io.micronaut.security.oauth2.endpoint.token.response.validation

Class DefaultOpenIdTokenResponseValidator

java.lang.Object

io.micronaut.security.oauth2.endpoint.token.response.validation.DefaultOpenIdTokenResponseValidator

All Implemented Interfaces:

OpenIdTokenResponseValidator

@Singleton
public class DefaultOpenIdTokenResponseValidator
extends java.lang.Object
implements OpenIdTokenResponseValidator

Default implementation of OpenIdTokenResponseValidator.

Since:

1.2.0

Author:

Sergio del Amo

Constructor Summary

Constructors

Constructor and Description
DefaultOpenIdTokenResponseValidator(java.util.Collection<OpenIdClaimsValidator> idTokenValidators, java.util.Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators, NonceClaimValidator nonceClaimValidator, JwkValidator jwkValidator)

Method Summary

Modifier and Type	Method and Description
protected JwksSignature	jwksSignatureForOpenIdProviderMetadata(OpenIdProviderMetadata openIdProviderMetadata)
protected java.util.Optional<com.nimbusds.jwt.JWT>	parseJwtWithValidSignature(OpenIdProviderMetadata openIdProviderMetadata, OpenIdTokenResponse openIdTokenResponse)
java.util.Optional<com.nimbusds.jwt.JWT>	validate(OauthClientConfiguration clientConfiguration, OpenIdProviderMetadata openIdProviderMetadata, OpenIdTokenResponse openIdTokenResponse, java.lang.String nonce)
protected java.util.Optional<com.nimbusds.jwt.JWT>	validateClaims(OauthClientConfiguration clientConfiguration, OpenIdProviderMetadata openIdProviderMetadata, com.nimbusds.jwt.JWT jwt, java.lang.String nonce)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultOpenIdTokenResponseValidator

public DefaultOpenIdTokenResponseValidator(java.util.Collection<OpenIdClaimsValidator> idTokenValidators,
                                           java.util.Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators,
                                           @Nullable
                                           NonceClaimValidator nonceClaimValidator,
                                           JwkValidator jwkValidator)

Parameters:

idTokenValidators - OpenID JWT claim validators

genericJwtClaimsValidators - Generic JWT claim validators

nonceClaimValidator - The nonce claim validator

jwkValidator - The JWK validator

Method Detail

validate

public java.util.Optional<com.nimbusds.jwt.JWT> validate(OauthClientConfiguration clientConfiguration,
                                                         OpenIdProviderMetadata openIdProviderMetadata,
                                                         OpenIdTokenResponse openIdTokenResponse,
                                                         @Nullable
                                                         java.lang.String nonce)

Specified by:

validate in interface OpenIdTokenResponseValidator

Parameters:

clientConfiguration - The OAuth 2.0 client configuration

openIdProviderMetadata - The OpenID provider metadata

openIdTokenResponse - ID Token Access Token response

nonce - The persisted nonce value

Returns:

true if the ID Token access response is considered valid

validateClaims

@NonNull
protected java.util.Optional<com.nimbusds.jwt.JWT> validateClaims(@NonNull
                                                                           OauthClientConfiguration clientConfiguration,
                                                                           @NonNull
                                                                           OpenIdProviderMetadata openIdProviderMetadata,
                                                                           @NonNull
                                                                           com.nimbusds.jwt.JWT jwt,
                                                                           @Nullable
                                                                           java.lang.String nonce)

Parameters:

clientConfiguration - The OAuth 2.0 client configuration

openIdProviderMetadata - The OpenID provider metadata

jwt - JWT with valida signature

nonce - The persisted nonce value

Returns:

the same JWT supplied as a parameter if the claims validation were succesful or empty if not.

parseJwtWithValidSignature

@NonNull
protected java.util.Optional<com.nimbusds.jwt.JWT> parseJwtWithValidSignature(@NonNull
                                                                                       OpenIdProviderMetadata openIdProviderMetadata,
                                                                                       @NonNull
                                                                                       OpenIdTokenResponse openIdTokenResponse)

Parameters:

openIdProviderMetadata - The OpenID provider metadata

openIdTokenResponse - ID Token Access Token response Uses the ID token in the OpenID connect response to extract a JSON Web token and validates its signature

Returns:

A JWT if the signature validation is successful

jwksSignatureForOpenIdProviderMetadata

protected JwksSignature jwksSignatureForOpenIdProviderMetadata(@NonNull
                                                               OpenIdProviderMetadata openIdProviderMetadata)

Parameters:

openIdProviderMetadata - The OpenID provider metadata

Returns:

A JwksSignature for the OpenID provider JWKS uri.