Examples of com.nimbusds.oauth2.sdk.auth.JWTAuthentication

• com.nimbusds.oauth2.sdk.id.ClientID
  Base abstract class for JSON Web Token (JWT) based client authentication at the Token endpoint.

  Related specifications:

  • OAuth 2.0 (RFC 6749), section-3.2.1.
  • JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (draft-ietf-oauth-jwt-bearer-10)

    // Parse required claims
    Issuer iss = new Issuer(JSONObjectUtils.getString(jsonObject, "iss"));
    Subject sub = new Subject(JSONObjectUtils.getString(jsonObject, "sub"));

    Audience aud;

    if (jsonObject.get("aud") instanceof String) {

      aud = new Audience(JSONObjectUtils.getString(jsonObject, "aud"));

    } else {
      String[] audList = JSONObjectUtils.getStringArray(jsonObject, "aud");

      if (audList.length > 1)
        throw new ParseException("Multiple audiences (aud) not supported");

      aud = new Audience(audList[0]);
    }

    Date exp = DateUtils.fromSecondsSinceEpoch(JSONObjectUtils.getLong(jsonObject, "exp"));

   *
   * @return The client identifier.
   */
  public ClientID getClientID() {

    return new ClientID(iss.getValue());
  }

    // Check client ID

    if (! iss.getValue().equals(sub.getValue()))
      throw new ParseException("JWT issuer and subject must have the same client ID");

    ClientID clientID = new ClientID(iss.getValue());

    return new JWTAuthenticationClaimsSet(clientID, aud, exp, nbf, iat, jti);
  }

    String secretValue = params.get("client_secret");

    if (secretValue == null)
      throw new ParseException("Missing \"client_secret\" parameter");

    return new ClientSecretPost(new ClientID(clientIDString), new Secret(secretValue));
  }

      throw new ParseException(e.getMessage(), e);
    }

    // Check that the top level client_id matches the assertion subject + issuer

    ClientID clientID = JWTAuthentication.parseClientID(params);

    if (clientID != null) {

      if (! clientID.equals(privateKeyJWT.getClientID()))
        throw new ParseException("The client identifier doesn't match the client assertion subject / issuer");
    }

    return privateKeyJWT;
  }

    if (clientAuth == null && grant.getType().requiresClientAuthentication()) {
      throw new ParseException("Missing client authentication", OAuth2Error.INVALID_CLIENT);
    }

    // Parse client id
    ClientID clientID = null;

    if (clientAuth == null) {

      // Parse optional client ID
      String clientIDString = params.get("client_id");

      if (clientIDString != null && clientIDString.trim().length() > 0)
        clientID = new ClientID(clientIDString);

      if (clientID == null && grant.getType().requiresClientID()) {
        throw new ParseException("Missing required \"client_id\" parameter", OAuth2Error.INVALID_REQUEST);
      }
    }

      throw new ParseException(e.getMessage(), e);
    }

    // Check that the top level client_id matches the assertion subject + issuer

    ClientID clientID = JWTAuthentication.parseClientID(params);

    if (clientID != null) {

      if (! clientID.equals(clientSecretJWT.getClientID()))
        throw new ParseException("The client identifier doesn't match the client assertion subject / issuer");
    }

    return clientSecretJWT;
  }

      throw new IllegalArgumentException("Missing issuer in client JWT assertion");

    if (!subjectValue.equals(issuerValue))
      throw new IllegalArgumentException("Issuer and subject in client JWT assertion must designate the same client identifier");

    return new ClientID(subjectValue);
  }

    if (StringUtils.isBlank(v))
      throw new ParseException("Missing \"client_id\" parameter",
        OAuth2Error.INVALID_REQUEST);

    ClientID clientID = new ClientID(v);


    // Parse optional redirection URI second
    v = params.get("redirect_uri");

    if (clientIDString == null)
      return null;

    else
      return new ClientID(clientIDString);
  }