Package io.micronaut.security.oauth2.endpoint.token.response.validation

Class DefaultOpenIdTokenResponseValidator

java.lang.Object
io.micronaut.security.oauth2.endpoint.token.response.validation.DefaultOpenIdTokenResponseValidator
All Implemented Interfaces:
OpenIdTokenResponseValidator
@Singleton public class DefaultOpenIdTokenResponseValidator extends Object implements OpenIdTokenResponseValidator
Default implementation of OpenIdTokenResponseValidator.
Since:
1.2.0
Author:
Sergio del Amo

  • Constructor Details

    • DefaultOpenIdTokenResponseValidator

      public DefaultOpenIdTokenResponseValidator(Collection<OpenIdClaimsValidator> idTokenValidators, Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators, @Nullable NonceClaimValidator nonceClaimValidator, JwkValidator jwkValidator, JwkSetFetcher<com.nimbusds.jose.jwk.JWKSet> jwkSetFetcher)
      Parameters:
      idTokenValidators - OpenID JWT claim validators
      genericJwtClaimsValidators - Generic JWT claim validators
      nonceClaimValidator - The nonce claim validator
      jwkValidator - The JWK validator
      jwkSetFetcher - Json Web Key Set Fetcher

  • Method Details

    • validate

      public Optional<com.nimbusds.jwt.JWT> validate(OauthClientConfiguration clientConfiguration, OpenIdProviderMetadata openIdProviderMetadata, OpenIdTokenResponse openIdTokenResponse, @Nullable String nonce)
      Specified by:
      validate in interface OpenIdTokenResponseValidator
      Parameters:
      clientConfiguration - The OAuth 2.0 client configuration
      openIdProviderMetadata - The OpenID provider metadata
      openIdTokenResponse - ID Token Access Token response
      nonce - The persisted nonce value
      Returns:
      true if the ID Token access response is considered valid

    • validateClaims

      @NonNull protected Optional<com.nimbusds.jwt.JWT> validateClaims(@NonNull OauthClientConfiguration clientConfiguration, @NonNull OpenIdProviderMetadata openIdProviderMetadata, @NonNull com.nimbusds.jwt.JWT jwt, @Nullable String nonce)
      Parameters:
      clientConfiguration - The OAuth 2.0 client configuration
      openIdProviderMetadata - The OpenID provider metadata
      jwt - JWT with valida signature
      nonce - The persisted nonce value
      Returns:
      the same JWT supplied as a parameter if the claims validation were succesful or empty if not.

    • parseJwtWithValidSignature

      @NonNull protected Optional<com.nimbusds.jwt.JWT> parseJwtWithValidSignature(@NonNull OpenIdProviderMetadata openIdProviderMetadata, @NonNull OpenIdTokenResponse openIdTokenResponse)
      Parameters:
      openIdProviderMetadata - The OpenID provider metadata
      openIdTokenResponse - ID Token Access Token response Uses the ID token in the OpenID connect response to extract a JSON Web token and validates its signature
      Returns:
      A JWT if the signature validation is successful

    • jwksSignatureForOpenIdProviderMetadata

      protected JwksSignature jwksSignatureForOpenIdProviderMetadata(@NonNull OpenIdProviderMetadata openIdProviderMetadata)
      Parameters:
      openIdProviderMetadata - The OpenID provider metadata
      Returns:
      A JwksSignature for the OpenID provider JWKS uri.