Class JWTAssertionDetailsVerifier

  • All Implemented Interfaces:
    com.nimbusds.jwt.proc.ClockSkewAware, com.nimbusds.jwt.proc.JWTClaimsSetVerifier

    @Immutable
    public class JWTAssertionDetailsVerifier
    extends com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
    JSON Web Token (JWT) bearer assertion details (claims set) verifier for OAuth 2.0 client authentication and authorisation grants. Intended for initial validation of JWT assertions:
    • Audience check
    • Expiration time check
    • Not-before time check (is set)
    • Subject and issuer presence check

    Related specifications:

    • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).
    • Field Summary

      • Fields inherited from class com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier

        DEFAULT_MAX_CLOCK_SKEW_SECONDS
    • Constructor Detail

      • JWTAssertionDetailsVerifier

        public JWTAssertionDetailsVerifier​(Set<Audience> expectedAudience)
        Creates a new JWT bearer assertion details (claims set) verifier.
        Parameters:
        expectedAudience - The expected audience (aud) claim values. Must not be empty or null. Should typically contain the token endpoint URI and for OpenID provider it may also include the issuer URI.
    • Method Detail

      • getExpectedAudience

        public Set<AudiencegetExpectedAudience()
        Returns the expected audience values.
        Returns:
        The expected audience (aud) claim values.
      • verify

        public void verify​(com.nimbusds.jwt.JWTClaimsSet claimsSet,
                           com.nimbusds.jose.proc.SecurityContext securityContext)
                    throws com.nimbusds.jwt.proc.BadJWTException
        Specified by:
        verify in interface com.nimbusds.jwt.proc.JWTClaimsSetVerifier
        Overrides:
        verify in class com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier
        Throws:
        com.nimbusds.jwt.proc.BadJWTException