Package com.nimbusds.oauth2.sdk
Class JWTBearerGrant
java.lang.Object
com.nimbusds.oauth2.sdk.AuthorizationGrant
com.nimbusds.oauth2.sdk.AssertionGrant
com.nimbusds.oauth2.sdk.JWTBearerGrant
JWT bearer grant. Used in access token requests with a JSON Web Token (JWT),
such an OpenID Connect ID token.
The JWT assertion can be:
- Signed or MAC protected with JWS
- Encrypted with JWE
- Nested - signed / MAC protected with JWS and then encrypted with JWE
Related specifications:
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521), section 4.1.
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523), section-2.1.
-
Field Summary
FieldsFields inherited from class com.nimbusds.oauth2.sdk.AssertionGrant
MISSING_ASSERTION_PARAM_EXCEPTION
-
Constructor Summary
ConstructorsConstructorDescriptionJWTBearerGrant
(com.nimbusds.jose.JWEObject assertion) Creates a new nested signed and encrypted JSON Web Token (JWT) bearer assertion grant.JWTBearerGrant
(com.nimbusds.jwt.EncryptedJWT assertion) Creates a new signed and encrypted JSON Web Token (JWT) bearer assertion grant.JWTBearerGrant
(com.nimbusds.jwt.SignedJWT assertion) Creates a new signed JSON Web Token (JWT) bearer assertion grant. -
Method Summary
Modifier and TypeMethodDescriptionGets the assertion.com.nimbusds.jose.JOSEObject
Gets the JSON Web Token (JWT) bearer assertion.com.nimbusds.jwt.JWT
Gets the JSON Web Token (JWT) bearer assertion.static JWTBearerGrant
Parses a JWT bearer grant from the specified request body parameters.Returns the request body parameters for the authorisation grant.Methods inherited from class com.nimbusds.oauth2.sdk.AuthorizationGrant
getType
-
Field Details
-
GRANT_TYPE
The grant type.
-
-
Constructor Details
-
JWTBearerGrant
Creates a new signed JSON Web Token (JWT) bearer assertion grant.- Parameters:
assertion
- The signed JSON Web Token (JWT) assertion. Must not be in a unsigned state ornull
. The JWT claims are not validated for compliance with the standard.
-
JWTBearerGrant
Creates a new nested signed and encrypted JSON Web Token (JWT) bearer assertion grant.- Parameters:
assertion
- The nested signed and encrypted JSON Web Token (JWT) assertion. Must not be in a unencrypted state ornull
. The JWT claims are not validated for compliance with the standard.
-
JWTBearerGrant
Creates a new signed and encrypted JSON Web Token (JWT) bearer assertion grant.- Parameters:
assertion
- The signed and encrypted JSON Web Token (JWT) assertion. Must not be in a unencrypted state ornull
. The JWT claims are not validated for compliance with the standard.
-
-
Method Details
-
getJWTAssertion
Gets the JSON Web Token (JWT) bearer assertion.- Returns:
- The assertion as a signed or encrypted JWT,
null
if the assertion is a signed and encrypted JWT.
-
getJOSEAssertion
Gets the JSON Web Token (JWT) bearer assertion.- Returns:
- The assertion as a generic JOSE object (signed JWT, encrypted JWT, or signed and encrypted JWT).
-
getAssertion
Description copied from class:AssertionGrant
Gets the assertion.- Specified by:
getAssertion
in classAssertionGrant
- Returns:
- The assertion as a string.
-
toParameters
Description copied from class:AuthorizationGrant
Returns the request body parameters for the authorisation grant.- Specified by:
toParameters
in classAuthorizationGrant
- Returns:
- The parameters.
-
parse
Parses a JWT bearer grant from the specified request body parameters. The JWT claims are not validated for compliance with the standard.Example:
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer &assertion=eyJhbGciOiJFUzI1NiJ9.eyJpc3Mi[...omitted for brevity...]. J9l-ZhwP[...omitted for brevity...]
- Parameters:
params
- The parameters.- Returns:
- The JWT bearer grant.
- Throws:
ParseException
- If parsing failed.
-