Package com.nimbusds.oauth2.sdk.auth
Class SelfSignedTLSClientAuthentication
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.auth.ClientAuthentication
-
- com.nimbusds.oauth2.sdk.auth.TLSClientAuthentication
-
- com.nimbusds.oauth2.sdk.auth.SelfSignedTLSClientAuthentication
-
@Immutable public class SelfSignedTLSClientAuthentication extends TLSClientAuthentication
Self-signed certificate mutual TLS client authentication at the Token endpoint. The client certificate is self-signed, as opposed totls_client_auth
which relies on PKI binding. ImplementsClientAuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH
.Related specifications:
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 2.2.
-
-
Field Summary
-
Fields inherited from class com.nimbusds.oauth2.sdk.auth.TLSClientAuthentication
certificate
-
-
Constructor Summary
Constructors Constructor Description SelfSignedTLSClientAuthentication(ClientID clientID, X509Certificate certificate)
Creates a new self-signed certificate mutual TLS client authentication.SelfSignedTLSClientAuthentication(ClientID clientID, SSLSocketFactory sslSocketFactory)
Creates a new self-signed certificate mutual TLS client authentication.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static SelfSignedTLSClientAuthentication
parse(HTTPRequest httpRequest)
Parses a self-signed certificate mutual TLS client authentication from the specified HTTP request.-
Methods inherited from class com.nimbusds.oauth2.sdk.auth.TLSClientAuthentication
applyTo, getClientX509Certificate, getSSLSocketFactory
-
Methods inherited from class com.nimbusds.oauth2.sdk.auth.ClientAuthentication
getClientID, getMethod
-
-
-
-
Constructor Detail
-
SelfSignedTLSClientAuthentication
public SelfSignedTLSClientAuthentication(ClientID clientID, SSLSocketFactory sslSocketFactory)
Creates a new self-signed certificate mutual TLS client authentication. This constructor is intended for an outgoing token request.- Parameters:
clientID
- The client identifier. Must not benull
.sslSocketFactory
- The SSL socket factory to use for the outgoing HTTPS request and to present the client certificate(s),null
to use the default one.
-
SelfSignedTLSClientAuthentication
public SelfSignedTLSClientAuthentication(ClientID clientID, X509Certificate certificate)
Creates a new self-signed certificate mutual TLS client authentication. This constructor is intended for a received token request.- Parameters:
clientID
- The client identifier. Must not benull
.certificate
- The validated client X.509 certificate from the received HTTPS request. Must not benull
.
-
-
Method Detail
-
parse
public static SelfSignedTLSClientAuthentication parse(HTTPRequest httpRequest) throws ParseException
Parses a self-signed certificate mutual TLS client authentication from the specified HTTP request.- Parameters:
httpRequest
- The HTTP request to parse. Must not benull
and must include a validated client X.509 certificate.- Returns:
- The self-signed TLS / X.509 certificate client authentication.
- Throws:
ParseException
- If theclient_id
or client X.509 certificate is missing.
-
-