Package com.nimbusds.jwt.proc
Interface JWTClaimsSetAwareJWSKeySelector<C extends SecurityContext>
-
public interface JWTClaimsSetAwareJWSKeySelector<C extends SecurityContext>
Interface for selecting key candidates for processing a signed JWT which provides access to the JWT claims set in addition to the JWS header.The interface supports keys selection based on:
- Recognised header parameter(s) referencing the key (e.g.
kid
,x5t
). - JWT claim(s) (e.g. issuer (
iss
) to locate a JWK set). - Additional
SecurityContext
, if required and set by the application (e.g. endpoint where the JWT was received).
See the simpler
JWSKeySelector
if the application doesn't use JWT claim(s) to select the key candidates.Possible key types:
SecretKey
for HMAC keys.RSAPublicKey
public RSA keys.ECPublicKey
public EC keys.
- Version:
- 2019-06-16
- Author:
- Vladimir Dzhuvinov
- Recognised header parameter(s) referencing the key (e.g.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description List<? extends Key>
selectKeys(JWSHeader header, JWTClaimsSet claimsSet, C context)
Selects key candidates for verifying a signed JWT.
-
-
-
Method Detail
-
selectKeys
List<? extends Key> selectKeys(JWSHeader header, JWTClaimsSet claimsSet, C context) throws KeySourceException
Selects key candidates for verifying a signed JWT.- Parameters:
header
- The JWS header. Must not benull
.claimsSet
- The JWT claims set (not verified). Must not benull
.context
- Optional context of the JOSE object,null
if not required.- Returns:
- The key candidates in trial order, empty list if none.
- Throws:
KeySourceException
- If a key sourcing exception is encountered, e.g. on remote JWK retrieval.
-
-