Package com.nimbusds.oauth2.sdk.auth.verifier

Interface ClientX509CertificateBindingVerifier<T>

public interface ClientX509CertificateBindingVerifier<T>

Client X.509 certificate binding verifier. Intended for verifying that the subject of a client X.509 certificate submitted during successful PKI mutual TLS authentication (in tls_client_auth) matches the registered tls_client_auth_subject_dn values for the submitted client ID.

Implementations must be tread-safe.

Method Summary

Modifier and Type	Method	Description
void	verifyCertificateBinding(ClientID clientID, String subjectDN, Context<T> context)	Verifies that the specified X.509 certificate subject DN binds to the claimed client ID.

Method Detail

verifyCertificateBinding

void verifyCertificateBinding(ClientID clientID,
                              String subjectDN,
                              Context<T> context)
                       throws InvalidClientException

Verifies that the specified X.509 certificate subject DN binds to the claimed client ID.

Parameters:

clientID - The claimed client ID. Not null.

subjectDN - The X.509 certificate subject DN. Not null.

context - Additional context. May be null.

Throws:

InvalidClientException - If client ID and subject DN don't bind or are invalid.