001package com.nimbusds.openid.connect.provider.spi.jwt; 002 003 004import com.nimbusds.jwt.JWTClaimsSet; 005import com.nimbusds.jwt.SignedJWT; 006 007 008/** 009 * Interface exposed by the Connect2id server for issuing signed JSON Web 010 * Tokens (JWT) created by SPI implementations, for example security events 011 * (SET). 012 * 013 * <p>See https://datatracker.ietf.org/doc/draft-ietf-secevent-token 014 */ 015public interface JWTIssuer { 016 017 018 /** 019 * Creates a signed JWT with the specified claims. The issuer (iss) 020 * claim will be set to the OpenID Provider (OP) / Authorisation Server 021 * (AS) issuer URI of the Connect2id server. The JWT will be signed 022 * with the private RSA or EC key used for signing JWT-encoded access 023 * tokens. The JWT signature can be validated using the published JWT 024 * set. 025 * 026 * @param jwtClaimsSet The JWT claims. Must not be {@code null}. 027 * 028 * @return The signed JWT. 029 */ 030 SignedJWT createSignedJWT(final JWTClaimsSet jwtClaimsSet); 031}