com.nimbusds.oauth2.sdk.auth

Class JWTAuthentication

java.lang.Object

com.nimbusds.oauth2.sdk.auth.ClientAuthentication

com.nimbusds.oauth2.sdk.auth.JWTAuthentication

Direct Known Subclasses:

ClientSecretJWT, PrivateKeyJWT

public abstract class JWTAuthentication
extends ClientAuthentication

Base abstract class for JSON Web Token (JWT) based client authentication at the Token endpoint.

Related specifications:

• OAuth 2.0 (RFC 6749), section 3.2.1.
• JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).
• OpenID Connect Core 1.0, section 9.

Field Summary

Fields

Modifier and Type	Field and Description
static String	CLIENT_ASSERTION_TYPE The expected client assertion type, corresponding to the client_assertion_type parameter.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	JWTAuthentication(ClientAuthenticationMethod method, com.nimbusds.jwt.SignedJWT clientAssertion) Creates a new JSON Web Token (JWT) based client authentication.

Method Summary

Methods

Modifier and Type	Method and Description
void	applyTo(HTTPRequest httpRequest) Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).
protected static void	ensureClientAssertionType(Map<String,String> params) Ensures the specified parameters map contains an entry with key "client_assertion_type" pointing to a string that equals the expected CLIENT_ASSERTION_TYPE.
com.nimbusds.jwt.SignedJWT	getClientAssertion() Gets the client assertion, corresponding to the client_assertion parameter.
JWTAuthenticationClaimsSet	getJWTAuthenticationClaimsSet() Gets the client authentication claims set contained in the client assertion JSON Web Token (JWT).
static JWTAuthentication	parse(HTTPRequest httpRequest) Parses the specified HTTP request for a JSON Web Token (JWT) based client authentication.
protected static com.nimbusds.jwt.SignedJWT	parseClientAssertion(Map<String,String> params) Parses the specified parameters map for a client assertion.
protected static ClientID	parseClientID(Map<String,String> params) Parses the specified parameters map for an optional client identifier.
Map<String,String>	toParameters() Returns the parameter representation of this JSON Web Token (JWT) based client authentication.

Methods inherited from class com.nimbusds.oauth2.sdk.auth.ClientAuthentication

getClientID, getMethod

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLIENT_ASSERTION_TYPE

public static final String CLIENT_ASSERTION_TYPE

The expected client assertion type, corresponding to the client_assertion_type parameter. This is a URN string set to "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".

See Also:

Constant Field Values

Constructor Detail

JWTAuthentication

protected JWTAuthentication(ClientAuthenticationMethod method,
                 com.nimbusds.jwt.SignedJWT clientAssertion)

Creates a new JSON Web Token (JWT) based client authentication.

Parameters:

method - The client authentication method. Must not be null.

clientAssertion - The client assertion, corresponding to the client_assertion parameter, in the form of a signed JSON Web Token (JWT). Must be signed and not null.

Throws:

IllegalArgumentException - If the client assertion is not signed or doesn't conform to the expected format.

Method Detail

getClientAssertion

public com.nimbusds.jwt.SignedJWT getClientAssertion()

Gets the client assertion, corresponding to the client_assertion parameter.

Returns:

The client assertion, in the form of a signed JSON Web Token (JWT).

getJWTAuthenticationClaimsSet

public JWTAuthenticationClaimsSet getJWTAuthenticationClaimsSet()

Gets the client authentication claims set contained in the client assertion JSON Web Token (JWT).

Returns:

The client authentication claims.

toParameters

public Map<String,String> toParameters()

Returns the parameter representation of this JSON Web Token (JWT) based client authentication. Note that the parameters are not application/x-www-form-urlencoded encoded.

Parameters map:

 "client_assertion" -> [serialised-JWT]
 "client_assertion_type" -> "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
 

Returns:

The parameters map, with keys "client_assertion", "client_assertion_type" and "client_id".

applyTo

public void applyTo(HTTPRequest httpRequest)

Description copied from class: ClientAuthentication

Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).

Specified by:

applyTo in class ClientAuthentication

Parameters:

httpRequest - The HTTP request. Must not be null.

ensureClientAssertionType

protected static void ensureClientAssertionType(Map<String,String> params)
                                         throws ParseException

Ensures the specified parameters map contains an entry with key "client_assertion_type" pointing to a string that equals the expected CLIENT_ASSERTION_TYPE. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.

Parameters:

params - The parameters map to check. The parameters must not be null and application/x-www-form-urlencoded encoded.

Throws:

ParseException - If expected "client_assertion_type" entry wasn't found.

parseClientAssertion

protected static com.nimbusds.jwt.SignedJWT parseClientAssertion(Map<String,String> params)
                                                          throws ParseException

Parses the specified parameters map for a client assertion. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.

Parameters:

params - The parameters map to parse. It must contain an entry with key "client_assertion" pointing to a string that represents a signed serialised JSON Web Token (JWT). The parameters must not be null and application/x-www-form-urlencoded encoded.

Returns:

The client assertion as a signed JSON Web Token (JWT).

Throws:

ParseException - If a "client_assertion" entry couldn't be retrieved from the parameters map.

parseClientID

protected static ClientID parseClientID(Map<String,String> params)

Parses the specified parameters map for an optional client identifier. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.

Parameters:

params - The parameters map to parse. It may contain an entry with key "client_id" pointing to a string that represents the client identifier. The parameters must not be null and application/x-www-form-urlencoded encoded.

Returns:

The client identifier, null if not specified.

parse

public static JWTAuthentication parse(HTTPRequest httpRequest)
                               throws ParseException

Parses the specified HTTP request for a JSON Web Token (JWT) based client authentication.

Parameters:

httpRequest - The HTTP request to parse. Must not be null.

Returns:

The JSON Web Token (JWT) based client authentication.

Throws:

ParseException - If a JSON Web Token (JWT) based client authentication couldn't be retrieved from the HTTP request.