All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.nimbusds.oauth2.sdk.auth.ClientSecretJWT Maven / Gradle / Ivy

Go to download

OAuth 2.0 SDK with OpenID Connection extensions for developing client and server applications.

There is a newer version: 11.19.1
Show newest version
package com.nimbusds.oauth2.sdk.auth;


import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import net.jcip.annotations.Immutable;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.SignedJWT;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.http.CommonContentTypes;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.util.URLUtils;


/**
 * Client secret JWT authentication at the Token endpoint. Implements
 * {@link ClientAuthenticationMethod#CLIENT_SECRET_JWT}.
 *
 * 

Supported signature JSON Web Algorithms (JWAs) by this implementation: * *

    *
  • HS256 *
  • HS384 *
  • HS512 *
* *

Related specifications: * *

    *
  • Assertion Framework for OAuth 2.0 (draft-ietf-oauth-assertions-16) *
  • JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 * (draft-ietf-oauth-jwt-bearer-10). *
*/ @Immutable public final class ClientSecretJWT extends JWTAuthentication { /** * Gets the set of supported signature JSON Web Algorithms (JWAs) by * this implementation of client secret JSON Web Token (JWT) * authentication. * * @return The set of supported JSON Web Algorithms (JWAs). */ public static Set getSupportedJWAs() { Set supported = new HashSet<>(); supported.add(JWSAlgorithm.HS256); supported.add(JWSAlgorithm.HS384); supported.add(JWSAlgorithm.HS512); return Collections.unmodifiableSet(supported); } /** * Creates a new client secret JWT authentication. * * @param clientAssertion The client assertion, corresponding to the * {@code client_assertion_parameter}, as a * supported HMAC-protected JWT. Must be signed * and not {@code null}. */ public ClientSecretJWT(final SignedJWT clientAssertion) { super(ClientAuthenticationMethod.CLIENT_SECRET_JWT, clientAssertion); if (! getSupportedJWAs().contains(clientAssertion.getHeader().getAlgorithm())) throw new IllegalArgumentException("The client assertion JWT must be HMAC-signed (HS256, HS384 or HS512)"); } /** * Parses the specified parameters map for a client secret JSON Web * Token (JWT) authentication. Note that the parameters must not be * {@code application/x-www-form-urlencoded} encoded. * * @param params The parameters map to parse. The client secret JSON * Web Token (JWT) parameters must be keyed under * "client_assertion" and "client_assertion_type". The * map must not be {@code null}. * * @return The client secret JSON Web Token (JWT) authentication. * * @throws ParseException If the parameters map couldn't be parsed to a * client secret JSON Web Token (JWT) * authentication. */ public static ClientSecretJWT parse(final Map params) throws ParseException { JWTAuthentication.ensureClientAssertionType(params); SignedJWT clientAssertion = JWTAuthentication.parseClientAssertion(params); ClientSecretJWT clientSecretJWT; try { clientSecretJWT = new ClientSecretJWT(clientAssertion); } catch (IllegalArgumentException e) { throw new ParseException(e.getMessage(), e); } // Check that the top level client_id matches the assertion subject + issuer ClientID clientID = JWTAuthentication.parseClientID(params); if (clientID != null) { if (! clientID.equals(clientSecretJWT.getClientID())) throw new ParseException("The client identifier doesn't match the client assertion subject / issuer"); } return clientSecretJWT; } /** * Parses a client secret JSON Web Token (JWT) authentication from the * specified {@code application/x-www-form-urlencoded} encoded * parameters string. * * @param paramsString The parameters string to parse. The client secret * JSON Web Token (JWT) parameters must be keyed * under "client_assertion" and * "client_assertion_type". The string must not be * {@code null}. * * @return The client secret JSON Web Token (JWT) authentication. * * @throws ParseException If the parameters string couldn't be parsed * to a client secret JSON Web Token (JWT) * authentication. */ public static ClientSecretJWT parse(final String paramsString) throws ParseException { Map params = URLUtils.parseParameters(paramsString); return parse(params); } /** * Parses the specified HTTP POST request for a client secret JSON Web * Token (JWT) authentication. * * @param httpRequest The HTTP POST request to parse. Must not be * {@code null} and must contain a valid * {@code application/x-www-form-urlencoded} encoded * parameters string in the entity body. The client * secret JSON Web Token (JWT) parameters must be * keyed under "client_assertion" and * "client_assertion_type". * * @return The client secret JSON Web Token (JWT) authentication. * * @throws ParseException If the HTTP request header couldn't be parsed * to a client secret JSON Web Token (JWT) * authentication. */ public static ClientSecretJWT parse(final HTTPRequest httpRequest) throws ParseException { httpRequest.ensureMethod(HTTPRequest.Method.POST); httpRequest.ensureContentType(CommonContentTypes.APPLICATION_URLENCODED); return parse(httpRequest.getQueryParameters()); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy