Class JWTAssertionFactory

  • public class JWTAssertionFactory
    extends Object
    Static JWT bearer assertion factory.

    Related specifications:

    • Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521).
    • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).
    • Method Detail

      • supportedJWAs

        public static Set<com.nimbusds.jose.JWSAlgorithm> supportedJWAs()
        Returns the supported signature JSON Web Algorithms (JWAs).
        The supported JSON Web Algorithms (JWAs).
      • create

        public static com.nimbusds.jwt.SignedJWT create​(JWTAssertionDetails details,
                                                        com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                                                        Secret secret)
                                                 throws com.nimbusds.jose.JOSEException
        Creates a new HMAC-protected JWT bearer assertion.
        details - The JWT bearer assertion details. Must not be null.
        jwsAlgorithm - The expected HMAC algorithm (HS256, HS384 or HS512) for the JWT assertion. Must be supported and not null.
        secret - The secret. Must be at least 256-bits long.
        The JWT bearer assertion.
        com.nimbusds.jose.JOSEException - If the client secret is too short, or HMAC computation failed.
      • create

        public static com.nimbusds.jwt.SignedJWT create​(JWTAssertionDetails details,
                                                        com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                                                        PrivateKey privateKey,
                                                        String keyID,
                                                        List<com.nimbusds.jose.util.Base64> x5c,
                                                        com.nimbusds.jose.util.Base64URL x5t256,
                                                        Provider jcaProvider)
                                                 throws com.nimbusds.jose.JOSEException
        Creates a new signed JWT bearer assertion.
        details - The JWT bearer assertion details. Must not be null.
        jwsAlgorithm - The expected RSA (RS256, RS384, RS512, PS256, PS384 or PS512) or EC (ES256, ES384, ES512) signature algorithm for the JWT assertion. Must be supported and not null.
        privateKey - The signing private RSA or EC key. Must not be null.
        keyID - Optional identifier for the key, to aid key selection on the recipient side. Recommended. null if not specified.
        x5c - Optional X.509 certificate chain for the public key, null if not specified.
        x5t256 - Optional X.509 certificate SHA-256 thumbprint, null if not specified.
        jcaProvider - Optional specific JCA provider, null to use the default one.
        The JWT bearer assertion.
        com.nimbusds.jose.JOSEException - If signing failed.
      • create

        public static com.nimbusds.jwt.SignedJWT create​(JWTAssertionDetails details,
                                                        com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                                                        RSAPrivateKey rsaPrivateKey,
                                                        String keyID,
                                                        Provider jcaProvider)
                                                 throws com.nimbusds.jose.JOSEException
        Creates a new RSA-signed JWT bearer assertion.
        details - The JWT bearer assertion details. Must not be null.
        jwsAlgorithm - The expected RSA signature algorithm (RS256, RS384, RS512, PS256, PS384 or PS512) for the JWT assertion. Must be supported and not null.
        rsaPrivateKey - The RSA private key. Must not be null.
        keyID - Optional identifier for the RSA key, to aid key selection on the recipient side. Recommended. null if not specified.
        jcaProvider - Optional specific JCA provider, null to use the default one.
        The JWT bearer assertion.
        com.nimbusds.jose.JOSEException - If RSA signing failed.
      • create

        public static com.nimbusds.jwt.SignedJWT create​(JWTAssertionDetails details,
                                                        com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                                                        ECPrivateKey ecPrivateKey,
                                                        String keyID,
                                                        Provider jcaProvider)
                                                 throws com.nimbusds.jose.JOSEException
        Creates a new EC-signed JWT bearer assertion.
        details - The JWT bearer assertion details. Must not be null.
        jwsAlgorithm - The expected EC signature algorithm (ES256, ES384 or ES512) for the JWT assertion. Must be supported and not null.
        ecPrivateKey - The EC private key. Must not be null.
        keyID - Optional identifier for the EC key, to aid key selection on the recipient side. Recommended. null if not specified.
        jcaProvider - Optional specific JCA provider, null to use the default one.
        The JWT bearer assertion.
        com.nimbusds.jose.JOSEException - If RSA signing failed.