Package com.nimbusds.oauth2.sdk.dpop.verifiers

Class DPoPTokenRequestVerifier

java.lang.Object
com.nimbusds.oauth2.sdk.dpop.verifiers.DPoPTokenRequestVerifier
@ThreadSafe public class DPoPTokenRequestVerifier extends Object
DPoP proof JWT verifier for the OAuth 2.0 token endpoint of an authorisation server.

  • Field Details

    • SUPPORTED_JWS_ALGORITHMS

      public static final Set<com.nimbusds.jose.JWSAlgorithm> SUPPORTED_JWS_ALGORITHMS
      The supported JWS algorithms for the DPoP proof JWTs.

  • Constructor Details

    • DPoPTokenRequestVerifier

      public DPoPTokenRequestVerifier(Set<com.nimbusds.jose.JWSAlgorithm> acceptedJWSAlgs, URI endpointURI, long maxClockSkewSeconds, SingleUseChecker<Map.Entry<DPoPIssuer,JWTID>> singleUseChecker)
      Creates a new DPoP proof JWT verifier for the OAuth 2.0 token endpoint.
      Parameters:
      acceptedJWSAlgs - The accepted JWS algorithms. Must be supported and not null.
      endpointURI - The token endpoint URI. Any query or fragment component will be stripped from it before performing the comparison. Must not be null.
      maxClockSkewSeconds - The max acceptable clock skew for the "iat" (issued-at) claim checks, in seconds. Should be in the order of a few seconds.
      singleUseChecker - The single use checker for the DPoP proof "jti" (JWT ID) claims, null if not specified.

  • Method Details

    • verify

      @Deprecated public JWKThumbprintConfirmation verify(DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof) throws InvalidDPoPProofException, com.nimbusds.jose.JOSEException
      Deprecated.
      Verifies the specified DPoP proof and returns the DPoP JWK SHA-256 thumbprint confirmation.
      Parameters:
      issuer - Unique identifier for the DPoP proof issuer, typically as its client ID. Must not be null.
      proof - The DPoP proof JWT. Must not be null.
      Returns:
      The DPoP JWK SHA-256 thumbprint confirmation.
      Throws:
      InvalidDPoPProofException - If the DPoP proof is invalid.
      com.nimbusds.jose.JOSEException - If an internal JOSE exception is encountered.

    • verify

      public JWKThumbprintConfirmation verify(DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof, Nonce nonce) throws InvalidDPoPProofException, com.nimbusds.jose.JOSEException
      Verifies the specified DPoP proof and returns the DPoP JWK SHA-256 thumbprint confirmation.
      Parameters:
      issuer - Unique identifier for the DPoP proof issuer, typically as its client ID. Must not be null.
      proof - The DPoP proof JWT. Must not be null.
      nonce - The expected DPoP proof JWT nonce, null if none.
      Returns:
      The DPoP JWK SHA-256 thumbprint confirmation.
      Throws:
      InvalidDPoPProofException - If the DPoP proof is invalid.
      com.nimbusds.jose.JOSEException - If an internal JOSE exception is encountered.