Examples of com.nimbusds.oauth2.sdk.auth.JWTAuthentication

• com.nimbusds.oauth2.sdk.token.BearerAccessToken
  Base abstract class for JSON Web Token (JWT) based client authentication at the Token endpoint.

  Related specifications:

  • OAuth 2.0 (RFC 6749), section-3.2.1.
  • JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (draft-ietf-oauth-jwt-bearer-10)

    ResponseType responseType = resp.impliedResponseType();
    assertTrue(new ResponseType("token").equals(responseType));

    Map<String,String> params = resp.toParameters();
    assertEquals(TOKEN.getValue(), params.get("access_token"));
    assertEquals(STATE, new State(params.get("state")));
    assertEquals(TOKEN.getType(), new AccessTokenType(params.get("token_type")));
    assertEquals("3600", params.get("expires_in"));
    assertEquals(4, params.size());

    URI uri = resp.toURI();

      }
    }


    // Parse optional state third
    State state = State.parse(params.get("state"));


    // Parse mandatory response type
    v = params.get("response_type");

  public void testParseSuccess()
    throws Exception {

    URI redirectURI = new URI("https://example.com/in");
    AuthorizationCode code = new AuthorizationCode("123");
    State state = new State("xyz");

    AuthenticationSuccessResponse successResponse = new AuthenticationSuccessResponse(redirectURI, code, null, null, state);

    HTTPResponse httpResponse = successResponse.toHTTPResponse();

  public void testParseError()
    throws Exception {

    URI redirectURI = new URI("https://example.com/in");
    ResponseType rt = new ResponseType(ResponseType.Value.CODE);
    State state = new State("xyz");

    AuthenticationErrorResponse errorResponse = new AuthenticationErrorResponse(redirectURI, OAuth2Error.ACCESS_DENIED, rt, state);

    HTTPResponse httpResponse = errorResponse.toHTTPResponse();

    ErrorObject error = new ErrorObject(errorCode, errorDescription, HTTPResponse.SC_FOUND, errorURI);


    // State
    State state = State.parse(params.get("state"));

    return new AuthorizationErrorResponse(redirectURI, error, null, state);
  }

    if (clientID == null)
      throw new IllegalArgumentException("The client ID must not be null");

    iss = new Issuer(clientID.getValue());

    sub = new Subject(clientID.getValue());


    if (aud == null)
      throw new IllegalArgumentException("The audience must not be null");

  public static JWTAuthenticationClaimsSet parse(final JSONObject jsonObject)
    throws ParseException {

    // Parse required claims
    Issuer iss = new Issuer(JSONObjectUtils.getString(jsonObject, "iss"));
    Subject sub = new Subject(JSONObjectUtils.getString(jsonObject, "sub"));

    Audience aud;

    if (jsonObject.get("aud") instanceof String) {

      aud = new Audience(JSONObjectUtils.getString(jsonObject, "aud"));

    } else {
      String[] audList = JSONObjectUtils.getStringArray(jsonObject, "aud");

      if (audList.length > 1)
        throw new ParseException("Multiple audiences (aud) not supported");

      aud = new Audience(audList[0]);
    }

    Date exp = DateUtils.fromSecondsSinceEpoch(JSONObjectUtils.getLong(jsonObject, "exp"));


    // Parse optional claims

    Date nbf = null;

    if (jsonObject.containsKey("nbf"))
      nbf = DateUtils.fromSecondsSinceEpoch(JSONObjectUtils.getLong(jsonObject, "nbf"));

    Date iat = null;

    if (jsonObject.containsKey("iat"))
      iat = DateUtils.fromSecondsSinceEpoch(JSONObjectUtils.getLong(jsonObject, "iat"));

    JWTID jti = null;

    if (jsonObject.containsKey("jti"))
      jti = new JWTID(JSONObjectUtils.getString(jsonObject, "jti"));


    // Check client ID

    if (! iss.getValue().equals(sub.getValue()))
      throw new ParseException("JWT issuer and subject must have the same client ID");

    ClientID clientID = new ClientID(iss.getValue());

    return new JWTAuthenticationClaimsSet(clientID, aud, exp, nbf, iat, jti);

    HashingSubjectIdentifierGenerator gen = new HashingSubjectIdentifierGenerator(salt);

    assertEquals(salt, new String(gen.saltBytes(), Charset.forName("UTF-8")));

    String sectorID = "example.com";
    Subject localSubject = new Subject("alice");

    Subject pairWiseSubject = gen.generate(sectorID, localSubject);

    System.out.println("Pairwise subject: " + pairWiseSubject);

    assertEquals("Consistency check", pairWiseSubject.toString(), gen.generate(sectorID, localSubject).toString());
  }

    assertTrue(new ResponseType("token").equals(responseType));

    Map<String,String> params = resp.toParameters();
    assertEquals(TOKEN.getValue(), params.get("access_token"));
    assertEquals(STATE, new State(params.get("state")));
    assertEquals(TOKEN.getType(), new AccessTokenType(params.get("token_type")));
    assertEquals("3600", params.get("expires_in"));
    assertEquals(4, params.size());

    URI uri = resp.toURI();

    AuthorizationSuccessResponse response = AuthorizationSuccessResponse.parse(redirectionURI);
    assertEquals("https://client.example.org/cb", response.getRedirectionURI().toString());
    assertNull(response.getAuthorizationCode());
    assertEquals("xyz", response.getState().getValue());
    BearerAccessToken accessToken = (BearerAccessToken)response.getAccessToken();
    assertEquals("2YotnFZFEjr1zCsicMWpAA", accessToken.getValue());
    assertEquals(3600l, accessToken.getLifetime());
  }