@Requires(property="micronaut.security.authentication",value="idtoken") @Requires(property="micronaut.security.token.jwt.claims-validators.openid-idtoken",notEquals="false") @Singleton public class IdTokenClaimsValidator extends java.lang.Object implements GenericJwtClaimsValidator
Modifier and Type | Field and Description |
---|---|
protected static java.lang.String |
AUTHORIZED_PARTY |
protected static org.slf4j.Logger |
LOG |
protected java.util.Collection<OauthClientConfiguration> |
oauthClientConfigurations |
PREFIX
Constructor and Description |
---|
IdTokenClaimsValidator(java.util.Collection<OauthClientConfiguration> oauthClientConfigurations) |
Modifier and Type | Method and Description |
---|---|
protected java.util.Optional<java.util.List<java.lang.String>> |
parseAudiences(JwtClaims claims) |
protected java.util.Optional<java.lang.String> |
parseAzpClaim(JwtClaims claims) |
protected java.util.Optional<java.lang.Object> |
parseClaim(JwtClaims claims,
java.lang.String claimName) |
protected java.util.Optional<java.util.List<java.lang.String>> |
parseClaimList(JwtClaims claims,
java.lang.String claimName) |
protected java.util.Optional<java.lang.String> |
parseClaimString(JwtClaims claims,
java.lang.String claimName) |
protected java.util.Optional<java.lang.String> |
parseIssuerClaim(JwtClaims claims) |
boolean |
validate(JwtClaims claims,
io.micronaut.http.HttpRequest<?> request) |
protected boolean |
validateAzp(JwtClaims claims,
java.lang.String clientId,
java.util.List<java.lang.String> audiences) |
protected boolean |
validateIssuerAudienceAndAzp(JwtClaims claims,
java.lang.String iss,
java.util.List<java.lang.String> audiences) |
protected boolean |
validateIssuerAudienceAndAzp(JwtClaims claims,
java.lang.String iss,
java.util.List<java.lang.String> audiences,
OauthClientConfiguration oauthClientConfiguration) |
protected boolean |
validateIssuerAudienceAndAzp(JwtClaims claims,
java.lang.String iss,
java.util.List<java.lang.String> audiences,
java.lang.String clientId,
OpenIdClientConfiguration openIdClientConfiguration) |
protected static final org.slf4j.Logger LOG
protected static final java.lang.String AUTHORIZED_PARTY
protected final java.util.Collection<OauthClientConfiguration> oauthClientConfigurations
public IdTokenClaimsValidator(java.util.Collection<OauthClientConfiguration> oauthClientConfigurations)
oauthClientConfigurations
- OpenId client configurationspublic boolean validate(@NonNull JwtClaims claims, @Nullable io.micronaut.http.HttpRequest<?> request)
validate
in interface JwtClaimsValidator
claims
- JWT Claimsrequest
- HTTP requestprotected java.util.Optional<java.lang.String> parseIssuerClaim(JwtClaims claims)
claims
- JWT ClaimsOptional
. If not found, an empty Optional
is returned.protected java.util.Optional<java.lang.Object> parseClaim(JwtClaims claims, java.lang.String claimName)
claims
- JWT ClaimsclaimName
- Claim NameOptional
. If not found, an empty Optional
is returned.protected java.util.Optional<java.lang.String> parseClaimString(JwtClaims claims, java.lang.String claimName)
claims
- JWT ClaimsclaimName
- Claim NameOptional
. If not found, an empty Optional
is returned.protected java.util.Optional<java.util.List<java.lang.String>> parseClaimList(JwtClaims claims, java.lang.String claimName)
claims
- JWT ClaimsclaimName
- Claim NameOptional
. If not found, an empty Optional
is returned.protected java.util.Optional<java.util.List<java.lang.String>> parseAudiences(JwtClaims claims)
claims
- JWT ClaimsOptional
. If not found, an empty Optional
is returned.protected boolean validateIssuerAudienceAndAzp(@NonNull JwtClaims claims, @NonNull java.lang.String iss, @NonNull java.util.List<java.lang.String> audiences)
claims
- JWT Claimsiss
- Issuer claimaudiences
- aud claim as a list of stringprotected boolean validateIssuerAudienceAndAzp(@NonNull JwtClaims claims, @NonNull java.lang.String iss, @NonNull java.util.List<java.lang.String> audiences, @NonNull OauthClientConfiguration oauthClientConfiguration)
claims
- JWT Claimsiss
- Issuer claimaudiences
- aud claim as a list of stringoauthClientConfiguration
- OAuth 2.0 client configurationprotected boolean validateIssuerAudienceAndAzp(@NonNull JwtClaims claims, @NonNull java.lang.String iss, @NonNull java.util.List<java.lang.String> audiences, @NonNull java.lang.String clientId, @NonNull OpenIdClientConfiguration openIdClientConfiguration)
claims
- JWT Claimsiss
- Issuer claimaudiences
- aud claim as a list of stringclientId
- OAuth 2.0 client_idopenIdClientConfiguration
- OpenID OAuth 2.0 client configurationprotected java.util.Optional<java.lang.String> parseAzpClaim(JwtClaims claims)
claims
- JWT ClaimsOptional
. If not found, an empty Optional
is returned.protected boolean validateAzp(@NonNull JwtClaims claims, @NonNull java.lang.String clientId, @NonNull java.util.List<java.lang.String> audiences)
claims
- JWT ClaimsclientId
- OAuth 2.0 client IDaudiences
- audiences specified in the JWT Claims