io.micronaut.security.oauth2.endpoint.token.response.validation

Class AudienceClaimValidator

java.lang.Object

io.micronaut.security.oauth2.endpoint.token.response.validation.AudienceClaimValidator

All Implemented Interfaces:

OpenIdClaimsValidator

@Requires(property="micronaut.security.oauth2.openid.claims-validation.audience",
          notEquals="false")
 @Singleton
public class AudienceClaimValidator
extends java.lang.Object
implements OpenIdClaimsValidator

ID Token Audience validator. The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element. The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.

Since:

1.2.0

Author:

Sergio del Amo

See Also:

ID Token Validation OpenID Connect Core Spec.

Constructor Summary

Constructors

Constructor and Description
AudienceClaimValidator()

Method Summary

Modifier and Type	Method and Description
boolean	validate(OpenIdClaims claims, OauthClientConfiguration clientConfiguration, OpenIdProviderMetadata providerMetadata)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AudienceClaimValidator

public AudienceClaimValidator()

Method Detail

validate

public boolean validate(OpenIdClaims claims,
                        OauthClientConfiguration clientConfiguration,
                        OpenIdProviderMetadata providerMetadata)

Specified by:

validate in interface OpenIdClaimsValidator

Parameters:

claims - ID Token Claims

clientConfiguration - OAuth 2.0 Client Configuration

providerMetadata - OpenID Connect provider metadata

Returns:

Whether the JWT Claims pass validation or not.