Source code

001package com.nimbusds.openid.connect.provider.spi.crypto;
002
003
004import com.nimbusds.jwt.JWTClaimsSet;
005import com.nimbusds.jwt.SignedJWT;
006import net.jcip.annotations.ThreadSafe;
007
008
009/**
010 * Interface exposed by the Connect2id server for signing JSON Web Tokens (JWT)
011 * created by SPI implementations, for example Security Event Tokens (SET).
012 */
013@ThreadSafe
014public interface JWTSigner {
015        
016        
017        /**
018         * Signs the specified JWT claims. The issuer (iss) claim will be set
019         * to the OpenID Provider / Authorisation Server issuer URL. The JWT
020         * will be signed with the private key (RSA or EC) used for signing
021         * self-contained access tokens. Recipients can validate the JWT
022         * signature using the published JWK set.
023         *
024         * @param jwtClaimsSet The JWT claims. Must not be {@code null}.
025         *
026         * @return The signed JWT.
027         */
028        SignedJWT sign(final JWTClaimsSet jwtClaimsSet);
029}