com.nimbusds.oauth2.sdk.auth.verifier

Interface ClientCredentialsSelector<T>

public interface ClientCredentialsSelector<T>

Selector of client credential candidates for client authentication verification. The select methods should typically return a single candidate, but may also return multiple in case of client credentials key rotation. Implementations should be tread-safe.

Selection of client_secret_basic, client_secret_post and client_secret_jwt secrets is handled by the selectClientSecrets(com.nimbusds.oauth2.sdk.id.ClientID, com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod, com.nimbusds.oauth2.sdk.auth.verifier.Context<T>) method.

Selection of private_key_jwt keys is handled by the selectPublicKeys(com.nimbusds.oauth2.sdk.id.ClientID, com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod, com.nimbusds.jose.JWSHeader, com.nimbusds.oauth2.sdk.auth.verifier.Context<T>) method.

The generic context object may be used to return client metadata or other information to the caller.

Method Summary

Methods

Modifier and Type	Method and Description
List<Secret>	selectClientSecrets(ClientID claimedClientID, ClientAuthenticationMethod authMethod, Context<T> context) Selects one or more client secret candidates for client_secret_basic, client_secret_post and client_secret_jwt authentication.
List<? extends PublicKey>	selectPublicKeys(ClientID claimedClientID, ClientAuthenticationMethod authMethod, com.nimbusds.jose.JWSHeader jwsHeader, Context<T> context) Selects one or more public key candidates (e.g.

Method Detail

selectClientSecrets

List<Secret> selectClientSecrets(ClientID claimedClientID,
                               ClientAuthenticationMethod authMethod,
                               Context<T> context)

Selects one or more client secret candidates for client_secret_basic, client_secret_post and client_secret_jwt authentication.

Parameters:

claimedClientID - The client identifier (to be verified). Not null.

authMethod - The client authentication method. Not null.

context - Additional context. May be null.

Returns:

The selected client secret candidates. If empty or null implies an invalid client.

selectPublicKeys

List<? extends PublicKey> selectPublicKeys(ClientID claimedClientID,
                                         ClientAuthenticationMethod authMethod,
                                         com.nimbusds.jose.JWSHeader jwsHeader,
                                         Context<T> context)

Selects one or more public key candidates (e.g. RSA or EC) for private_key_jwt authentication.

Parameters:

claimedClientID - The client identifier (to be verified). Not null.

authMethod - The client authentication method. Not null.

jwsHeader - The JWS header, which may contain parameters such as key ID to facilitate the key selection. Not null.

context - Additional context. Not null.

Returns:

The selected public key candidates. If empty or null implies an invalid client.