Package com.nimbusds.oauth2.sdk.assertions.jwt

Class JWTAssertionDetailsVerifier

java.lang.Object
com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionDetailsVerifier
All Implemented Interfaces:
com.nimbusds.jwt.proc.ClockSkewAware, com.nimbusds.jwt.proc.JWTClaimsSetVerifier
@Immutable public class JWTAssertionDetailsVerifier extends com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
JSON Web Token (JWT) bearer assertion details (claims set) verifier for OAuth 2.0 client authentication and authorisation grants. Intended for initial validation of JWT assertions:
  • Audience check
  • Expiration time check
  • Not-before time check (is set)
  • Subject and issuer presence check

Related specifications:

  • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).

  • Field Summary

    Fields inherited from class com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier

    DEFAULT_MAX_CLOCK_SKEW_SECONDS

  • Constructor Summary

    Constructors
    Constructor
    Description
    JWTAssertionDetailsVerifier(Set<Audience> expectedAudience)
    Creates a new JWT bearer assertion details (claims set) verifier.

  • Method Summary

    Modifier and Type
    Method
    Description
    Set<Audience>
    getExpectedAudience()
    Returns the expected audience values.
    void
    verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext securityContext)
     

    Methods inherited from class com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier

    currentTime, getAcceptedAudienceValues, getExactMatchClaims, getMaxClockSkew, getProhibitedClaims, getRequiredClaims, setMaxClockSkew

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • JWTAssertionDetailsVerifier

      public JWTAssertionDetailsVerifier(Set<Audience> expectedAudience)
      Creates a new JWT bearer assertion details (claims set) verifier.
      Parameters:
      expectedAudience - The expected audience (aud) claim values. Must not be empty or null. Should typically contain the token endpoint URI and for OpenID provider it may also include the issuer URI.

  • Method Details

    • getExpectedAudience

      public Set<Audience> getExpectedAudience()
      Returns the expected audience values.
      Returns:
      The expected audience (aud) claim values.

    • verify

      public void verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext securityContext) throws com.nimbusds.jwt.proc.BadJWTException
      Specified by:
      verify in interface com.nimbusds.jwt.proc.JWTClaimsSetVerifier
      Overrides:
      verify in class com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
      Throws:
      com.nimbusds.jwt.proc.BadJWTException