Class DefaultOpenIdTokenResponseValidator
java.lang.Object
io.micronaut.security.oauth2.endpoint.token.response.validation.DefaultOpenIdTokenResponseValidator
- All Implemented Interfaces:
OpenIdTokenResponseValidator
@Singleton
public class DefaultOpenIdTokenResponseValidator
extends Object
implements OpenIdTokenResponseValidator
Default implementation of
OpenIdTokenResponseValidator
.- Since:
- 1.2.0
- Author:
- Sergio del Amo
-
Constructor Summary
ConstructorDescriptionDefaultOpenIdTokenResponseValidator
(Collection<OpenIdClaimsValidator> idTokenValidators, Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators, @Nullable NonceClaimValidator nonceClaimValidator, JwkValidator jwkValidator, JwkSetFetcher<com.nimbusds.jose.jwk.JWKSet> jwkSetFetcher) -
Method Summary
Modifier and TypeMethodDescriptionprotected JwksSignature
jwksSignatureForOpenIdProviderMetadata
(@NonNull OpenIdProviderMetadata openIdProviderMetadata) protected @NonNull Optional<com.nimbusds.jwt.JWT>
parseJwtWithValidSignature
(@NonNull OpenIdProviderMetadata openIdProviderMetadata, @NonNull OpenIdTokenResponse openIdTokenResponse) Optional<com.nimbusds.jwt.JWT>
validate
(OauthClientConfiguration clientConfiguration, OpenIdProviderMetadata openIdProviderMetadata, OpenIdTokenResponse openIdTokenResponse, @Nullable String nonce) protected @NonNull Optional<com.nimbusds.jwt.JWT>
validateClaims
(@NonNull OauthClientConfiguration clientConfiguration, @NonNull OpenIdProviderMetadata openIdProviderMetadata, @NonNull com.nimbusds.jwt.JWT jwt, @Nullable String nonce)
-
Constructor Details
-
DefaultOpenIdTokenResponseValidator
public DefaultOpenIdTokenResponseValidator(Collection<OpenIdClaimsValidator> idTokenValidators, Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators, @Nullable @Nullable NonceClaimValidator nonceClaimValidator, JwkValidator jwkValidator, JwkSetFetcher<com.nimbusds.jose.jwk.JWKSet> jwkSetFetcher) - Parameters:
idTokenValidators
- OpenID JWT claim validatorsgenericJwtClaimsValidators
- Generic JWT claim validatorsnonceClaimValidator
- The nonce claim validatorjwkValidator
- The JWK validatorjwkSetFetcher
- Json Web Key Set Fetcher
-
-
Method Details
-
validate
public Optional<com.nimbusds.jwt.JWT> validate(OauthClientConfiguration clientConfiguration, OpenIdProviderMetadata openIdProviderMetadata, OpenIdTokenResponse openIdTokenResponse, @Nullable @Nullable String nonce) - Specified by:
validate
in interfaceOpenIdTokenResponseValidator
- Parameters:
clientConfiguration
- The OAuth 2.0 client configurationopenIdProviderMetadata
- The OpenID provider metadataopenIdTokenResponse
- ID Token Access Token responsenonce
- The persisted nonce value- Returns:
- true if the ID Token access response is considered valid
-
validateClaims
@NonNull protected @NonNull Optional<com.nimbusds.jwt.JWT> validateClaims(@NonNull @NonNull OauthClientConfiguration clientConfiguration, @NonNull @NonNull OpenIdProviderMetadata openIdProviderMetadata, @NonNull @NonNull com.nimbusds.jwt.JWT jwt, @Nullable @Nullable String nonce) - Parameters:
clientConfiguration
- The OAuth 2.0 client configurationopenIdProviderMetadata
- The OpenID provider metadatajwt
- JWT with valida signaturenonce
- The persisted nonce value- Returns:
- the same JWT supplied as a parameter if the claims validation were succesful or empty if not.
-
parseJwtWithValidSignature
@NonNull protected @NonNull Optional<com.nimbusds.jwt.JWT> parseJwtWithValidSignature(@NonNull @NonNull OpenIdProviderMetadata openIdProviderMetadata, @NonNull @NonNull OpenIdTokenResponse openIdTokenResponse) - Parameters:
openIdProviderMetadata
- The OpenID provider metadataopenIdTokenResponse
- ID Token Access Token response Uses the ID token in the OpenID connect response to extract a JSON Web token and validates its signature- Returns:
- A JWT if the signature validation is successful
-
jwksSignatureForOpenIdProviderMetadata
protected JwksSignature jwksSignatureForOpenIdProviderMetadata(@NonNull @NonNull OpenIdProviderMetadata openIdProviderMetadata) - Parameters:
openIdProviderMetadata
- The OpenID provider metadata- Returns:
- A
JwksSignature
for the OpenID provider JWKS uri.
-