com.nimbusds.oauth2.sdk.assertions.jwt

Class JWTAssertionDetails

java.lang.Object

com.nimbusds.oauth2.sdk.assertions.AssertionDetails

com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionDetails

Direct Known Subclasses:

JWTAuthenticationClaimsSet

@Immutable
public class JWTAssertionDetails
extends AssertionDetails

JSON Web Token (JWT) bearer assertion details (claims set) for OAuth 2.0 client authentication and authorisation grants.

Used for client secret JWT and private key JWT authentication at the Token endpoint as well as JWT bearer assertion grants.

Example JWT bearer assertion claims set for client authentication:

 {
   "iss" : "http://client.example.com",
   "sub" : "http://client.example.com",
   "aud" : [ "http://idp.example.com/token" ],
   "jti" : "d396036d-c4d9-40d8-8e98-f7e8327002d9",
   "exp" : 1311281970,
   "iat" : 1311280970
 }
 

Related specifications:

• JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523), section 3.

Constructor Summary

Constructors

Constructor and Description
JWTAssertionDetails(Issuer iss, Subject sub, Audience aud) Creates a new JWT bearer assertion details (claims set) instance.
JWTAssertionDetails(Issuer iss, Subject sub, List<Audience> aud, Date exp, Date nbf, Date iat, JWTID jti, Map<String,Object> other) Creates a new JWT bearer assertion details (claims set) instance.

Method Summary

Methods

Modifier and Type	Method and Description
Map<String,Object>	getCustomClaims() Returns the custom claims.
JWTID	getJWTID() Returns the optional assertion identifier, as a JWT ID.
Date	getNotBeforeTime() Returns the optional not-before time.
static Set<String>	getReservedClaimsNames() Gets the names of the reserved JWT bearer assertion claims.
static JWTAssertionDetails	parse(net.minidev.json.JSONObject jsonObject) Parses a JWT bearer assertion details (claims set) instance from the specified JSON object.
static JWTAssertionDetails	parse(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet) Parses a JWT bearer assertion details instance from the specified JWT claims set.
net.minidev.json.JSONObject	toJSONObject() Returns a JSON object representation of this JWT bearer assertion details.
com.nimbusds.jwt.JWTClaimsSet	toJWTClaimsSet() Returns a JSON Web Token (JWT) claims set representation of this JWT bearer assertion details.

Methods inherited from class com.nimbusds.oauth2.sdk.assertions.AssertionDetails

getAudience, getExpirationTime, getID, getIssuer, getIssueTime, getSubject

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JWTAssertionDetails

public JWTAssertionDetails(Issuer iss,
                   Subject sub,
                   Audience aud)

Creates a new JWT bearer assertion details (claims set) instance. The expiration time (exp) is set to five minutes from the current system time. Generates a default identifier (jti) for the JWT. The issued-at (iat) and not-before (nbf) claims are not set.

Parameters:

iss - The issuer identifier. Must not be null.

sub - The subject. Must not be null.

aud - The audience identifier, typically the URI of the authorisation server's Token endpoint. Must not be null.

JWTAssertionDetails

public JWTAssertionDetails(Issuer iss,
                   Subject sub,
                   List<Audience> aud,
                   Date exp,
                   Date nbf,
                   Date iat,
                   JWTID jti,
                   Map<String,Object> other)

Creates a new JWT bearer assertion details (claims set) instance.

Parameters:

iss - The issuer identifier. Must not be null.

sub - The subject. Must not be null.

aud - The audience, typically including the URI of the authorisation server's token endpoint. Must not be null.

exp - The expiration time. Must not be null.

nbf - The time before which the token must not be accepted for processing, null if not specified.

iat - The time at which the token was issued, null if not specified.

jti - Unique identifier for the JWT, null if not specified.

other - Other custom claims to include, null if none.

Method Detail

getReservedClaimsNames

public static Set<String> getReservedClaimsNames()

Gets the names of the reserved JWT bearer assertion claims.

Returns:

The names of the reserved JWT bearer assertion claims (read-only set).

getNotBeforeTime

public Date getNotBeforeTime()

Returns the optional not-before time. Corresponds to the nbf claim.

Returns:

The not-before time, null if not specified.

getJWTID

public JWTID getJWTID()

Returns the optional assertion identifier, as a JWT ID. Corresponds to the jti claim.

Returns:

The optional JWT ID, null if not specified.

See Also:

AssertionDetails.getID()

getCustomClaims

public Map<String,Object> getCustomClaims()

Returns the custom claims.

Returns:

The custom claims, null if not specified.

toJSONObject

public net.minidev.json.JSONObject toJSONObject()

Returns a JSON object representation of this JWT bearer assertion details.

Returns:

The JSON object.

toJWTClaimsSet

public com.nimbusds.jwt.JWTClaimsSet toJWTClaimsSet()

Returns a JSON Web Token (JWT) claims set representation of this JWT bearer assertion details.

Returns:

The JWT claims set.

parse

public static JWTAssertionDetails parse(net.minidev.json.JSONObject jsonObject)
                                 throws ParseException

Parses a JWT bearer assertion details (claims set) instance from the specified JSON object.

Parameters:

jsonObject - The JSON object. Must not be null.

Returns:

The JWT bearer assertion details.

Throws:

ParseException - If the JSON object couldn't be parsed to a JWT bearer assertion details instance.

parse

public static JWTAssertionDetails parse(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet)
                                 throws ParseException

Parses a JWT bearer assertion details instance from the specified JWT claims set.

Parameters:

jwtClaimsSet - The JWT claims set. Must not be null.

Returns:

The JWT bearer assertion details.

Throws:

ParseException - If the JWT claims set couldn't be parsed to a JWT bearer assertion details instance.