@Singleton public class DefaultOpenIdTokenResponseValidator extends java.lang.Object implements OpenIdTokenResponseValidator
OpenIdTokenResponseValidator
.Constructor and Description |
---|
DefaultOpenIdTokenResponseValidator(java.util.Collection<OpenIdClaimsValidator> idTokenValidators,
java.util.Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators,
NonceClaimValidator nonceClaimValidator,
JwkValidator jwkValidator)
|
DefaultOpenIdTokenResponseValidator(java.util.Collection<OpenIdClaimsValidator> idTokenValidators,
java.util.Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators,
NonceClaimValidator nonceClaimValidator,
JwkValidator jwkValidator,
JwkSetFetcher<com.nimbusds.jose.jwk.JWKSet> jwkSetFetcher) |
Modifier and Type | Method and Description |
---|---|
protected JwksSignature |
jwksSignatureForOpenIdProviderMetadata(OpenIdProviderMetadata openIdProviderMetadata) |
protected java.util.Optional<com.nimbusds.jwt.JWT> |
parseJwtWithValidSignature(OpenIdProviderMetadata openIdProviderMetadata,
OpenIdTokenResponse openIdTokenResponse) |
java.util.Optional<com.nimbusds.jwt.JWT> |
validate(OauthClientConfiguration clientConfiguration,
OpenIdProviderMetadata openIdProviderMetadata,
OpenIdTokenResponse openIdTokenResponse,
java.lang.String nonce) |
protected java.util.Optional<com.nimbusds.jwt.JWT> |
validateClaims(OauthClientConfiguration clientConfiguration,
OpenIdProviderMetadata openIdProviderMetadata,
com.nimbusds.jwt.JWT jwt,
java.lang.String nonce) |
@Inject public DefaultOpenIdTokenResponseValidator(java.util.Collection<OpenIdClaimsValidator> idTokenValidators, java.util.Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators, @Nullable NonceClaimValidator nonceClaimValidator, JwkValidator jwkValidator, JwkSetFetcher<com.nimbusds.jose.jwk.JWKSet> jwkSetFetcher)
idTokenValidators
- OpenID JWT claim validatorsgenericJwtClaimsValidators
- Generic JWT claim validatorsnonceClaimValidator
- The nonce claim validatorjwkValidator
- The JWK validatorjwkSetFetcher
- Json Web Key Set Fetcher@Deprecated public DefaultOpenIdTokenResponseValidator(java.util.Collection<OpenIdClaimsValidator> idTokenValidators, java.util.Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators, @Nullable NonceClaimValidator nonceClaimValidator, JwkValidator jwkValidator)
DefaultOpenIdTokenResponseValidator(Collection, Collection, NonceClaimValidator, JwkValidator, JwkSetFetcher)
instead.idTokenValidators
- OpenID JWT claim validatorsgenericJwtClaimsValidators
- Generic JWT claim validatorsnonceClaimValidator
- The nonce claim validatorjwkValidator
- The JWK validatorpublic java.util.Optional<com.nimbusds.jwt.JWT> validate(OauthClientConfiguration clientConfiguration, OpenIdProviderMetadata openIdProviderMetadata, OpenIdTokenResponse openIdTokenResponse, @Nullable java.lang.String nonce)
validate
in interface OpenIdTokenResponseValidator
clientConfiguration
- The OAuth 2.0 client configurationopenIdProviderMetadata
- The OpenID provider metadataopenIdTokenResponse
- ID Token Access Token responsenonce
- The persisted nonce value@NonNull protected java.util.Optional<com.nimbusds.jwt.JWT> validateClaims(@NonNull OauthClientConfiguration clientConfiguration, @NonNull OpenIdProviderMetadata openIdProviderMetadata, @NonNull com.nimbusds.jwt.JWT jwt, @Nullable java.lang.String nonce)
clientConfiguration
- The OAuth 2.0 client configurationopenIdProviderMetadata
- The OpenID provider metadatajwt
- JWT with valida signaturenonce
- The persisted nonce value@NonNull protected java.util.Optional<com.nimbusds.jwt.JWT> parseJwtWithValidSignature(@NonNull OpenIdProviderMetadata openIdProviderMetadata, @NonNull OpenIdTokenResponse openIdTokenResponse)
openIdProviderMetadata
- The OpenID provider metadataopenIdTokenResponse
- ID Token Access Token response
Uses the ID token in the OpenID connect response to extract a JSON Web token and validates its signatureprotected JwksSignature jwksSignatureForOpenIdProviderMetadata(@NonNull OpenIdProviderMetadata openIdProviderMetadata)
openIdProviderMetadata
- The OpenID provider metadataJwksSignature
for the OpenID provider JWKS uri.