public interface ClientCredentialsSelector<T>
Implementations must be tread-safe.
Selection of client_secret_basic
, client_secret_post
and client_secret_jwt
secrets is handled by the selectClientSecrets(com.nimbusds.oauth2.sdk.id.ClientID, com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod, com.nimbusds.oauth2.sdk.auth.verifier.Context<T>)
method.
Selection of private_key_jwt
and
pub_key_tls_client_auth
keys is handled by the selectPublicKeys(com.nimbusds.oauth2.sdk.id.ClientID, com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod, com.nimbusds.jose.JWSHeader, boolean, com.nimbusds.oauth2.sdk.auth.verifier.Context<T>)
method.
The generic context object
may be used to return
client metadata
or
other information to the caller.
Modifier and Type | Method | Description |
---|---|---|
List<Secret> |
selectClientSecrets(ClientID claimedClientID,
ClientAuthenticationMethod authMethod,
Context<T> context) |
Selects one or more client secret candidates for
client_secret_basic ,
client_secret_post and
client_secret_jwt
authentication. |
List<? extends PublicKey> |
selectPublicKeys(ClientID claimedClientID,
ClientAuthenticationMethod authMethod,
com.nimbusds.jose.JWSHeader jwsHeader,
boolean forceRefresh,
Context<T> context) |
Selects one or more public key candidates (e.g.
|
List<Secret> selectClientSecrets(ClientID claimedClientID, ClientAuthenticationMethod authMethod, Context<T> context) throws InvalidClientException
client_secret_basic
,
client_secret_post
and
client_secret_jwt
authentication.claimedClientID
- The client identifier (to be verified). Not
null
.authMethod
- The client authentication method. Not
null
.context
- Additional context. May be null
.InvalidClientException
- If the client is invalid.List<? extends PublicKey> selectPublicKeys(ClientID claimedClientID, ClientAuthenticationMethod authMethod, com.nimbusds.jose.JWSHeader jwsHeader, boolean forceRefresh, Context<T> context) throws InvalidClientException
private_key_jwt
and pub_key_tls_client_auth
authentication.claimedClientID
- The client identifier (to be verified). Not
null
.authMethod
- The client authentication method. Not
null
.jwsHeader
- The JWS header, which may contain parameters
such as key ID to facilitate the key
selection. null
for TLS client
authentication.forceRefresh
- true
to force refresh of the JWK set
(for a remote JWK set referenced by URL).context
- Additional context. May be null
.InvalidClientException
- If the client is invalid.Copyright © 2018 Connect2id Ltd.. All rights reserved.