Class DPoPProtectedResourceRequestVerifier
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.dpop.verifiers.DPoPProtectedResourceRequestVerifier
-
@ThreadSafe public class DPoPProtectedResourceRequestVerifier extends Object
DPoP proof JWT verifier for a protected resource.
-
-
Field Summary
Fields Modifier and Type Field Description static Set<com.nimbusds.jose.JWSAlgorithm>
SUPPORTED_JWS_ALGORITHMS
The supported JWS algorithms for the DPoP proof JWTs.
-
Constructor Summary
Constructors Constructor Description DPoPProtectedResourceRequestVerifier(Set<com.nimbusds.jose.JWSAlgorithm> acceptedJWSAlgs, long maxAgeSeconds, SingleUseChecker<Map.Entry<DPoPIssuer,JWTID>> singleUseChecker)
Creates a new DPoP proof JWT verifier for a protected resource.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
verify(String method, URI uri, DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof, DPoPAccessToken accessToken, JWKThumbprintConfirmation cnf)
Verifies the specified DPoP proof and its access token and JWK SHA-256 thumbprint bindings.
-
-
-
Field Detail
-
SUPPORTED_JWS_ALGORITHMS
public static final Set<com.nimbusds.jose.JWSAlgorithm> SUPPORTED_JWS_ALGORITHMS
The supported JWS algorithms for the DPoP proof JWTs.
-
-
Constructor Detail
-
DPoPProtectedResourceRequestVerifier
public DPoPProtectedResourceRequestVerifier(Set<com.nimbusds.jose.JWSAlgorithm> acceptedJWSAlgs, long maxAgeSeconds, SingleUseChecker<Map.Entry<DPoPIssuer,JWTID>> singleUseChecker)
Creates a new DPoP proof JWT verifier for a protected resource.- Parameters:
acceptedJWSAlgs
- The accepted JWS algorithms. Must be supported and notnull
.maxAgeSeconds
- The maximum acceptable "iat" (issued-at) claim age, in seconds. JWTs older than that will be rejected.singleUseChecker
- The single use checker for the DPoP proof "jti" (JWT ID) claims,null
if not specified.
-
-
Method Detail
-
verify
public void verify(String method, URI uri, DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof, DPoPAccessToken accessToken, JWKThumbprintConfirmation cnf) throws InvalidDPoPProofException, AccessTokenValidationException, com.nimbusds.jose.JOSEException
Verifies the specified DPoP proof and its access token and JWK SHA-256 thumbprint bindings.- Parameters:
method
- The HTTP request method (case insensitive). Must not benull
.uri
- The HTTP URI. Any query or fragment component will be stripped from it before DPoP validation. Must not benull
.issuer
- Unique identifier for the the DPoP proof issuer, such as its client ID. Must not benull
.proof
- The DPoP proof JWT. Must not benull
.accessToken
- The received DPoP access token. Must not benull
.cnf
- The JWK SHA-256 thumbprint confirmation for the DPoP access token. Must not benull
.- Throws:
InvalidDPoPProofException
- If the DPoP proof is invalid.AccessTokenValidationException
- If the DPoP access token binding validation failed.com.nimbusds.jose.JOSEException
- If an internal JOSE exception is encountered.
-
-