001package com.nimbusds.openid.connect.provider.spi.crypto; 002 003 004import com.nimbusds.jwt.JWTClaimsSet; 005import com.nimbusds.jwt.SignedJWT; 006import net.jcip.annotations.ThreadSafe; 007 008 009/** 010 * Interface exposed by the Connect2id server for signing JSON Web Tokens (JWT) 011 * created by SPI implementations, for example Security Event Tokens (SET). 012 */ 013@ThreadSafe 014public interface JWTSigner { 015 016 017 /** 018 * Signs the specified JWT claims. The issuer (iss) claim will be set 019 * to the OpenID Provider / Authorisation Server issuer URL. The JWT 020 * will be signed with the private key (RSA or EC) used for signing 021 * self-contained access tokens. Recipients can validate the JWT 022 * signature using the published JWK set. 023 * 024 * @param jwtClaimsSet The JWT claims. Must not be {@code null}. 025 * 026 * @return The signed JWT. 027 */ 028 SignedJWT sign(final JWTClaimsSet jwtClaimsSet); 029}