Package com.nimbusds.oauth2.sdk.assertions.jwt

Class JWTAssertionFactory

  • public class JWTAssertionFactory
extends Object
    Static JWT bearer assertion factory.

    Related specifications:

    • Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521).
    • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).

    • Method Detail

      • supportedJWAs

        public static Set<com.nimbusds.jose.JWSAlgorithm> supportedJWAs()
        Returns the supported signature JSON Web Algorithms (JWAs).
        Returns:
        The supported JSON Web Algorithms (JWAs).

      • create

        public static com.nimbusds.jwt.SignedJWT create​(JWTAssertionDetails details,
                                                com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                                                Secret secret)
                                         throws com.nimbusds.jose.JOSEException
        Creates a new HMAC-protected JWT bearer assertion.
        Parameters:
        details - The JWT bearer assertion details. Must not be null.
        jwsAlgorithm - The expected HMAC algorithm (HS256, HS384 or HS512) for the JWT assertion. Must be supported and not null.
        secret - The secret. Must be at least 256-bits long.
        Returns:
        The JWT bearer assertion.
        Throws:
        com.nimbusds.jose.JOSEException - If the client secret is too short, or HMAC computation failed.

      • create

        public static com.nimbusds.jwt.SignedJWT create​(JWTAssertionDetails details,
                                                com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                                                RSAPrivateKey rsaPrivateKey,
                                                String keyID,
                                                Provider jcaProvider)
                                         throws com.nimbusds.jose.JOSEException
        Creates a new RSA-signed JWT bearer assertion.
        Parameters:
        details - The JWT bearer assertion details. Must not be be null.
        jwsAlgorithm - The expected RSA signature algorithm (RS256, RS384, RS512, PS256, PS384 or PS512) for the JWT assertion. Must be supported and not null.
        rsaPrivateKey - The RSA private key. Must not be null.
        keyID - Optional identifier for the RSA key, to aid key selection on the recipient side. Recommended. null if not specified.
        jcaProvider - Optional specific JCA provider, null to use the default one.
        Returns:
        The JWT bearer assertion.
        Throws:
        com.nimbusds.jose.JOSEException - If RSA signing failed.

      • create

        public static com.nimbusds.jwt.SignedJWT create​(JWTAssertionDetails details,
                                                com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                                                ECPrivateKey ecPrivateKey,
                                                String keyID,
                                                Provider jcaProvider)
                                         throws com.nimbusds.jose.JOSEException
        Creates a new EC-signed JWT bearer assertion.
        Parameters:
        details - The JWT bearer assertion details. Must not be null.
        jwsAlgorithm - The expected EC signature algorithm (ES256, ES384 or ES512) for the JWT assertion. Must be supported and not null.
        ecPrivateKey - The EC private key. Must not be null.
        keyID - Optional identifier for the EC key, to aid key selection on the recipient side. Recommended. null if not specified.
        jcaProvider - Optional specific JCA provider, null to use the default one.
        Returns:
        The JWT bearer assertion.
        Throws:
        com.nimbusds.jose.JOSEException - If RSA signing failed.