Package com.nimbusds.oauth2.sdk.auth

Class ClientSecretJWT

java.lang.Object

com.nimbusds.oauth2.sdk.auth.ClientAuthentication

com.nimbusds.oauth2.sdk.auth.JWTAuthentication

com.nimbusds.oauth2.sdk.auth.ClientSecretJWT

@Immutable
public final class ClientSecretJWT
extends JWTAuthentication

Client secret JWT authentication at the Token endpoint. Implements ClientAuthenticationMethod.CLIENT_SECRET_JWT.

Supported signature JSON Web Algorithms (JWAs) by this implementation:

• HS256
• HS384
• HS512

Related specifications:

• Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521).
• JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).

Field Summary

Fields inherited from class com.nimbusds.oauth2.sdk.auth.JWTAuthentication

CLIENT_ASSERTION_TYPE

Constructor Summary

Constructors

Constructor	Description
ClientSecretJWT(com.nimbusds.jwt.SignedJWT clientAssertion)	Creates a new client secret JWT authentication.
ClientSecretJWT(ClientID clientID, URI tokenEndpoint, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, Secret clientSecret)	Creates a new client secret JWT authentication.

Method Summary

Modifier and Type	Method	Description
static ClientSecretJWT	parse(HTTPRequest httpRequest)	Parses the specified HTTP POST request for a client secret JSON Web Token (JWT) authentication.
static ClientSecretJWT	parse(String paramsString)	Parses a client secret JSON Web Token (JWT) authentication from the specified application/x-www-form-urlencoded encoded parameters string.
static ClientSecretJWT	parse(Map<String,List<String>> params)	Parses the specified parameters map for a client secret JSON Web Token (JWT) authentication.
static Set<com.nimbusds.jose.JWSAlgorithm>	supportedJWAs()	Returns the supported signature JSON Web Algorithms (JWAs).

Methods inherited from class com.nimbusds.oauth2.sdk.auth.JWTAuthentication

applyTo, ensureClientAssertionType, getClientAssertion, getJWTAuthenticationClaimsSet, parseClientAssertion, parseClientID, toParameters

Methods inherited from class com.nimbusds.oauth2.sdk.auth.ClientAuthentication

getClientID, getMethod

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClientSecretJWT

public ClientSecretJWT(ClientID clientID,
                       URI tokenEndpoint,
                       com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                       Secret clientSecret)
                throws com.nimbusds.jose.JOSEException

Creates a new client secret JWT authentication. The expiration time (exp) is set to five minutes from the current system time. Generates a default identifier (jti) for the JWT. The issued-at (iat) and not-before (nbf) claims are not set.

Parameters:

clientID - The client identifier. Must not be null.

tokenEndpoint - The token endpoint URI of the authorisation server. Must not be null.

jwsAlgorithm - The expected HMAC algorithm (HS256, HS384 or HS512) for the client secret JWT assertion. Must be supported and not null.

clientSecret - The client secret. Must be at least 256-bits long.

Throws:

com.nimbusds.jose.JOSEException - If the client secret is too short, or HMAC computation failed.

ClientSecretJWT

public ClientSecretJWT(com.nimbusds.jwt.SignedJWT clientAssertion)

Creates a new client secret JWT authentication.

Parameters:

clientAssertion - The client assertion, corresponding to the client_assertion_parameter, as a supported HMAC-protected JWT. Must be signed and not null.

Method Detail

supportedJWAs

public static Set<com.nimbusds.jose.JWSAlgorithm> supportedJWAs()

Returns the supported signature JSON Web Algorithms (JWAs).

Returns:

The supported JSON Web Algorithms (JWAs).

parse

public static ClientSecretJWT parse(Map<String,List<String>> params)
                             throws ParseException

Parses the specified parameters map for a client secret JSON Web Token (JWT) authentication. Note that the parameters must not be application/x-www-form-urlencoded encoded.

Parameters:

params - The parameters map to parse. The client secret JSON Web Token (JWT) parameters must be keyed under "client_assertion" and "client_assertion_type". The map must not be null.

Returns:

The client secret JSON Web Token (JWT) authentication.

Throws:

ParseException - If the parameters map couldn't be parsed to a client secret JSON Web Token (JWT) authentication.

parse

public static ClientSecretJWT parse(String paramsString)
                             throws ParseException

Parses a client secret JSON Web Token (JWT) authentication from the specified application/x-www-form-urlencoded encoded parameters string.

Parameters:

paramsString - The parameters string to parse. The client secret JSON Web Token (JWT) parameters must be keyed under "client_assertion" and "client_assertion_type". The string must not be null.

Returns:

The client secret JSON Web Token (JWT) authentication.

Throws:

ParseException - If the parameters string couldn't be parsed to a client secret JSON Web Token (JWT) authentication.

parse

public static ClientSecretJWT parse(HTTPRequest httpRequest)
                             throws ParseException

Parses the specified HTTP POST request for a client secret JSON Web Token (JWT) authentication.

Parameters:

httpRequest - The HTTP POST request to parse. Must not be null and must contain a valid application/x-www-form-urlencoded encoded parameters string in the entity body. The client secret JSON Web Token (JWT) parameters must be keyed under "client_assertion" and "client_assertion_type".

Returns:

The client secret JSON Web Token (JWT) authentication.

Throws:

ParseException - If the HTTP request header couldn't be parsed to a client secret JSON Web Token (JWT) authentication.