Package com.nimbusds.oauth2.sdk.assertions.jwt

Class JWTAssertionFactory

java.lang.Object

com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionFactory

public class JWTAssertionFactory
extends Object

Static JWT bearer assertion factory.

Related specifications:

• Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521)
• JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523)

Method Summary

Modifier and Type	Method	Description
static com.nimbusds.jwt.SignedJWT	create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, Secret secret)	Creates a new HMAC-protected JWT bearer assertion.
static com.nimbusds.jwt.SignedJWT	create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, ECPrivateKey ecPrivateKey, String keyID, Provider jcaProvider)	Deprecated.
static com.nimbusds.jwt.SignedJWT	create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, RSAPrivateKey rsaPrivateKey, String keyID, Provider jcaProvider)	Deprecated.
static com.nimbusds.jwt.SignedJWT	create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, PrivateKey privateKey, String keyID, List<com.nimbusds.jose.util.Base64> x5c, com.nimbusds.jose.util.Base64URL x5t256, Provider jcaProvider)	Creates a new signed JWT bearer assertion.
static Set<com.nimbusds.jose.JWSAlgorithm>	supportedJWAs()	Returns the supported signature JSON Web Algorithms (JWAs).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

supportedJWAs

public static Set<com.nimbusds.jose.JWSAlgorithm> supportedJWAs()

Returns the supported signature JSON Web Algorithms (JWAs).

Returns:

The supported JSON Web Algorithms (JWAs).

create

public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details,
 com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
 Secret secret)
                                         throws com.nimbusds.jose.JOSEException

Creates a new HMAC-protected JWT bearer assertion.

Parameters:

details - The JWT bearer assertion details. Must not be null.

jwsAlgorithm - The expected HMAC algorithm (HS256, HS384 or HS512) for the JWT assertion. Must be supported and not null.

secret - The secret. Must be at least 256-bits long.

Returns:

The JWT bearer assertion.

Throws:

com.nimbusds.jose.JOSEException - If the client secret is too short, or HMAC computation failed.

create

public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details,
 com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
 PrivateKey privateKey,
 String keyID,
 List<com.nimbusds.jose.util.Base64> x5c,
 com.nimbusds.jose.util.Base64URL x5t256,
 Provider jcaProvider)
                                         throws com.nimbusds.jose.JOSEException

Creates a new signed JWT bearer assertion.

Parameters:

details - The JWT bearer assertion details. Must not be null.

jwsAlgorithm - The expected RSA (RS256, RS384, RS512, PS256, PS384 or PS512) or EC (ES256, ES384, ES512) signature algorithm for the JWT assertion. Must be supported and not null.

privateKey - The signing private RSA or EC key. Must not be null.

keyID - Optional identifier for the key, to aid key selection on the recipient side. Recommended. null if not specified.

x5c - Optional X.509 certificate chain for the public key, null if not specified.

x5t256 - Optional X.509 certificate SHA-256 thumbprint, null if not specified.

jcaProvider - Optional specific JCA provider, null to use the default one.

Returns:

The JWT bearer assertion.

Throws:

com.nimbusds.jose.JOSEException - If signing failed.

create

@Deprecated
public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details,
 com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
 RSAPrivateKey rsaPrivateKey,
 String keyID,
 Provider jcaProvider)
                                         throws com.nimbusds.jose.JOSEException

Deprecated.

Creates a new RSA-signed JWT bearer assertion.

Parameters:

details - The JWT bearer assertion details. Must not be null.

jwsAlgorithm - The expected RSA signature algorithm (RS256, RS384, RS512, PS256, PS384 or PS512) for the JWT assertion. Must be supported and not null.

rsaPrivateKey - The RSA private key. Must not be null.

keyID - Optional identifier for the RSA key, to aid key selection on the recipient side. Recommended. null if not specified.

jcaProvider - Optional specific JCA provider, null to use the default one.

Returns:

The JWT bearer assertion.

Throws:

com.nimbusds.jose.JOSEException - If RSA signing failed.

create

@Deprecated
public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details,
 com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
 ECPrivateKey ecPrivateKey,
 String keyID,
 Provider jcaProvider)
                                         throws com.nimbusds.jose.JOSEException

Deprecated.

Creates a new EC-signed JWT bearer assertion.

Parameters:

details - The JWT bearer assertion details. Must not be null.

jwsAlgorithm - The expected EC signature algorithm (ES256, ES384 or ES512) for the JWT assertion. Must be supported and not null.

ecPrivateKey - The EC private key. Must not be null.

keyID - Optional identifier for the EC key, to aid key selection on the recipient side. Recommended. null if not specified.

jcaProvider - Optional specific JCA provider, null to use the default one.

Returns:

The JWT bearer assertion.

Throws:

com.nimbusds.jose.JOSEException - If RSA signing failed.