Class IDTokenClaimsVerifier
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.validators.IDTokenClaimsVerifier
-
- All Implemented Interfaces:
com.nimbusds.jwt.proc.ClockSkewAware
,com.nimbusds.jwt.proc.JWTClaimsSetVerifier
@ThreadSafe public class IDTokenClaimsVerifier extends Object implements com.nimbusds.jwt.proc.JWTClaimsSetVerifier, com.nimbusds.jwt.proc.ClockSkewAware
ID token claims verifier.Related specifications:
- OpenID Connect Core 1.0, section 3.1.3.7 for code flow.
- OpenID Connect Core 1.0, section 3.2.2.11 for implicit flow.
- OpenID Connect Core 1.0, sections 3.3.2.12 and 3.3.3.7 for hybrid flow.
-
-
Constructor Summary
Constructors Constructor Description IDTokenClaimsVerifier(Issuer issuer, ClientID clientID, Nonce nonce, int maxClockSkew)
Creates a new ID token claims verifier.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ClientID
getClientID()
Returns the client ID for verifying the ID token audience.Issuer
getExpectedIssuer()
Returns the expected ID token issuer.Nonce
getExpectedNonce()
Returns the expected nonce.int
getMaxClockSkew()
void
setMaxClockSkew(int maxClockSkew)
void
verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext ctx)
-
-
-
Constructor Detail
-
IDTokenClaimsVerifier
public IDTokenClaimsVerifier(Issuer issuer, ClientID clientID, Nonce nonce, int maxClockSkew)
Creates a new ID token claims verifier.- Parameters:
issuer
- The expected ID token issuer. Must not benull
.clientID
- The client ID. Must not benull
.nonce
- The nonce, required in the implicit flow or for ID tokens returned by the authorisation endpoint int the hybrid flow.null
if not required or specified.maxClockSkew
- The maximum acceptable clock skew (absolute value), in seconds. Must be zero (no clock skew) or positive integer.
-
-
Method Detail
-
getExpectedIssuer
public Issuer getExpectedIssuer()
Returns the expected ID token issuer.- Returns:
- The ID token issuer.
-
getClientID
public ClientID getClientID()
Returns the client ID for verifying the ID token audience.- Returns:
- The client ID.
-
getExpectedNonce
public Nonce getExpectedNonce()
Returns the expected nonce.- Returns:
- The nonce,
null
if not required or specified.
-
getMaxClockSkew
public int getMaxClockSkew()
- Specified by:
getMaxClockSkew
in interfacecom.nimbusds.jwt.proc.ClockSkewAware
-
setMaxClockSkew
public void setMaxClockSkew(int maxClockSkew)
- Specified by:
setMaxClockSkew
in interfacecom.nimbusds.jwt.proc.ClockSkewAware
-
verify
public void verify(com.nimbusds.jwt.JWTClaimsSet claimsSet, com.nimbusds.jose.proc.SecurityContext ctx) throws com.nimbusds.jwt.proc.BadJWTException
- Specified by:
verify
in interfacecom.nimbusds.jwt.proc.JWTClaimsSetVerifier
- Throws:
com.nimbusds.jwt.proc.BadJWTException
-
-