Class JWTAssertionDetails

  • Direct Known Subclasses:
    JWTAuthenticationClaimsSet

    @Immutable
    public class JWTAssertionDetails
    extends AssertionDetails
    JSON Web Token (JWT) bearer assertion details (claims set) for OAuth 2.0 client authentication and authorisation grants.

    Used for client secret JWT and private key JWT authentication at the Token endpoint as well as JWT bearer assertion grants.

    Example JWT bearer assertion claims set for client authentication:

     {
       "iss" : "http://client.example.com",
       "sub" : "http://client.example.com",
       "aud" : [ "http://idp.example.com/token" ],
       "jti" : "d396036d-c4d9-40d8-8e98-f7e8327002d9",
       "exp" : 1311281970,
       "iat" : 1311280970
     }
     

    Related specifications:

    • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523), section 3.
    • Constructor Detail

      • JWTAssertionDetails

        public JWTAssertionDetails​(Issuer iss,
                                   Subject sub,
                                   Audience aud)
        Creates a new JWT bearer assertion details (claims set) instance. The expiration time (exp) is set to five minutes from the current system time. Generates a default identifier (jti) for the JWT. The issued-at (iat) and not-before (nbf) claims are not set.
        Parameters:
        iss - The issuer identifier. Must not be null.
        sub - The subject. Must not be null.
        aud - The audience identifier, typically the URI of the authorisation server's Token endpoint. Must not be null.
      • JWTAssertionDetails

        public JWTAssertionDetails​(Issuer iss,
                                   Subject sub,
                                   List<Audience> aud,
                                   Date exp,
                                   Date nbf,
                                   Date iat,
                                   JWTID jti,
                                   Map<String,​Object> other)
        Creates a new JWT bearer assertion details (claims set) instance.
        Parameters:
        iss - The issuer identifier. Must not be null.
        sub - The subject. Must not be null.
        aud - The audience, typically including the URI of the authorisation server's token endpoint. Must not be null.
        exp - The expiration time. Must not be null.
        nbf - The time before which the token must not be accepted for processing, null if not specified.
        iat - The time at which the token was issued, null if not specified.
        jti - Unique identifier for the JWT, null if not specified.
        other - Other custom claims to include, null if none.
    • Method Detail

      • getReservedClaimsNames

        public static Set<StringgetReservedClaimsNames()
        Gets the names of the reserved JWT bearer assertion claims.
        Returns:
        The names of the reserved JWT bearer assertion claims (read-only set).
      • getNotBeforeTime

        public Date getNotBeforeTime()
        Returns the optional not-before time. Corresponds to the nbf claim.
        Returns:
        The not-before time, null if not specified.
      • getJWTID

        public JWTID getJWTID()
        Returns the optional assertion identifier, as a JWT ID. Corresponds to the jti claim.
        Returns:
        The optional JWT ID, null if not specified.
        See Also:
        AssertionDetails.getID()
      • toJSONObject

        public net.minidev.json.JSONObject toJSONObject()
        Returns a JSON object representation of this JWT bearer assertion details.
        Returns:
        The JSON object.
      • toJWTClaimsSet

        public com.nimbusds.jwt.JWTClaimsSet toJWTClaimsSet()
        Returns a JSON Web Token (JWT) claims set representation of this JWT bearer assertion details.
        Returns:
        The JWT claims set.
      • parse

        public static JWTAssertionDetails parse​(net.minidev.json.JSONObject jsonObject)
                                         throws ParseException
        Parses a JWT bearer assertion details (claims set) instance from the specified JSON object.
        Parameters:
        jsonObject - The JSON object. Must not be null.
        Returns:
        The JWT bearer assertion details.
        Throws:
        ParseException - If the JSON object couldn't be parsed to a JWT bearer assertion details instance.
      • parse

        public static JWTAssertionDetails parse​(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet)
                                         throws ParseException
        Parses a JWT bearer assertion details instance from the specified JWT claims set.
        Parameters:
        jwtClaimsSet - The JWT claims set. Must not be null.
        Returns:
        The JWT bearer assertion details.
        Throws:
        ParseException - If the JWT claims set couldn't be parsed to a JWT bearer assertion details instance.