Package com.nimbusds.openid.connect.sdk.validators

Class IDTokenClaimsVerifier

java.lang.Object

com.nimbusds.openid.connect.sdk.validators.IDTokenClaimsVerifier

All Implemented Interfaces:

com.nimbusds.jwt.proc.ClockSkewAware, com.nimbusds.jwt.proc.JWTClaimsSetVerifier

@ThreadSafe
public class IDTokenClaimsVerifier
extends Object
implements com.nimbusds.jwt.proc.JWTClaimsSetVerifier, com.nimbusds.jwt.proc.ClockSkewAware

ID token claims verifier.

Related specifications:

• OpenID Connect Core 1.0, section 3.1.3.7 for code flow.
• OpenID Connect Core 1.0, section 3.2.2.11 for implicit flow.
• OpenID Connect Core 1.0, sections 3.3.2.12 and 3.3.3.7 for hybrid flow.

Constructor Summary

Constructors

Constructor	Description
IDTokenClaimsVerifier(Issuer issuer, ClientID clientID, Nonce nonce, int maxClockSkew)	Creates a new ID token claims verifier.

Method Summary

Modifier and Type	Method	Description
ClientID	getClientID()	Returns the client ID for verifying the ID token audience.
Issuer	getExpectedIssuer()	Returns the expected ID token issuer.
Nonce	getExpectedNonce()	Returns the expected nonce.
int	getMaxClockSkew()
void	setMaxClockSkew(int maxClockSkew)
void	verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext ctx)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

IDTokenClaimsVerifier

public IDTokenClaimsVerifier(Issuer issuer,
 ClientID clientID,
 Nonce nonce,
 int maxClockSkew)

Creates a new ID token claims verifier.

Parameters:

issuer - The expected ID token issuer. Must not be null.

clientID - The client ID. Must not be null.

nonce - The nonce, required in the implicit flow or for ID tokens returned by the authorisation endpoint int the hybrid flow. null if not required or specified.

maxClockSkew - The maximum acceptable clock skew (absolute value), in seconds. Must be zero (no clock skew) or positive integer.

Method Details

getExpectedIssuer

public Issuer getExpectedIssuer()

Returns the expected ID token issuer.

Returns:

The ID token issuer.

getClientID

public ClientID getClientID()

Returns the client ID for verifying the ID token audience.

Returns:

The client ID.

getExpectedNonce

public Nonce getExpectedNonce()

Returns the expected nonce.

Returns:

The nonce, null if not required or specified.

getMaxClockSkew

public int getMaxClockSkew()

Specified by:

getMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware

setMaxClockSkew

public void setMaxClockSkew(int maxClockSkew)

Specified by:

setMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware

verify

public void verify(com.nimbusds.jwt.JWTClaimsSet claimsSet,
 com.nimbusds.jose.proc.SecurityContext ctx)
            throws com.nimbusds.jwt.proc.BadJWTException

Specified by:

verify in interface com.nimbusds.jwt.proc.JWTClaimsSetVerifier

Throws:

com.nimbusds.jwt.proc.BadJWTException