Package com.nimbusds.oauth2.sdk.auth
Class JWTAuthentication
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.auth.ClientAuthentication
-
- com.nimbusds.oauth2.sdk.auth.JWTAuthentication
-
- Direct Known Subclasses:
ClientSecretJWT
,PrivateKeyJWT
public abstract class JWTAuthentication extends ClientAuthentication
Base abstract class for JSON Web Token (JWT) based client authentication at the Token endpoint.Related specifications:
- OAuth 2.0 (RFC 6749), section 3.2.1.
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).
- OpenID Connect Core 1.0, section 9.
-
-
Field Summary
Fields Modifier and Type Field Description static String
CLIENT_ASSERTION_TYPE
The expected client assertion type, corresponding to theclient_assertion_type
parameter.
-
Constructor Summary
Constructors Modifier Constructor Description protected
JWTAuthentication(ClientAuthenticationMethod method, com.nimbusds.jwt.SignedJWT clientAssertion)
Creates a new JSON Web Token (JWT) based client authentication.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
applyTo(HTTPRequest httpRequest)
Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).protected static void
ensureClientAssertionType(Map<String,List<String>> params)
Ensures the specified parameters map contains an entry with key "client_assertion_type" pointing to a string that equals the expectedCLIENT_ASSERTION_TYPE
.com.nimbusds.jwt.SignedJWT
getClientAssertion()
Gets the client assertion, corresponding to theclient_assertion
parameter.Set<String>
getFormParameterNames()
Returns the name of the form parameters, if such are used by the authentication method.JWTAuthenticationClaimsSet
getJWTAuthenticationClaimsSet()
Gets the client authentication claims set contained in the client assertion JSON Web Token (JWT).static JWTAuthentication
parse(HTTPRequest httpRequest)
Parses the specified HTTP request for a JSON Web Token (JWT) based client authentication.protected static com.nimbusds.jwt.SignedJWT
parseClientAssertion(Map<String,List<String>> params)
Parses the specified parameters map for a client assertion.protected static ClientID
parseClientID(Map<String,List<String>> params)
Parses the specified parameters map for an optional client identifier.Map<String,List<String>>
toParameters()
Returns the parameter representation of this JSON Web Token (JWT) based client authentication.-
Methods inherited from class com.nimbusds.oauth2.sdk.auth.ClientAuthentication
getClientID, getMethod
-
-
-
-
Field Detail
-
CLIENT_ASSERTION_TYPE
public static final String CLIENT_ASSERTION_TYPE
The expected client assertion type, corresponding to theclient_assertion_type
parameter. This is a URN string set to "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".- See Also:
- Constant Field Values
-
-
Constructor Detail
-
JWTAuthentication
protected JWTAuthentication(ClientAuthenticationMethod method, com.nimbusds.jwt.SignedJWT clientAssertion)
Creates a new JSON Web Token (JWT) based client authentication.- Parameters:
method
- The client authentication method. Must not benull
.clientAssertion
- The client assertion, corresponding to theclient_assertion
parameter, in the form of a signed JSON Web Token (JWT). Must be signed and notnull
.- Throws:
IllegalArgumentException
- If the client assertion is not signed or doesn't conform to the expected format.
-
-
Method Detail
-
getClientAssertion
public com.nimbusds.jwt.SignedJWT getClientAssertion()
Gets the client assertion, corresponding to theclient_assertion
parameter.- Returns:
- The client assertion, in the form of a signed JSON Web Token (JWT).
-
getJWTAuthenticationClaimsSet
public JWTAuthenticationClaimsSet getJWTAuthenticationClaimsSet()
Gets the client authentication claims set contained in the client assertion JSON Web Token (JWT).- Returns:
- The client authentication claims.
-
getFormParameterNames
public Set<String> getFormParameterNames()
Description copied from class:ClientAuthentication
Returns the name of the form parameters, if such are used by the authentication method.- Specified by:
getFormParameterNames
in classClientAuthentication
- Returns:
- The form parameter names, empty set if none.
-
toParameters
public Map<String,List<String>> toParameters()
Returns the parameter representation of this JSON Web Token (JWT) based client authentication. Note that the parameters are notapplication/x-www-form-urlencoded
encoded.Parameters map:
"client_assertion" = [serialised-JWT] "client_assertion_type" = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
- Returns:
- The parameters map, with keys "client_assertion" and "client_assertion_type".
-
applyTo
public void applyTo(HTTPRequest httpRequest)
Description copied from class:ClientAuthentication
Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).- Specified by:
applyTo
in classClientAuthentication
- Parameters:
httpRequest
- The HTTP request. Must not benull
.
-
ensureClientAssertionType
protected static void ensureClientAssertionType(Map<String,List<String>> params) throws ParseException
Ensures the specified parameters map contains an entry with key "client_assertion_type" pointing to a string that equals the expectedCLIENT_ASSERTION_TYPE
. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.- Parameters:
params
- The parameters map to check. The parameters must not benull
andapplication/x-www-form-urlencoded
encoded.- Throws:
ParseException
- If expected "client_assertion_type" entry wasn't found.
-
parseClientAssertion
protected static com.nimbusds.jwt.SignedJWT parseClientAssertion(Map<String,List<String>> params) throws ParseException
Parses the specified parameters map for a client assertion. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.- Parameters:
params
- The parameters map to parse. It must contain an entry with key "client_assertion" pointing to a string that represents a signed serialised JSON Web Token (JWT). The parameters must not benull
andapplication/x-www-form-urlencoded
encoded.- Returns:
- The client assertion as a signed JSON Web Token (JWT).
- Throws:
ParseException
- If a "client_assertion" entry couldn't be retrieved from the parameters map.
-
parseClientID
protected static ClientID parseClientID(Map<String,List<String>> params)
Parses the specified parameters map for an optional client identifier. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.- Parameters:
params
- The parameters map to parse. It may contain an entry with key "client_id" pointing to a string that represents the client identifier. The parameters must not benull
andapplication/x-www-form-urlencoded
encoded.- Returns:
- The client identifier,
null
if not specified.
-
parse
public static JWTAuthentication parse(HTTPRequest httpRequest) throws ParseException
Parses the specified HTTP request for a JSON Web Token (JWT) based client authentication.- Parameters:
httpRequest
- The HTTP request to parse. Must not benull
.- Returns:
- The JSON Web Token (JWT) based client authentication.
- Throws:
ParseException
- If a JSON Web Token (JWT) based client authentication couldn't be retrieved from the HTTP request.
-
-