com.nimbusds.oauth2.sdk.auth

Class JWTAuthenticationClaimsSet

java.lang.Object

com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet

public class JWTAuthenticationClaimsSet
extends Object

JWT client authentication claims set, serialisable to a JSON object and JWT claims set.

Used for client secret JWT and private key JWT authentication at the Token endpoint.

Example client authentication claims set:

 {
   "iss" : "http://client.example.com",
   "sub" : "http://client.example.com",
   "aud" : [ "http://idp.example.com/token" ],
   "jti" : "d396036d-c4d9-40d8-8e98-f7e8327002d9",
   "exp" : 1311281970,
   "iat" : 1311280970
 }
 

Related specifications:

• OAuth 2.0 (RFC 6749), section-3.2.1.
• JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (draft-ietf-oauth-jwt-bearer-10)

Constructor Summary

Constructors

Constructor and Description
JWTAuthenticationClaimsSet(ClientID clientID, Audience aud, Date exp, Date nbf, Date iat, JWTID jti) Creates a new JWT client authentication claims set.

Method Summary

Methods

Modifier and Type	Method and Description
Audience	getAudience() Gets the audience.
ClientID	getClientID() Gets the client identifier.
Date	getExpirationTime() Gets the expiration time.
Issuer	getIssuer() Gets the issuer.
Date	getIssueTime() Gets the optional issue time.
JWTID	getJWTID() Gets the identifier for the JWT.
Date	getNotBeforeTime() Gets the not-before time.
static Set<String>	getReservedClaimNames() Gets the names of the reserved client authentication claims.
Subject	getSubject() Gets the subject.
static JWTAuthenticationClaimsSet	parse(net.minidev.json.JSONObject jsonObject) Parses a JWT client authentication claims set from the specified JSON object.
static JWTAuthenticationClaimsSet	parse(com.nimbusds.jwt.ReadOnlyJWTClaimsSet jwtClaimsSet) Parses a JWT client authentication claims set from the specified JWT claims set.
net.minidev.json.JSONObject	toJSONObject() Returns a JSON object representation of this JWT client authentication claims set.
com.nimbusds.jwt.JWTClaimsSet	toJWTClaimsSet() Returns a JSON Web Token (JWT) claims set representation of this client authentication claims set.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JWTAuthenticationClaimsSet

public JWTAuthenticationClaimsSet(ClientID clientID,
                          Audience aud,
                          Date exp,
                          Date nbf,
                          Date iat,
                          JWTID jti)

Creates a new JWT client authentication claims set.

Parameters:

clientID - The client identifier. Used to specify the issuer and the subject. Must not be null.

aud - The audience identifier, typically the URI of the authorisation server's Token endpoint. Must not be null.

exp - The expiration time. Must not be null.

nbf - The time before which the token must not be accepted for processing, null if not specified.

iat - The time at which the token was issued, null if not specified.

jti - Unique identifier for the JWT, null if not specified.

Method Detail

getReservedClaimNames

public static Set<String> getReservedClaimNames()

Gets the names of the reserved client authentication claims.

Returns:

The names of the reserved client authentication claims (read-only set).

getClientID

public ClientID getClientID()

Gets the client identifier. Corresponds to the iss and sub claims.

Returns:

The client identifier.

getIssuer

public Issuer getIssuer()

Gets the issuer. Corresponds to the iss claim.

Returns:

The issuer. Contains the identifier of the OAuth client.

getSubject

public Subject getSubject()

Gets the subject. Corresponds to the sub claim.

Returns:

The subject. Contains the identifier of the OAuth client.

getAudience

public Audience getAudience()

Gets the audience. Corresponds to the aud claim (single-valued).

Returns:

The audience, typically the URI of the authorisation server's token endpoint.

getExpirationTime

public Date getExpirationTime()

Gets the expiration time. Corresponds to the exp claim.

Returns:

The expiration time.

getNotBeforeTime

public Date getNotBeforeTime()

Gets the not-before time. Corresponds to the nbf claim.

Returns:

The not-before time, null if not specified.

getIssueTime

public Date getIssueTime()

Gets the optional issue time. Corresponds to the iat claim.

Returns:

The issued-at time, null if not specified.

getJWTID

public JWTID getJWTID()

Gets the identifier for the JWT. Corresponds to the jti claim.

Returns:

The identifier for the JWT, null if not specified.

toJSONObject

public net.minidev.json.JSONObject toJSONObject()

Returns a JSON object representation of this JWT client authentication claims set.

Returns:

The JSON object.

toJWTClaimsSet

public com.nimbusds.jwt.JWTClaimsSet toJWTClaimsSet()

Returns a JSON Web Token (JWT) claims set representation of this client authentication claims set.

Returns:

The JWT claims set.

parse

public static JWTAuthenticationClaimsSet parse(net.minidev.json.JSONObject jsonObject)
                                        throws ParseException

Parses a JWT client authentication claims set from the specified JSON object.

Parameters:

jsonObject - The JSON object. Must not be null.

Returns:

The client authentication claims set.

Throws:

ParseException - If the JSON object couldn't be parsed to a client authentication claims set.

parse

public static JWTAuthenticationClaimsSet parse(com.nimbusds.jwt.ReadOnlyJWTClaimsSet jwtClaimsSet)
                                        throws ParseException

Parses a JWT client authentication claims set from the specified JWT claims set.

Parameters:

jwtClaimsSet - The JWT claims set. Must not be null.

Returns:

The client authentication claims set.

Throws:

ParseException - If the JWT claims set couldn't be parsed to a client authentication claims set.