public interface JWTClaimsSetAwareJWSKeySelector<C extends SecurityContext>
The interface supports keys selection based on:
kid
, x5t
).
iss
) to locate a JWK set).
SecurityContext
, if required and set by the
application (e.g. endpoint where the JWT was received).
See the simpler JWSKeySelector
if the
application doesn't use JWT claim(s) to select the key candidates.
Possible key types:
SecretKey
for HMAC keys.
RSAPublicKey
public RSA keys.
ECPublicKey
public EC keys.
Modifier and Type | Method and Description |
---|---|
List<? extends Key> |
selectKeys(JWSHeader header,
JWTClaimsSet claimsSet,
C context)
Selects key candidates for verifying a signed JWT.
|
List<? extends Key> selectKeys(JWSHeader header, JWTClaimsSet claimsSet, C context) throws KeySourceException
header
- The JWS header. Must not be null
.claimsSet
- The JWT claims set (not verified). Must not be
null
.context
- Optional context of the JOSE object, null
if not required.KeySourceException
- If a key sourcing exception is
encountered, e.g. on remote JWK
retrieval.Copyright © 2020 Connect2id Ltd.. All rights reserved.