Class DefaultOpenIdTokenResponseValidator
- java.lang.Object
-
- io.micronaut.security.oauth2.endpoint.token.response.validation.DefaultOpenIdTokenResponseValidator
-
- All Implemented Interfaces:
OpenIdTokenResponseValidator
@Singleton public class DefaultOpenIdTokenResponseValidator extends java.lang.Object implements OpenIdTokenResponseValidator
Default implementation ofOpenIdTokenResponseValidator.- Since:
- 1.2.0
-
-
Constructor Summary
Constructors Constructor Description DefaultOpenIdTokenResponseValidator(java.util.Collection<OpenIdClaimsValidator> idTokenValidators, java.util.Collection<io.micronaut.security.token.jwt.validator.GenericJwtClaimsValidator> genericJwtClaimsValidators, NonceClaimValidator nonceClaimValidator, io.micronaut.security.token.jwt.signature.jwks.JwkValidator jwkValidator)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected io.micronaut.security.token.jwt.signature.jwks.JwksSignaturejwksSignatureForOpenIdProviderMetadata(OpenIdProviderMetadata openIdProviderMetadata)protected java.util.Optional<com.nimbusds.jwt.JWT>parseJwtWithValidSignature(OpenIdProviderMetadata openIdProviderMetadata, OpenIdTokenResponse openIdTokenResponse)java.util.Optional<com.nimbusds.jwt.JWT>validate(OauthClientConfiguration clientConfiguration, OpenIdProviderMetadata openIdProviderMetadata, OpenIdTokenResponse openIdTokenResponse, java.lang.String nonce)protected java.util.Optional<com.nimbusds.jwt.JWT>validateClaims(OauthClientConfiguration clientConfiguration, OpenIdProviderMetadata openIdProviderMetadata, com.nimbusds.jwt.JWT jwt, java.lang.String nonce)
-
-
-
Constructor Detail
-
DefaultOpenIdTokenResponseValidator
public DefaultOpenIdTokenResponseValidator(java.util.Collection<OpenIdClaimsValidator> idTokenValidators, java.util.Collection<io.micronaut.security.token.jwt.validator.GenericJwtClaimsValidator> genericJwtClaimsValidators, @Nullable NonceClaimValidator nonceClaimValidator, io.micronaut.security.token.jwt.signature.jwks.JwkValidator jwkValidator)
- Parameters:
idTokenValidators- OpenID JWT claim validatorsgenericJwtClaimsValidators- Generic JWT claim validatorsnonceClaimValidator- The nonce claim validatorjwkValidator- The JWK validator
-
-
Method Detail
-
validate
public java.util.Optional<com.nimbusds.jwt.JWT> validate(OauthClientConfiguration clientConfiguration, OpenIdProviderMetadata openIdProviderMetadata, OpenIdTokenResponse openIdTokenResponse, @Nullable java.lang.String nonce)
- Specified by:
validatein interfaceOpenIdTokenResponseValidator- Parameters:
clientConfiguration- The OAuth 2.0 client configurationopenIdProviderMetadata- The OpenID provider metadataopenIdTokenResponse- ID Token Access Token responsenonce- The persisted nonce value- Returns:
- true if the ID Token access response is considered valid
-
validateClaims
@NonNull protected java.util.Optional<com.nimbusds.jwt.JWT> validateClaims(@NonNull OauthClientConfiguration clientConfiguration, @NonNull OpenIdProviderMetadata openIdProviderMetadata, @NonNull com.nimbusds.jwt.JWT jwt, @Nullable java.lang.String nonce)- Parameters:
clientConfiguration- The OAuth 2.0 client configurationopenIdProviderMetadata- The OpenID provider metadatajwt- JWT with valida signaturenonce- The persisted nonce value- Returns:
- the same JWT supplied as a parameter if the claims validation were succesful or empty if not.
-
parseJwtWithValidSignature
@NonNull protected java.util.Optional<com.nimbusds.jwt.JWT> parseJwtWithValidSignature(@NonNull OpenIdProviderMetadata openIdProviderMetadata, @NonNull OpenIdTokenResponse openIdTokenResponse)- Parameters:
openIdProviderMetadata- The OpenID provider metadataopenIdTokenResponse- ID Token Access Token response Uses the ID token in the OpenID connect response to extract a JSON Web token and validates its signature- Returns:
- A JWT if the signature validation is successful
-
jwksSignatureForOpenIdProviderMetadata
protected io.micronaut.security.token.jwt.signature.jwks.JwksSignature jwksSignatureForOpenIdProviderMetadata(@NonNull OpenIdProviderMetadata openIdProviderMetadata)- Parameters:
openIdProviderMetadata- The OpenID provider metadata- Returns:
- A
JwksSignaturefor the OpenID provider JWKS uri.
-
-