Class JWTAssertionFactory
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionFactory
-
public class JWTAssertionFactory extends Object
Static JWT bearer assertion factory.Related specifications:
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521).
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static com.nimbusds.jwt.SignedJWT
create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, Secret secret)
Creates a new HMAC-protected JWT bearer assertion.static com.nimbusds.jwt.SignedJWT
create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, ECPrivateKey ecPrivateKey, String keyID, Provider jcaProvider)
Creates a new EC-signed JWT bearer assertion.static com.nimbusds.jwt.SignedJWT
create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, RSAPrivateKey rsaPrivateKey, String keyID, Provider jcaProvider)
Creates a new RSA-signed JWT bearer assertion.static Set<com.nimbusds.jose.JWSAlgorithm>
supportedJWAs()
Returns the supported signature JSON Web Algorithms (JWAs).
-
-
-
Method Detail
-
supportedJWAs
public static Set<com.nimbusds.jose.JWSAlgorithm> supportedJWAs()
Returns the supported signature JSON Web Algorithms (JWAs).- Returns:
- The supported JSON Web Algorithms (JWAs).
-
create
public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, Secret secret) throws com.nimbusds.jose.JOSEException
Creates a new HMAC-protected JWT bearer assertion.- Parameters:
details
- The JWT bearer assertion details. Must not benull
.jwsAlgorithm
- The expected HMAC algorithm (HS256, HS384 or HS512) for the JWT assertion. Must be supported and notnull
.secret
- The secret. Must be at least 256-bits long.- Returns:
- The JWT bearer assertion.
- Throws:
com.nimbusds.jose.JOSEException
- If the client secret is too short, or HMAC computation failed.
-
create
public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, RSAPrivateKey rsaPrivateKey, String keyID, Provider jcaProvider) throws com.nimbusds.jose.JOSEException
Creates a new RSA-signed JWT bearer assertion.- Parameters:
details
- The JWT bearer assertion details. Must not be benull
.jwsAlgorithm
- The expected RSA signature algorithm (RS256, RS384, RS512, PS256, PS384 or PS512) for the JWT assertion. Must be supported and notnull
.rsaPrivateKey
- The RSA private key. Must not benull
.keyID
- Optional identifier for the RSA key, to aid key selection on the recipient side. Recommended.null
if not specified.jcaProvider
- Optional specific JCA provider,null
to use the default one.- Returns:
- The JWT bearer assertion.
- Throws:
com.nimbusds.jose.JOSEException
- If RSA signing failed.
-
create
public static com.nimbusds.jwt.SignedJWT create(JWTAssertionDetails details, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, ECPrivateKey ecPrivateKey, String keyID, Provider jcaProvider) throws com.nimbusds.jose.JOSEException
Creates a new EC-signed JWT bearer assertion.- Parameters:
details
- The JWT bearer assertion details. Must not benull
.jwsAlgorithm
- The expected EC signature algorithm (ES256, ES384 or ES512) for the JWT assertion. Must be supported and notnull
.ecPrivateKey
- The EC private key. Must not benull
.keyID
- Optional identifier for the EC key, to aid key selection on the recipient side. Recommended.null
if not specified.jcaProvider
- Optional specific JCA provider,null
to use the default one.- Returns:
- The JWT bearer assertion.
- Throws:
com.nimbusds.jose.JOSEException
- If RSA signing failed.
-
-