Package com.nimbusds.oauth2.sdk.jarm

Class JARMClaimsVerifier

java.lang.Object
com.nimbusds.oauth2.sdk.jarm.JARMClaimsVerifier
All Implemented Interfaces:
com.nimbusds.jwt.proc.ClockSkewAware, com.nimbusds.jwt.proc.JWTClaimsSetVerifier
@ThreadSafe public class JARMClaimsVerifier extends Object implements com.nimbusds.jwt.proc.JWTClaimsSetVerifier, com.nimbusds.jwt.proc.ClockSkewAware
JSON Web Token (JWT) encoded authorisation response claims verifier.

Related specifications:

  • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)

  • Constructor Details

    • JARMClaimsVerifier

      public JARMClaimsVerifier(Issuer issuer, ClientID clientID, int maxClockSkew)
      Creates a new ID token claims verifier.
      Parameters:
      issuer - The expected Authorisation Server. Must not be null.
      clientID - The client ID. Must not be null.
      maxClockSkew - The maximum acceptable clock skew (absolute value), in seconds. Must be zero (no clock skew) or positive integer.

  • Method Details

    • getExpectedIssuer

      public Issuer getExpectedIssuer()
      Returns the expected Authorisation Server.
      Returns:
      The Authorisation Server issuer.

    • getClientID

      public ClientID getClientID()
      Returns the client ID for verifying the JWT audience.
      Returns:
      The client ID.

    • getMaxClockSkew

      public int getMaxClockSkew()
      Specified by:
      getMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware

    • setMaxClockSkew

      public void setMaxClockSkew(int maxClockSkew)
      Specified by:
      setMaxClockSkew in interface com.nimbusds.jwt.proc.ClockSkewAware

    • verify

      public void verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext ctx) throws com.nimbusds.jwt.proc.BadJWTException
      Specified by:
      verify in interface com.nimbusds.jwt.proc.JWTClaimsSetVerifier
      Throws:
      com.nimbusds.jwt.proc.BadJWTException