Package org.springframework.security.oauth2.jwt

Class NimbusReactiveJwtDecoder

java.lang.Object

org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

All Implemented Interfaces:

ReactiveJwtDecoder

public final class NimbusReactiveJwtDecoder
extends Object
implements ReactiveJwtDecoder

An implementation of a ReactiveJwtDecoder that "decodes" a JSON Web Token (JWT) and additionally verifies its digital signature if the JWT is a JSON Web Signature (JWS).

NOTE: This implementation uses the Nimbus JOSE + JWT SDK internally.

Since:

5.1

See Also:

• ReactiveJwtDecoder
• JSON Web Token (JWT)
• JSON Web Signature (JWS)
• JSON Web Key (JWK)
• Nimbus JOSE + JWT SDK

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder	A builder for creating NimbusReactiveJwtDecoder instances based on a JWK Set uri.
static final class	NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder	A builder for creating NimbusReactiveJwtDecoder instances.
static final class	NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder	A builder for creating NimbusReactiveJwtDecoder instances based on a public key.
static final class	NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder	A builder for creating NimbusReactiveJwtDecoder instances based on a SecretKey.

Constructor Summary

Constructors

Constructor	Description
NimbusReactiveJwtDecoder(String jwkSetUrl)	Constructs a NimbusReactiveJwtDecoder using the provided parameters.
NimbusReactiveJwtDecoder(RSAPublicKey publicKey)	Constructs a NimbusReactiveJwtDecoder using the provided parameters.
NimbusReactiveJwtDecoder(org.springframework.core.convert.converter.Converter<com.nimbusds.jwt.JWT,reactor.core.publisher.Mono<com.nimbusds.jwt.JWTClaimsSet>> jwtProcessor)	Constructs a NimbusReactiveJwtDecoder using the provided parameters.

Method Summary

Modifier and Type	Method	Description
reactor.core.publisher.Mono<Jwt>	decode(String token)	Decodes the JWT from its compact claims representation format and returns a Jwt.
void	setClaimSetConverter(org.springframework.core.convert.converter.Converter<Map<String,Object>,Map<String,Object>> claimSetConverter)	Use the following Converter for manipulating the JWT's claim set
void	setJwtValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt> jwtValidator)	Use the provided OAuth2TokenValidator to validate incoming Jwts.
static NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder	withIssuerLocation(String issuer)	Use the given Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to derive the needed JWK Set uri.
static NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder	withJwkSetUri(String jwkSetUri)	Use the given JWK Set uri to validate JWTs.
static NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder	withJwkSource(Function<com.nimbusds.jwt.SignedJWT,reactor.core.publisher.Flux<com.nimbusds.jose.jwk.JWK>> source)	Use the given Function to validate JWTs
static NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder	withPublicKey(RSAPublicKey key)	Use the given public key to validate JWTs
static NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder	withSecretKey(SecretKey secretKey)	Use the given SecretKey to validate the MAC on a JSON Web Signature (JWS).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

NimbusReactiveJwtDecoder

public NimbusReactiveJwtDecoder(String jwkSetUrl)

Constructs a NimbusReactiveJwtDecoder using the provided parameters.

Parameters:

jwkSetUrl - the JSON Web Key (JWK) Set URL

NimbusReactiveJwtDecoder

public NimbusReactiveJwtDecoder(RSAPublicKey publicKey)

Constructs a NimbusReactiveJwtDecoder using the provided parameters.

Parameters:

publicKey - the RSAPublicKey used to verify the signature

Since:

5.2

NimbusReactiveJwtDecoder

public NimbusReactiveJwtDecoder(org.springframework.core.convert.converter.Converter<com.nimbusds.jwt.JWT,reactor.core.publisher.Mono<com.nimbusds.jwt.JWTClaimsSet>> jwtProcessor)

Constructs a NimbusReactiveJwtDecoder using the provided parameters.

Parameters:

jwtProcessor - the Converter used to process and verify the signed Jwt and return the Jwt Claim Set

Since:

5.2

Method Details

setJwtValidator

public void setJwtValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt> jwtValidator)

Use the provided OAuth2TokenValidator to validate incoming Jwts.

Parameters:

jwtValidator - the OAuth2TokenValidator to use

setClaimSetConverter

public void setClaimSetConverter(org.springframework.core.convert.converter.Converter<Map<String,Object>,Map<String,Object>> claimSetConverter)

Use the following Converter for manipulating the JWT's claim set

Parameters:

claimSetConverter - the Converter to use

decode

public reactor.core.publisher.Mono<Jwt> decode(String token)

Description copied from interface: ReactiveJwtDecoder

Decodes the JWT from its compact claims representation format and returns a Jwt.

Specified by:

decode in interface ReactiveJwtDecoder

Parameters:

token - the JWT value

Returns:

a Jwt

withIssuerLocation

public static NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder withIssuerLocation(String issuer)

Use the given Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to derive the needed JWK Set uri.

Parameters:

issuer - the Issuer

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder that will derive the JWK Set uri when NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder.build() is called

Since:

6.1

See Also:

• JwtDecoders

withJwkSetUri

public static NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder withJwkSetUri(String jwkSetUri)

Use the given JWK Set uri to validate JWTs.

Parameters:

jwkSetUri - the JWK Set uri to use

Returns:

a NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder for further configurations

Since:

5.2

withPublicKey

public static NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder withPublicKey(RSAPublicKey key)

Use the given public key to validate JWTs

Parameters:

key - the public key to use

Returns:

a NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder for further configurations

Since:

5.2

withSecretKey

public static NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder withSecretKey(SecretKey secretKey)

Use the given SecretKey to validate the MAC on a JSON Web Signature (JWS).

Parameters:

secretKey - the SecretKey used to validate the MAC

Returns:

a NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder for further configurations

Since:

5.2

withJwkSource

public static NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder withJwkSource(Function<com.nimbusds.jwt.SignedJWT,reactor.core.publisher.Flux<com.nimbusds.jose.jwk.JWK>> source)

Use the given Function to validate JWTs

Parameters:

source - the Function

Returns:

a NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder for further configurations

Since:

5.2