Module org.glassfish.soteria
Package org.glassfish.soteria.mechanisms.openid.controller

Class TokenClaimsSetVerifier.StandardVerifications

    • Constructor Detail

      • StandardVerifications

        public StandardVerifications​(OpenIdConfiguration configuration,
                             com.nimbusds.jwt.JWTClaimsSet claims)

    • Method Detail

      • requireSameIssuer

        public void requireSameIssuer()
        The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) must exactly match the value of the iss (issuer) Claim.

      • requireSubject

        public void requireSubject()
        Subject Identifier is locally unique and never reassigned identifier within the Issuer for the End-User.

      • requireAudience

        public void requireAudience​(String requiredAudience)
        Audience(s) claim (that this ID Token is intended for) must contains the client_id of the Client (Relying Party) as an audience value. Other use cases may allow different audience than client Id, but generally require one.

      • assureAuthorizedParty

        public void assureAuthorizedParty​(String clientId)
        If the ID Token contains multiple audiences, the Client should verify that an azp (authorized party) claim is present. If an azp (authorized party) claim is present, the Client should verify that its client_id is the claim Value

      • requireValidTimestamp

        public void requireValidTimestamp()
        The current time must be before the time represented by the exp Claim. The current time must be after the time represented by the iat Claim. The current time must be after the time represented by nbf claim