Class DPoPProtectedResourceRequestVerifier
java.lang.Object
com.nimbusds.oauth2.sdk.dpop.verifiers.DPoPProtectedResourceRequestVerifier
DPoP proof JWT verifier for a protected resource.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Set<com.nimbusds.jose.JWSAlgorithm>
The supported JWS algorithms for the DPoP proof JWTs. -
Constructor Summary
ConstructorsConstructorDescriptionDPoPProtectedResourceRequestVerifier
(Set<com.nimbusds.jose.JWSAlgorithm> acceptedJWSAlgs, long maxClockSkewSeconds, SingleUseChecker<Map.Entry<DPoPIssuer, JWTID>> singleUseChecker) Creates a new DPoP proof JWT verifier for a protected resource. -
Method Summary
Modifier and TypeMethodDescriptionvoid
verify
(String method, URI uri, DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof, DPoPAccessToken accessToken, JWKThumbprintConfirmation cnf) Deprecated.void
verify
(String method, URI uri, DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof, DPoPAccessToken accessToken, JWKThumbprintConfirmation cnf, Nonce nonce) Verifies the specified DPoP proof and its access token and JWK SHA-256 thumbprint bindings.
-
Field Details
-
SUPPORTED_JWS_ALGORITHMS
The supported JWS algorithms for the DPoP proof JWTs.
-
-
Constructor Details
-
DPoPProtectedResourceRequestVerifier
public DPoPProtectedResourceRequestVerifier(Set<com.nimbusds.jose.JWSAlgorithm> acceptedJWSAlgs, long maxClockSkewSeconds, SingleUseChecker<Map.Entry<DPoPIssuer, JWTID>> singleUseChecker) Creates a new DPoP proof JWT verifier for a protected resource.- Parameters:
acceptedJWSAlgs
- The accepted JWS algorithms. Must be supported and notnull
.maxClockSkewSeconds
- The max acceptable clock skew for the "iat" (issued-at) claim checks, in seconds. Should be in the order of a few seconds.singleUseChecker
- The single use checker for the DPoP proof "jti" (JWT ID) claims,null
if not specified.
-
-
Method Details
-
verify
@Deprecated public void verify(String method, URI uri, DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof, DPoPAccessToken accessToken, JWKThumbprintConfirmation cnf) throws InvalidDPoPProofException, AccessTokenValidationException, com.nimbusds.jose.JOSEException Deprecated.Verifies the specified DPoP proof and its access token and JWK SHA-256 thumbprint bindings.- Parameters:
method
- The HTTP request method (case-insensitive). Must not benull
.uri
- The HTTP URI. Any query or fragment component will be stripped from it before DPoP validation. Must not benull
.issuer
- Unique identifier for the DPoP proof issuer, such as its client ID. Must not benull
.proof
- The DPoP proof JWT,null
if not received.accessToken
- The received and successfully validated DPoP access token. Must not benull
.cnf
- The JWK SHA-256 thumbprint confirmation for the DPoP access token. Must not benull
.- Throws:
InvalidDPoPProofException
- If the DPoP proof is invalid or missing.AccessTokenValidationException
- If the DPoP access token binding validation failed.com.nimbusds.jose.JOSEException
- If an internal JOSE exception is encountered.
-
verify
public void verify(String method, URI uri, DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof, DPoPAccessToken accessToken, JWKThumbprintConfirmation cnf, Nonce nonce) throws InvalidDPoPProofException, AccessTokenValidationException, com.nimbusds.jose.JOSEException Verifies the specified DPoP proof and its access token and JWK SHA-256 thumbprint bindings.- Parameters:
method
- The HTTP request method (case-insensitive). Must not benull
.uri
- The HTTP URI. Any query or fragment component will be stripped from it before DPoP validation. Must not benull
.issuer
- Unique identifier for the DPoP proof issuer, such as its client ID. Must not benull
.proof
- The DPoP proof JWT,null
if not received.accessToken
- The received and successfully validated DPoP access token. Must not benull
.cnf
- The JWK SHA-256 thumbprint confirmation for the DPoP access token. Must not benull
.nonce
- The expected DPoP proof JWT nonce,null
if none.- Throws:
InvalidDPoPProofException
- If the DPoP proof is invalid or missing.AccessTokenValidationException
- If the DPoP access token binding validation failed.com.nimbusds.jose.JOSEException
- If an internal JOSE exception is encountered.
-