Package com.nimbusds.oauth2.sdk
Class JWTBearerGrant
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.AuthorizationGrant
-
- com.nimbusds.oauth2.sdk.AssertionGrant
-
- com.nimbusds.oauth2.sdk.JWTBearerGrant
-
@Immutable public class JWTBearerGrant extends AssertionGrant
JWT bearer grant. Used in access token requests with a JSON Web Token (JWT), such an OpenID Connect ID token.The JWT assertion can be:
- Signed or MAC protected with JWS
- Encrypted with JWE
- Nested - signed / MAC protected with JWS and then encrypted with JWE
Related specifications:
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521), section 4.1.
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523), section-2.1.
-
-
Field Summary
Fields Modifier and Type Field Description static GrantType
GRANT_TYPE
The grant type.-
Fields inherited from class com.nimbusds.oauth2.sdk.AssertionGrant
MISSING_ASSERTION_PARAM_EXCEPTION, MISSING_GRANT_TYPE_PARAM_EXCEPTION
-
-
Constructor Summary
Constructors Constructor Description JWTBearerGrant(com.nimbusds.jose.JWEObject assertion)
Creates a new nested signed and encrypted JSON Web Token (JWT) bearer assertion grant.JWTBearerGrant(com.nimbusds.jwt.EncryptedJWT assertion)
Creates a new signed and encrypted JSON Web Token (JWT) bearer assertion grant.JWTBearerGrant(com.nimbusds.jwt.SignedJWT assertion)
Creates a new signed JSON Web Token (JWT) bearer assertion grant.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getAssertion()
Gets the assertion.com.nimbusds.jose.JOSEObject
getJOSEAssertion()
Gets the JSON Web Token (JWT) bearer assertion.com.nimbusds.jwt.JWT
getJWTAssertion()
Gets the JSON Web Token (JWT) bearer assertion.static JWTBearerGrant
parse(Map<String,List<String>> params)
Parses a JWT bearer grant from the specified request body parameters.Map<String,List<String>>
toParameters()
Returns the request body parameters for the authorisation grant.-
Methods inherited from class com.nimbusds.oauth2.sdk.AuthorizationGrant
getType
-
-
-
-
Field Detail
-
GRANT_TYPE
public static final GrantType GRANT_TYPE
The grant type.
-
-
Constructor Detail
-
JWTBearerGrant
public JWTBearerGrant(com.nimbusds.jwt.SignedJWT assertion)
Creates a new signed JSON Web Token (JWT) bearer assertion grant.- Parameters:
assertion
- The signed JSON Web Token (JWT) assertion. Must not be in a unsigned state ornull
. The JWT claims are not validated for compliance with the standard.
-
JWTBearerGrant
public JWTBearerGrant(com.nimbusds.jose.JWEObject assertion)
Creates a new nested signed and encrypted JSON Web Token (JWT) bearer assertion grant.- Parameters:
assertion
- The nested signed and encrypted JSON Web Token (JWT) assertion. Must not be in a unencrypted state ornull
. The JWT claims are not validated for compliance with the standard.
-
JWTBearerGrant
public JWTBearerGrant(com.nimbusds.jwt.EncryptedJWT assertion)
Creates a new signed and encrypted JSON Web Token (JWT) bearer assertion grant.- Parameters:
assertion
- The signed and encrypted JSON Web Token (JWT) assertion. Must not be in a unencrypted state ornull
. The JWT claims are not validated for compliance with the standard.
-
-
Method Detail
-
getJWTAssertion
public com.nimbusds.jwt.JWT getJWTAssertion()
Gets the JSON Web Token (JWT) bearer assertion.- Returns:
- The assertion as a signed or encrypted JWT,
null
if the assertion is a signed and encrypted JWT.
-
getJOSEAssertion
public com.nimbusds.jose.JOSEObject getJOSEAssertion()
Gets the JSON Web Token (JWT) bearer assertion.- Returns:
- The assertion as a generic JOSE object (signed JWT, encrypted JWT, or signed and encrypted JWT).
-
getAssertion
public String getAssertion()
Description copied from class:AssertionGrant
Gets the assertion.- Specified by:
getAssertion
in classAssertionGrant
- Returns:
- The assertion as a string.
-
toParameters
public Map<String,List<String>> toParameters()
Description copied from class:AuthorizationGrant
Returns the request body parameters for the authorisation grant.- Specified by:
toParameters
in classAuthorizationGrant
- Returns:
- The parameters.
-
parse
public static JWTBearerGrant parse(Map<String,List<String>> params) throws ParseException
Parses a JWT bearer grant from the specified request body parameters. The JWT claims are not validated for compliance with the standard.Example:
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer &assertion=eyJhbGciOiJFUzI1NiJ9.eyJpc3Mi[...omitted for brevity...]. J9l-ZhwP[...omitted for brevity...]
- Parameters:
params
- The parameters.- Returns:
- The JWT bearer grant.
- Throws:
ParseException
- If parsing failed.
-
-