Class JWTAssertionFactory
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionFactory
-
public class JWTAssertionFactory extends Object
Static JWT bearer assertion factory.Related specifications:
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521).
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).
-
-
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static com.nimbusds.jwt.SignedJWT
create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, Secret secret)
Creates a new HMAC-protected JWT bearer assertion.static com.nimbusds.jwt.SignedJWT
create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, ECPrivateKey ecPrivateKey, String keyID, Provider jcaProvider)
Deprecated.static com.nimbusds.jwt.SignedJWT
create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, RSAPrivateKey rsaPrivateKey, String keyID, Provider jcaProvider)
Deprecated.static com.nimbusds.jwt.SignedJWT
create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, PrivateKey privateKey, String keyID, List<com.nimbusds.jose.util.Base64> x5c, com.nimbusds.jose.util.Base64URL x5t256, Provider jcaProvider)
Creates a new signed JWT bearer assertion.static Set<com.nimbusds.jose.JWSAlgorithm>
supportedJWAs()
Returns the supported signature JSON Web Algorithms (JWAs).
-
-
-
Method Detail
-
supportedJWAs
public static Set<com.nimbusds.jose.JWSAlgorithm> supportedJWAs()
Returns the supported signature JSON Web Algorithms (JWAs).- Returns:
- The supported JSON Web Algorithms (JWAs).
-
create
public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, Secret secret) throws com.nimbusds.jose.JOSEException
Creates a new HMAC-protected JWT bearer assertion.- Parameters:
details
- The JWT bearer assertion details. Must not benull
.jwsAlgorithm
- The expected HMAC algorithm (HS256, HS384 or HS512) for the JWT assertion. Must be supported and notnull
.secret
- The secret. Must be at least 256-bits long.- Returns:
- The JWT bearer assertion.
- Throws:
com.nimbusds.jose.JOSEException
- If the client secret is too short, or HMAC computation failed.
-
create
public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, PrivateKey privateKey, String keyID, List<com.nimbusds.jose.util.Base64> x5c, com.nimbusds.jose.util.Base64URL x5t256, Provider jcaProvider) throws com.nimbusds.jose.JOSEException
Creates a new signed JWT bearer assertion.- Parameters:
details
- The JWT bearer assertion details. Must not benull
.jwsAlgorithm
- The expected RSA (RS256, RS384, RS512, PS256, PS384 or PS512) or EC (ES256, ES384, ES512) signature algorithm for the JWT assertion. Must be supported and notnull
.privateKey
- The signing private RSA or EC key. Must not benull
.keyID
- Optional identifier for the key, to aid key selection on the recipient side. Recommended.null
if not specified.x5c
- Optional X.509 certificate chain for the public key,null
if not specified.x5t256
- Optional X.509 certificate SHA-256 thumbprint,null
if not specified.jcaProvider
- Optional specific JCA provider,null
to use the default one.- Returns:
- The JWT bearer assertion.
- Throws:
com.nimbusds.jose.JOSEException
- If signing failed.
-
create
@Deprecated public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, RSAPrivateKey rsaPrivateKey, String keyID, Provider jcaProvider) throws com.nimbusds.jose.JOSEException
Deprecated.Creates a new RSA-signed JWT bearer assertion.- Parameters:
details
- The JWT bearer assertion details. Must not benull
.jwsAlgorithm
- The expected RSA signature algorithm (RS256, RS384, RS512, PS256, PS384 or PS512) for the JWT assertion. Must be supported and notnull
.rsaPrivateKey
- The RSA private key. Must not benull
.keyID
- Optional identifier for the RSA key, to aid key selection on the recipient side. Recommended.null
if not specified.jcaProvider
- Optional specific JCA provider,null
to use the default one.- Returns:
- The JWT bearer assertion.
- Throws:
com.nimbusds.jose.JOSEException
- If RSA signing failed.
-
create
@Deprecated public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, ECPrivateKey ecPrivateKey, String keyID, Provider jcaProvider) throws com.nimbusds.jose.JOSEException
Deprecated.Creates a new EC-signed JWT bearer assertion.- Parameters:
details
- The JWT bearer assertion details. Must not benull
.jwsAlgorithm
- The expected EC signature algorithm (ES256, ES384 or ES512) for the JWT assertion. Must be supported and notnull
.ecPrivateKey
- The EC private key. Must not benull
.keyID
- Optional identifier for the EC key, to aid key selection on the recipient side. Recommended.null
if not specified.jcaProvider
- Optional specific JCA provider,null
to use the default one.- Returns:
- The JWT bearer assertion.
- Throws:
com.nimbusds.jose.JOSEException
- If RSA signing failed.
-
-