Source code

001package com.nimbusds.openid.connect.provider.spi.jwt;
002
003
004import com.nimbusds.jwt.JWTClaimsSet;
005import com.nimbusds.jwt.SignedJWT;
006
007
008/**
009 * Interface exposed by the Connect2id server for issuing signed JSON Web
010 * Tokens (JWT) created by SPI implementations, for example security events
011 * (SET).
012 *
013 * <p>See https://datatracker.ietf.org/doc/draft-ietf-secevent-token
014 */
015public interface JWTIssuer {
016        
017        
018        /**
019         * Creates a signed JWT with the specified claims. The issuer (iss)
020         * claim will be set to the OpenID Provider (OP) / Authorisation Server
021         * (AS) issuer URI of the Connect2id server. The JWT will be signed
022         * with the private RSA or EC key used for signing JWT-encoded access
023         * tokens. The JWT signature can be validated using the published JWT
024         * set.
025         *
026         * @param jwtClaimsSet The JWT claims. Must not be {@code null}.
027         *
028         * @return The signed JWT.
029         */
030        SignedJWT createSignedJWT(final JWTClaimsSet jwtClaimsSet);
031}