Class DPoPTokenRequestVerifier

  • @ThreadSafe
    public class DPoPTokenRequestVerifier
    extends Object
    DPoP proof JWT verifier for the OAuth 2.0 token endpoint of an authorisation server.
    • Field Detail


        public static final Set<com.nimbusds.jose.JWSAlgorithm> SUPPORTED_JWS_ALGORITHMS
        The supported JWS algorithms for the DPoP proof JWTs.
    • Constructor Detail

      • DPoPTokenRequestVerifier

        public DPoPTokenRequestVerifier​(Set<com.nimbusds.jose.JWSAlgorithm> acceptedJWSAlgs,
                                        URI endpointURI,
                                        long maxClockSkewSeconds,
                                        SingleUseChecker<Map.Entry<DPoPIssuer,​JWTID>> singleUseChecker)
        Creates a new DPoP proof JWT verifier for the OAuth 2.0 token endpoint.
        acceptedJWSAlgs - The accepted JWS algorithms. Must be supported and not null.
        endpointURI - The token endpoint URI. Any query or fragment component will be stripped from it before performing the comparison. Must not be null.
        maxClockSkewSeconds - The max acceptable clock skew for the "iat" (issued-at) claim checks, in seconds. Should be in the order of a few seconds.
        singleUseChecker - The single use checker for the DPoP proof "jti" (JWT ID) claims, null if not specified.
    • Method Detail

      • verify

        public JWKThumbprintConfirmation verify​(DPoPIssuer issuer,
                                                com.nimbusds.jwt.SignedJWT proof)
                                         throws InvalidDPoPProofException,
        Verifies the specified DPoP proof and returns the DPoP JWK SHA-256 thumbprint confirmation.
        issuer - Unique identifier for the DPoP proof issuer, typically as its client ID. Must not be null.
        proof - The DPoP proof JWT. Must not be null.
        The DPoP JWK SHA-256 thumbprint confirmation.
        InvalidDPoPProofException - If the DPoP proof is invalid.
        com.nimbusds.jose.JOSEException - If an internal JOSE exception is encountered.