Package com.nimbusds.oauth2.sdk.auth

Class JWTAuthentication

  • Direct Known Subclasses:
    ClientSecretJWT, PrivateKeyJWT
    public abstract class JWTAuthentication
extends ClientAuthentication
    Base abstract class for JSON Web Token (JWT) based client authentication at the Token endpoint.

    Related specifications:

    • OAuth 2.0 (RFC 6749), section 3.2.1.
    • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).
    • OpenID Connect Core 1.0, section 9.

    • Field Detail

      • CLIENT_ASSERTION_TYPE

        public static final String CLIENT_ASSERTION_TYPE
        The expected client assertion type, corresponding to the client_assertion_type parameter. This is a URN string set to "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".
        See Also:
        Constant Field Values

    • Constructor Detail

      • JWTAuthentication

        protected JWTAuthentication​(ClientAuthenticationMethod method,
                            com.nimbusds.jwt.SignedJWT clientAssertion)
        Creates a new JSON Web Token (JWT) based client authentication.
        Parameters:
        method - The client authentication method. Must not be null.
        clientAssertion - The client assertion, corresponding to the client_assertion parameter, in the form of a signed JSON Web Token (JWT). Must be signed and not null.
        Throws:
        IllegalArgumentException - If the client assertion is not signed or doesn't conform to the expected format.

    • Method Detail

      • getClientAssertion

        public com.nimbusds.jwt.SignedJWT getClientAssertion()
        Gets the client assertion, corresponding to the client_assertion parameter.
        Returns:
        The client assertion, in the form of a signed JSON Web Token (JWT).

      • toParameters

        public Map<String,​List<String>> toParameters()
        Returns the parameter representation of this JSON Web Token (JWT) based client authentication. Note that the parameters are not application/x-www-form-urlencoded encoded.

        Parameters map: 

         "client_assertion" = [serialised-JWT]
 "client_assertion_type" = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
        Returns:
        The parameters map, with keys "client_assertion", "client_assertion_type" and "client_id".

      • applyTo

        public void applyTo​(HTTPRequest httpRequest)
        Description copied from class: ClientAuthentication
        Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).
        Specified by:
        applyTo in class ClientAuthentication
        Parameters:
        httpRequest - The HTTP request. Must not be null.

      • ensureClientAssertionType

        protected static void ensureClientAssertionType​(Map<String,​List<String>> params)
                                         throws ParseException
        Ensures the specified parameters map contains an entry with key "client_assertion_type" pointing to a string that equals the expected CLIENT_ASSERTION_TYPE. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.
        Parameters:
        params - The parameters map to check. The parameters must not be null and application/x-www-form-urlencoded encoded.
        Throws:
        ParseException - If expected "client_assertion_type" entry wasn't found.

      • parseClientAssertion

        protected static com.nimbusds.jwt.SignedJWT parseClientAssertion​(Map<String,​List<String>> params)
                                                          throws ParseException
        Parses the specified parameters map for a client assertion. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.
        Parameters:
        params - The parameters map to parse. It must contain an entry with key "client_assertion" pointing to a string that represents a signed serialised JSON Web Token (JWT). The parameters must not be null and application/x-www-form-urlencoded encoded.
        Returns:
        The client assertion as a signed JSON Web Token (JWT).
        Throws:
        ParseException - If a "client_assertion" entry couldn't be retrieved from the parameters map.

      • parseClientID

        protected static ClientID parseClientID​(Map<String,​List<String>> params)
        Parses the specified parameters map for an optional client identifier. This method is intended to aid parsing of JSON Web Token (JWT) based client authentication objects.
        Parameters:
        params - The parameters map to parse. It may contain an entry with key "client_id" pointing to a string that represents the client identifier. The parameters must not be null and application/x-www-form-urlencoded encoded.
        Returns:
        The client identifier, null if not specified.

      • parse

        public static JWTAuthentication parse​(HTTPRequest httpRequest)
                               throws ParseException
        Parses the specified HTTP request for a JSON Web Token (JWT) based client authentication.
        Parameters:
        httpRequest - The HTTP request to parse. Must not be null.
        Returns:
        The JSON Web Token (JWT) based client authentication.
        Throws:
        ParseException - If a JSON Web Token (JWT) based client authentication couldn't be retrieved from the HTTP request.