Package com.nimbusds.openid.connect.provider.spi.tokens

Interface SelfContainedAccessTokenClaimsCodec

All Superinterfaces:

Lifecycle

All Known Implementing Classes:

BaseSelfContainedAccessTokenClaimsCodec

@ThreadSafe
public interface SelfContainedAccessTokenClaimsCodec
extends Lifecycle

Service Provider Interface (SPI) for encoding and decoding authorisations for self-contained access tokens into JWT claims sets. Implementations must be thread-safe.

Sample JWT claims set for a self-contained access token:

 {
  "sub" : "alice",
  "cid" : "65564eb0058d",
  "scp" : [ "openid", "email", "app:write" ],
  "iss" : "https://c2id.com",
  "iat" : 1360050000,
  "exp" : 1360050795,
  "aud" : [ "https://resource-1.example.com", "https://resource-2.example.com" ]
 }
 

Implementations should extend BaseSelfContainedAccessTokenClaimsCodec which encodes all token parameters for which there is an appropriate standard JWT claim, such as for the subject, issuer and expiration time. The implementation only needs to specify encodings for the remaining parameters, such as scope and client ID.

Method Summary

Modifier and Type	Method	Description
default AccessTokenAuthorization	advancedDecode(JWTDetails jwtDetails, TokenCodecContext context)	Decodes the specified JWT details into an access token authorisation.
default JWTDetails	advancedEncode(AccessTokenAuthorization tokenAuthz, TokenEncoderContext context)	Encodes the specified access token authorisation into a JWT.
AccessTokenAuthorization	decode(com.nimbusds.jwt.JWTClaimsSet claimsSet, TokenCodecContext context)	Decodes the specified JWT claims set into an access token authorisation.
com.nimbusds.jwt.JWTClaimsSet	encode(AccessTokenAuthorization tokenAuthz, TokenEncoderContext context)	Encodes the specified access token authorisation into a JWT claims set.

Methods inherited from interface com.nimbusds.openid.connect.provider.spi.Lifecycle

init, isEnabled, shutdown

Method Detail

encode

com.nimbusds.jwt.JWTClaimsSet encode(AccessTokenAuthorization tokenAuthz,
                                     TokenEncoderContext context)

Encodes the specified access token authorisation into a JWT claims set.

Parameters:

tokenAuthz - The access token authorisation. Not null.

context - The token encoder context. Not null.

Returns:

The JWT claims set.

advancedEncode

default JWTDetails advancedEncode(AccessTokenAuthorization tokenAuthz,
                                  TokenEncoderContext context)

Encodes the specified access token authorisation into a JWT.

Parameters:

tokenAuthz - The access token authorisation. Not null.

context - The token encoder context. Not null.

Returns:

The JWT claims set and other details.

decode

AccessTokenAuthorization decode(com.nimbusds.jwt.JWTClaimsSet claimsSet,
                                TokenCodecContext context)
                         throws TokenDecodeException

Decodes the specified JWT claims set into an access token authorisation.

Parameters:

claimsSet - The JWT claims set. Not null.

context - The token codec context. Not null.

Returns:

The access token authorisation.

Throws:

TokenDecodeException - If decoding failed.

advancedDecode

default AccessTokenAuthorization advancedDecode(JWTDetails jwtDetails,
                                                TokenCodecContext context)
                                         throws TokenDecodeException

Decodes the specified JWT details into an access token authorisation.

Parameters:

jwtDetails - The JWT claims set and other details. Not null.

context - The token codec context. Not null.

Returns:

The access token authorisation.

Throws:

TokenDecodeException - If decoding failed.