the signed JWT couldn't be serialised to a client assertion string.

applyTo

public void applyTo(HTTPRequest httpRequest)
             throws SerializeException

Description copied from class: ClientAuthentication

Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).

Specified by:

applyTo in class ClientAuthentication

Parameters:

httpRequest - The HTTP request. Must not be null.

Throws:

SerializeException - If the client authentication parameters couldn't be applied to the HTTP request.

ensureClientAssertionType

protected static void ensureClientAssertionType(Map<String,String> params)
                                         throws ParseException

Ensures the specified parameters map contains an entry with key "client_assertion_type" pointing to a string that equals the expected CLIENT_ASSERTION_TYPE. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.

Parameters:

params - The parameters map to check. The parameters must not be null and application/x-www-form-urlencoded encoded.

Throws:

ParseException - If expected "client_assertion_type" entry wasn't found.

parseClientAssertion

protected static com.nimbusds.jwt.SignedJWT parseClientAssertion(Map<String,String> params)
                                                          throws ParseException

Parses the specified parameters map for a client assertion. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.

Parameters:

params - The parameters map to parse. It must contain an entry with key "client_assertion" pointing to a string that represents a signed serialised JSON Web Token (JWT). The parameters must not be null and application/x-www-form-urlencoded encoded.

Returns:

The client assertion as a signed JSON Web Token (JWT).

Throws:

ParseException - If a "client_assertion" entry couldn't be retrieved from the parameters map.

parseClientID

protected static ClientID parseClientID(Map<String,String> params)

Parses the specified parameters map for an optional client identifier. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.

Parameters:

params - The parameters map to parse. It may contain an entry with key "client_id" pointing to a string that represents the client identifier. The parameters must not be null and application/x-www-form-urlencoded encoded.

Returns:

The client identifier, null if not specified.

parse

public static JWTAuthentication parse(HTTPRequest httpRequest)
                               throws ParseException

Parses the specified HTTP request for a JSON Web Token (JWT) based client authentication.

Parameters:

httpRequest - The HTTP request to parse. Must not be null.

Returns:

The JSON Web Token (JWT) based client authentication.

Throws:

ParseException - If a JSON Web Token (JWT) based client authentication couldn't be retrieved from the HTTP request.