java.lang.Object
- io.micronaut.security.oauth2.client.IdTokenClaimsValidator

All Implemented Interfaces:

io.micronaut.security.token.jwt.validator.GenericJwtClaimsValidator, io.micronaut.security.token.jwt.validator.JwtClaimsValidator
```
@Requires(property="micronaut.security.authentication",value="idtoken") @Requires(property="micronaut.security.token.jwt.claims-validators.openid-idtoken",notEquals="false")
@Singleton
public class IdTokenClaimsValidator
extends java.lang.Object
implements io.micronaut.security.token.jwt.validator.GenericJwtClaimsValidator
```
For AuthenticationMode.IDTOKEN authentication mode performs the following verification as described in the OpenID Connect Spec. - The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim. - The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element. - If the ID Token contains multiple audiences, the Client SHOULD verify that an azp Claim is present. - If an azp (authorized party) Claim is present, the Client SHOULD verify that its client_id is the Claim Value. * @see ID Token Validation

Since:

2.2.0

Field Summary

Fields
Modifier and Type	Field	Description
`protected static java.lang.String`	`AUTHORIZED_PARTY`
`protected static org.slf4j.Logger`	`LOG`
`protected java.util.Collection<OauthClientConfiguration>`	`oauthClientConfigurations`

Fields inherited from interface io.micronaut.security.token.jwt.validator.JwtClaimsValidator
PREFIX

Constructor Summary

Constructors
Constructor Description

IdTokenClaimsValidator(java.util.Collection<OauthClientConfiguration> oauthClientConfigurations)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected java.util.Optional<java.util.List<java.lang.String>>`	`parseAudiences(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims)`
`protected java.util.Optional<java.lang.String>`	`parseAzpClaim(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims)`
`protected java.util.Optional<java.lang.Object>`	`parseClaim(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims, java.lang.String claimName)`
`protected java.util.Optional<java.util.List<java.lang.String>>`	`parseClaimList(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims, java.lang.String claimName)`
`protected java.util.Optional<java.lang.String>`	`parseClaimString(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims, java.lang.String claimName)`
`protected java.util.Optional<java.lang.String>`	`parseIssuerClaim(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims)`
`boolean`	`validate(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims, io.micronaut.http.HttpRequest<?> request)`
`protected boolean`	`validateAzp(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims, java.lang.String clientId, java.util.List<java.lang.String> audiences)`
`protected boolean`	`validateIssuerAudienceAndAzp(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims, java.lang.String iss, java.util.List<java.lang.String> audiences)`
`protected boolean`	`validateIssuerAudienceAndAzp(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims, java.lang.String iss, java.util.List<java.lang.String> audiences, OauthClientConfiguration oauthClientConfiguration)`
`protected boolean`	`validateIssuerAudienceAndAzp(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims, java.lang.String iss, java.util.List<java.lang.String> audiences, java.lang.String clientId, OpenIdClientConfiguration openIdClientConfiguration)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

protected static final org.slf4j.Logger LOG

AUTHORIZED_PARTY

protected static final java.lang.String AUTHORIZED_PARTY

See Also:: Constant Field Values

oauthClientConfigurations

protected final java.util.Collection<OauthClientConfiguration> oauthClientConfigurations

Constructor Detail

IdTokenClaimsValidator

public IdTokenClaimsValidator(java.util.Collection<OauthClientConfiguration> oauthClientConfigurations)

Parameters:: oauthClientConfigurations - OpenId client configurations

Method Detail

validate

public boolean validate(@NonNull
                        io.micronaut.security.token.jwt.generator.claims.JwtClaims claims,
                        @Nullable
                        io.micronaut.http.HttpRequest<?> request)

Specified by:: validate in interface io.micronaut.security.token.jwt.validator.JwtClaimsValidator

parseIssuerClaim
```
protected java.util.Optional<java.lang.String> parseIssuerClaim(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims)
```
Parameters:

claims - JWT Claims

Returns:

the iss claim value wrapped in an Optional. If not found, an empty Optional is returned.

parseClaim

protected java.util.Optional<java.lang.Object> parseClaim(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims,
                                                          java.lang.String claimName)

Parameters:: claims - JWT Claims; claimName - Claim Name
Returns:: the claim value wrapped in an Optional. If not found, an empty Optional is returned.

parseClaimString

protected java.util.Optional<java.lang.String> parseClaimString(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims,
                                                                java.lang.String claimName)

