Class AbstractJWTValidator
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.validators.AbstractJWTValidator
-
- All Implemented Interfaces:
com.nimbusds.jwt.proc.ClockSkewAware
- Direct Known Subclasses:
IDTokenValidator,JARMValidator,LogoutTokenValidator
public abstract class AbstractJWTValidator extends Object implements com.nimbusds.jwt.proc.ClockSkewAware
Abstract JSON Web Token (JWT) validator for ID tokens and logout tokens.
-
-
Field Summary
Fields Modifier and Type Field Description static intDEFAULT_MAX_CLOCK_SKEWThe default maximum acceptable clock skew for verifying token timestamps, in seconds.
-
Constructor Summary
Constructors Constructor Description AbstractJWTValidator(Issuer expectedIssuer, ClientID clientID, com.nimbusds.jose.proc.JWSKeySelector jwsKeySelector, com.nimbusds.jose.proc.JWEKeySelector jweKeySelector)Creates a new abstract JWT validator.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ClientIDgetClientID()Returns the client ID (the expected JWT audience).IssuergetExpectedIssuer()Returns the expected token issuer.com.nimbusds.jose.proc.JWEKeySelectorgetJWEKeySelector()Returns the configured JWE key selector for encrypted token decryption.com.nimbusds.jose.proc.JWSKeySelectorgetJWSKeySelector()Returns the configured JWS key selector for signed token verification.intgetMaxClockSkew()Gets the maximum acceptable clock skew for verifying the token timestamps.voidsetMaxClockSkew(int maxClockSkew)Sets the maximum acceptable clock skew for verifying the token timestamps.
-
-
-
Field Detail
-
DEFAULT_MAX_CLOCK_SKEW
public static final int DEFAULT_MAX_CLOCK_SKEW
The default maximum acceptable clock skew for verifying token timestamps, in seconds.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
AbstractJWTValidator
public AbstractJWTValidator(Issuer expectedIssuer, ClientID clientID, com.nimbusds.jose.proc.JWSKeySelector jwsKeySelector, com.nimbusds.jose.proc.JWEKeySelector jweKeySelector)
Creates a new abstract JWT validator.- Parameters:
expectedIssuer- The expected token issuer (OpenID Provider). Must not benull.clientID- The client ID. Must not benull.jwsKeySelector- The key selector for JWS verification,nullif unsecured (plain) tokens are expected.jweKeySelector- The key selector for JWE decryption,nullif encrypted tokens are not expected.
-
-
Method Detail
-
getExpectedIssuer
public Issuer getExpectedIssuer()
Returns the expected token issuer.- Returns:
- The token issuer.
-
getClientID
public ClientID getClientID()
Returns the client ID (the expected JWT audience).- Returns:
- The client ID.
-
getJWSKeySelector
public com.nimbusds.jose.proc.JWSKeySelector getJWSKeySelector()
Returns the configured JWS key selector for signed token verification.- Returns:
- The JWS key selector,
nullif none.
-
getJWEKeySelector
public com.nimbusds.jose.proc.JWEKeySelector getJWEKeySelector()
Returns the configured JWE key selector for encrypted token decryption.- Returns:
- The JWE key selector,
null.
-
getMaxClockSkew
public int getMaxClockSkew()
Gets the maximum acceptable clock skew for verifying the token timestamps.- Specified by:
getMaxClockSkewin interfacecom.nimbusds.jwt.proc.ClockSkewAware- Returns:
- The maximum acceptable clock skew, in seconds. Zero indicates none.
-
setMaxClockSkew
public void setMaxClockSkew(int maxClockSkew)
Sets the maximum acceptable clock skew for verifying the token timestamps.- Specified by:
setMaxClockSkewin interfacecom.nimbusds.jwt.proc.ClockSkewAware- Parameters:
maxClockSkew- The maximum acceptable clock skew, in seconds. Zero indicates none. Must not be negative.
-
-