Class DPoPTokenRequestVerifier
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.dpop.verifiers.DPoPTokenRequestVerifier
-
@ThreadSafe public class DPoPTokenRequestVerifier extends Object
DPoP proof JWT verifier for the OAuth 2.0 token endpoint of an authorisation server.
-
-
Field Summary
Fields Modifier and Type Field Description static Set<com.nimbusds.jose.JWSAlgorithm>
SUPPORTED_JWS_ALGORITHMS
The supported JWS algorithms for the DPoP proof JWTs.
-
Constructor Summary
Constructors Constructor Description DPoPTokenRequestVerifier(Set<com.nimbusds.jose.JWSAlgorithm> acceptedJWSAlgs, URI endpointURI, long maxClockSkewSeconds, SingleUseChecker<Map.Entry<DPoPIssuer,JWTID>> singleUseChecker)
Creates a new DPoP proof JWT verifier for the OAuth 2.0 token endpoint.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description JWKThumbprintConfirmation
verify(DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof)
Verifies the specified DPoP proof and returns the DPoP JWK SHA-256 thumbprint confirmation.
-
-
-
Field Detail
-
SUPPORTED_JWS_ALGORITHMS
public static final Set<com.nimbusds.jose.JWSAlgorithm> SUPPORTED_JWS_ALGORITHMS
The supported JWS algorithms for the DPoP proof JWTs.
-
-
Constructor Detail
-
DPoPTokenRequestVerifier
public DPoPTokenRequestVerifier(Set<com.nimbusds.jose.JWSAlgorithm> acceptedJWSAlgs, URI endpointURI, long maxClockSkewSeconds, SingleUseChecker<Map.Entry<DPoPIssuer,JWTID>> singleUseChecker)
Creates a new DPoP proof JWT verifier for the OAuth 2.0 token endpoint.- Parameters:
acceptedJWSAlgs
- The accepted JWS algorithms. Must be supported and notnull
.endpointURI
- The token endpoint URI. Any query or fragment component will be stripped from it before performing the comparison. Must not benull
.maxClockSkewSeconds
- The max acceptable clock skew for the "iat" (issued-at) claim checks, in seconds. Should be in the order of a few seconds.singleUseChecker
- The single use checker for the DPoP proof "jti" (JWT ID) claims,null
if not specified.
-
-
Method Detail
-
verify
public JWKThumbprintConfirmation verify(DPoPIssuer issuer, com.nimbusds.jwt.SignedJWT proof) throws InvalidDPoPProofException, com.nimbusds.jose.JOSEException
Verifies the specified DPoP proof and returns the DPoP JWK SHA-256 thumbprint confirmation.- Parameters:
issuer
- Unique identifier for the DPoP proof issuer, typically as its client ID. Must not benull
.proof
- The DPoP proof JWT. Must not benull
.- Returns:
- The DPoP JWK SHA-256 thumbprint confirmation.
- Throws:
InvalidDPoPProofException
- If the DPoP proof is invalid.com.nimbusds.jose.JOSEException
- If an internal JOSE exception is encountered.
-
-