Package com.nimbusds.oauth2.sdk.auth

Class JWTAuthentication

java.lang.Object
com.nimbusds.oauth2.sdk.auth.ClientAuthentication
com.nimbusds.oauth2.sdk.auth.JWTAuthentication
Direct Known Subclasses:
ClientSecretJWT, PrivateKeyJWT
public abstract class JWTAuthentication extends ClientAuthentication
Base abstract class for JSON Web Token (JWT) based client authentication at the Token endpoint.

Related specifications:

  • OAuth 2.0 (RFC 6749), section 3.2.1.
  • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).
  • OpenID Connect Core 1.0, section 9.

  • Field Details

    • CLIENT_ASSERTION_TYPE

      public static final String CLIENT_ASSERTION_TYPE
      The expected client assertion type, corresponding to the client_assertion_type parameter. This is a URN string set to "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".
      See Also:

  • Constructor Details

    • JWTAuthentication

      protected JWTAuthentication(ClientAuthenticationMethod method, com.nimbusds.jwt.SignedJWT clientAssertion)
      Creates a new JSON Web Token (JWT) based client authentication.
      Parameters:
      method - The client authentication method. Must not be null.
      clientAssertion - The client assertion, corresponding to the client_assertion parameter, in the form of a signed JSON Web Token (JWT). Must be signed and not null.
      Throws:
      IllegalArgumentException - If the client assertion is not signed or doesn't conform to the expected format.

  • Method Details

    • getClientAssertion

      public com.nimbusds.jwt.SignedJWT getClientAssertion()
      Gets the client assertion, corresponding to the client_assertion parameter.
      Returns:
      The client assertion, in the form of a signed JSON Web Token (JWT).

    • getJWTAuthenticationClaimsSet

      public JWTAuthenticationClaimsSet getJWTAuthenticationClaimsSet()
      Gets the client authentication claims set contained in the client assertion JSON Web Token (JWT).
      Returns:
      The client authentication claims.

    • getFormParameterNames

      public Set<String> getFormParameterNames()
      Description copied from class: ClientAuthentication
      Returns the name of the form parameters, if such are used by the authentication method.
      Specified by:
      getFormParameterNames in class ClientAuthentication
      Returns:
      The form parameter names, empty set if none.

    • toParameters

      public Map<String,List<String>> toParameters()
      Returns the parameter representation of this JSON Web Token (JWT) based client authentication. Note that the parameters are not application/x-www-form-urlencoded encoded.

      Parameters map: 

       "client_assertion" = [serialised-JWT]
 "client_assertion_type" = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
      Returns:
      The parameters map, with keys "client_assertion" and "client_assertion_type".

    • applyTo

      public void applyTo(HTTPRequest httpRequest)
      Description copied from class: ClientAuthentication
      Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).
      Specified by:
      applyTo in class ClientAuthentication
      Parameters:
      httpRequest - The HTTP request. Must not be null.

    • ensureClientAssertionType

      protected static void ensureClientAssertionType(Map<String,List<String>> params) throws ParseException
      Ensures the specified parameters map contains an entry with key "client_assertion_type" pointing to a string that equals the expected CLIENT_ASSERTION_TYPE. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.
      Parameters:
      params - The parameters map to check. The parameters must not be null and application/x-www-form-urlencoded encoded.
      Throws:
      ParseException - If expected "client_assertion_type" entry wasn't found.

    • parseClientAssertion

      protected static com.nimbusds.jwt.SignedJWT parseClientAssertion(Map<String,List<String>> params) throws ParseException
      Parses the specified parameters map for a client assertion. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.
      Parameters:
      params - The parameters map to parse. It must contain an entry with key "client_assertion" pointing to a string that represents a signed serialised JSON Web Token (JWT). The parameters must not be null and application/x-www-form-urlencoded encoded.
      Returns:
      The client assertion as a signed JSON Web Token (JWT).
      Throws:
      ParseException - If a "client_assertion" entry couldn't be retrieved from the parameters map.

    • parseClientID

      protected static ClientID parseClientID(Map<String,List<String>> params)
      Parses the specified parameters map for an optional client identifier. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.
      Parameters:
      params - The parameters map to parse. It may contain an entry with key "client_id" pointing to a string that represents the client identifier. The parameters must not be null and application/x-www-form-urlencoded encoded.
      Returns:
      The client identifier, null if not specified.

    • parse

      public static JWTAuthentication parse(HTTPRequest httpRequest) throws ParseException
      Parses the specified HTTP request for a JSON Web Token (JWT) based client authentication.
      Parameters:
      httpRequest - The HTTP request to parse. Must not be null.
      Returns:
      The JSON Web Token (JWT) based client authentication.
      Throws:
      ParseException - If a JSON Web Token (JWT) based client authentication couldn't be retrieved from the HTTP request.