@ThreadSafe public class ClientAuthenticationVerifier<T> extends Object
Related specifications:
Constructor and Description |
---|
ClientAuthenticationVerifier(ClientCredentialsSelector<T> clientCredentialsSelector,
ClientX509CertificateBindingVerifier<T> certBindingVerifier,
Set<Audience> expectedAudience)
Creates a new client authentication verifier.
|
Modifier and Type | Method and Description |
---|---|
ClientCredentialsSelector<T> |
getClientCredentialsSelector()
Returns the client credentials selector.
|
ClientX509CertificateBindingVerifier<T> |
getClientX509CertificateBindingVerifier()
Returns the client X.509 certificate binding verifier for use in
tls_client_auth . |
Set<Audience> |
getExpectedAudience()
Returns the permitted audience values in JWT authentication
assertions.
|
void |
verify(ClientAuthentication clientAuth,
Set<Hint> hints,
Context<T> context)
Verifies a client authentication request.
|
public ClientAuthenticationVerifier(ClientCredentialsSelector<T> clientCredentialsSelector, ClientX509CertificateBindingVerifier<T> certBindingVerifier, Set<Audience> expectedAudience)
clientCredentialsSelector
- The client credentials selector.
Must not be null
.certBindingVerifier
- Optional client X.509 certificate
binding verifier for
tls_client_auth
,
null
if not supported.expectedAudience
- The permitted audience (aud) claim
values in JWT authentication
assertions. Must not be empty or
null
. Should typically
contain the token endpoint URI and
for OpenID provider it may also
include the issuer URI.public ClientCredentialsSelector<T> getClientCredentialsSelector()
public ClientX509CertificateBindingVerifier<T> getClientX509CertificateBindingVerifier()
tls_client_auth
.null
if not specified.public Set<Audience> getExpectedAudience()
public void verify(ClientAuthentication clientAuth, Set<Hint> hints, Context<T> context) throws InvalidClientException, com.nimbusds.jose.JOSEException
clientAuth
- The client authentication. Must not be
null
.hints
- Optional hints to the verifier, empty set of
null
if none.context
- Additional context to be passed to the client
credentials selector. May be null
.InvalidClientException
- If the client authentication is
invalid, typically due to bad
credentials.com.nimbusds.jose.JOSEException
- If authentication failed due to an
internal JOSE / JWT processing
exception.Copyright © 2017 Connect2id Ltd.. All rights reserved.