Package com.nimbusds.oauth2.sdk.auth

Class JWTAuthenticationClaimsSet

  • public class JWTAuthenticationClaimsSet
extends JWTAssertionDetails
    JWT client authentication claims set, serialisable to a JSON object and JWT claims set.

    Used for client secret JWT and private key JWT authentication at the Token endpoint.

    Example client authentication claims set: 

     {
   "iss" : "http://client.example.com",
   "sub" : "http://client.example.com",
   "aud" : [ "http://idp.example.com/token" ],
   "jti" : "d396036d-c4d9-40d8-8e98-f7e8327002d9",
   "exp" : 1311281970,
   "iat" : 1311280970
 }

    Related specifications:

    • OAuth 2.0 (RFC 6749), section-3.2.1.
    • JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523).

    • Constructor Detail

      • JWTAuthenticationClaimsSet

        public JWTAuthenticationClaimsSet​(ClientID clientID,
                                  Audience aud)
        Creates a new JWT client authentication claims set. The expiration time (exp) is set to five minutes from the current system time. Generates a default identifier (jti) for the JWT. The issued-at (iat) and not-before (nbf) claims are not set.
        Parameters:
        clientID - The client identifier. Used to specify the issuer and the subject. Must not be null.
        aud - The audience identifier, typically the URI of the authorisation server's Token endpoint. Must not be null.

      • JWTAuthenticationClaimsSet

        public JWTAuthenticationClaimsSet​(ClientID clientID,
                                  List<Audience> aud,
                                  Date exp,
                                  Date nbf,
                                  Date iat,
                                  JWTID jti)
        Creates a new JWT client authentication claims set.
        Parameters:
        clientID - The client identifier. Used to specify the issuer and the subject. Must not be null.
        aud - The audience, typically including the URI of the authorisation server's Token endpoint. Must not be null.
        exp - The expiration time. Must not be null.
        nbf - The time before which the token must not be accepted for processing, null if not specified.
        iat - The time at which the token was issued, null if not specified.
        jti - Unique identifier for the JWT, null if not specified.

    • Method Detail

      • getClientID

        public ClientID getClientID()
        Gets the client identifier. Corresponds to the iss and sub claims.
        Returns:
        The client identifier.

      • parse

        public static JWTAuthenticationClaimsSet parse​(net.minidev.json.JSONObject jsonObject)
                                        throws ParseException
        Parses a JWT client authentication claims set from the specified JSON object.
        Parameters:
        jsonObject - The JSON object. Must not be null.
        Returns:
        The client authentication claims set.
        Throws:
        ParseException - If the JSON object couldn't be parsed to a client authentication claims set.

      • parse

        public static JWTAuthenticationClaimsSet parse​(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet)
                                        throws ParseException
        Parses a JWT client authentication claims set from the specified JWT claims set.
        Parameters:
        jwtClaimsSet - The JWT claims set. Must not be null.
        Returns:
        The client authentication claims set.
        Throws:
        ParseException - If the JWT claims set couldn't be parsed to a client authentication claims set.