Parameters:: claims - JWT Claims; claimName - Claim Name
Returns:: the claim value as a String wrapped in an Optional. If not found, an empty Optional is returned.

parseClaimList

protected java.util.Optional<java.util.List<java.lang.String>> parseClaimList(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims,
                                                                              java.lang.String claimName)

Parameters:: claims - JWT Claims; claimName - Claim Name
Returns:: the claim value as a list of Strings wrapped in an Optional. If not found, an empty Optional is returned.

parseAudiences
```
protected java.util.Optional<java.util.List<java.lang.String>> parseAudiences(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims)
```
Parameters:

claims - JWT Claims

Returns:

the aud claim value a list of strings wrapped in an Optional. If not found, an empty Optional is returned.

validateIssuerAudienceAndAzp

protected boolean validateIssuerAudienceAndAzp(@NonNull
                                               io.micronaut.security.token.jwt.generator.claims.JwtClaims claims,
                                               @NonNull
                                               java.lang.String iss,
                                               @NonNull
                                               java.util.List<java.lang.String> audiences)

Parameters:: claims - JWT Claims; iss - Issuer claim; audiences - aud claim as a list of string
Returns:: true if an OAuth 2.0 client issuer matches the iss claim, any of the audiences in the aud claim matches the OAuth 2.0 client_id and for multiple audiencies the azp claim is present and matches OAuth 2.0 client_id

validateIssuerAudienceAndAzp

protected boolean validateIssuerAudienceAndAzp(@NonNull
                                               io.micronaut.security.token.jwt.generator.claims.JwtClaims claims,
                                               @NonNull
                                               java.lang.String iss,
                                               @NonNull
                                               java.util.List<java.lang.String> audiences,
                                               @NonNull
                                               OauthClientConfiguration oauthClientConfiguration)

Parameters:: claims - JWT Claims; iss - Issuer claim; audiences - aud claim as a list of string; oauthClientConfiguration - OAuth 2.0 client configuration
Returns:: true if the OAuth 2.0 client OpenID issuer matches the iss claim, any of the audiences in the aud claim matches the OAuth 2.0 client_id and for multiple audiencies the azp claim is present and matches OAuth 2.0 client_id

validateIssuerAudienceAndAzp

protected boolean validateIssuerAudienceAndAzp(@NonNull
                                               io.micronaut.security.token.jwt.generator.claims.JwtClaims claims,
                                               @NonNull
                                               java.lang.String iss,
                                               @NonNull
                                               java.util.List<java.lang.String> audiences,
                                               @NonNull
                                               java.lang.String clientId,
                                               @NonNull
                                               OpenIdClientConfiguration openIdClientConfiguration)

Parameters:: claims - JWT Claims; iss - Issuer claim; audiences - aud claim as a list of string; clientId - OAuth 2.0 client_id; openIdClientConfiguration - OpenID OAuth 2.0 client configuration
Returns:: true if the OAuth 2.0 client OpenID issuer matches the iss claim, any of the audiences in the aud claim matches the OAuth 2.0 client_id and for multiple audiencies the azp claim is present and matches OAuth 2.0 client_id

parseAzpClaim
```
protected java.util.Optional<java.lang.String> parseAzpClaim(io.micronaut.security.token.jwt.generator.claims.JwtClaims claims)
```
Parameters:

claims - JWT Claims

Returns:

the azp claim value wrapped in an Optional. If not found, an empty Optional is returned.

validateAzp

protected boolean validateAzp(@NonNull
                              io.micronaut.security.token.jwt.generator.claims.JwtClaims claims,
                              @NonNull
                              java.lang.String clientId,
                              @NonNull
                              java.util.List<java.lang.String> audiences)

Parameters:: claims - JWT Claims; clientId - OAuth 2.0 client ID; audiences - audiences specified in the JWT Claims
Returns:: true for single audiences, for multiple audiences returns true azp claim is present and matches OAuth 2.0 client_id

Class IdTokenClaimsValidator

Field Summary

Fields inherited from interface io.micronaut.security.token.jwt.validator.JwtClaimsValidator

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

LOG

AUTHORIZED_PARTY

oauthClientConfigurations

Constructor Detail

IdTokenClaimsValidator

Method Detail

validate

parseIssuerClaim

parseClaim

parseClaimString

parseClaimList

parseAudiences

validateIssuerAudienceAndAzp

validateIssuerAudienceAndAzp

validateIssuerAudienceAndAzp

parseAzpClaim

validateAzp