Package org.wildfly.security.http.oidc

Class TokenValidator

java.lang.Object

org.wildfly.security.http.oidc.TokenValidator

public class TokenValidator
extends Object

Validator for an ID token or bearer token, as per OpenID Connect Core 1.0 and RFC 7523.

Author:

Farah Juma

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private static class	TokenValidator.AtHashValidator
private static class	TokenValidator.AzpValidator
static class	TokenValidator.Builder
private static class	TokenValidator.TypeValidator
static class	TokenValidator.VerifiedTokens

Field Summary

Fields

Modifier and Type	Field	Description
private OidcClientConfiguration	clientConfiguration
private static int	HEADER_INDEX
private org.jose4j.jwt.consumer.JwtConsumerBuilder	jwtConsumerBuilder

Constructor Summary

Constructors

Modifier	Constructor	Description
private	TokenValidator(TokenValidator.Builder builder)

Method Summary

Modifier and Type	Method	Description
static TokenValidator.Builder	builder(OidcClientConfiguration clientConfiguration)	Construct a new builder instance.
private static String	getAccessTokenHash(String accessTokenString, String jwsAlgorithm)
AccessToken	parseAndVerifyToken(String bearerToken)	Parse and verify the given bearer token.
TokenValidator.VerifiedTokens	parseAndVerifyToken(String idToken, String accessToken)	Parse and verify the given ID token.
private org.jose4j.jwt.consumer.JwtContext	setVerificationKey(String token, org.jose4j.jwt.consumer.JwtConsumerBuilder jwtConsumerBuilder)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

HEADER_INDEX

private static final int HEADER_INDEX

See Also:

Constant Field Values

jwtConsumerBuilder

private org.jose4j.jwt.consumer.JwtConsumerBuilder jwtConsumerBuilder

clientConfiguration

private OidcClientConfiguration clientConfiguration

Constructor Detail

TokenValidator

private TokenValidator(TokenValidator.Builder builder)

Method Detail

parseAndVerifyToken

public TokenValidator.VerifiedTokens parseAndVerifyToken(String idToken,
                                                         String accessToken)
                                                  throws OidcException

Parse and verify the given ID token.

Parameters:

idToken - the ID token

Returns:

the VerifiedTokens if the ID token was valid

Throws:

OidcException - if the ID token is invalid

parseAndVerifyToken

public AccessToken parseAndVerifyToken(String bearerToken)
                                throws OidcException

Parse and verify the given bearer token.

Parameters:

bearerToken - the bearer token

Returns:

the AccessToken if the bearer token was valid

Throws:

OidcException - if the bearer token is invalid

setVerificationKey

private org.jose4j.jwt.consumer.JwtContext setVerificationKey(String token,
                                                              org.jose4j.jwt.consumer.JwtConsumerBuilder jwtConsumerBuilder)
                                                       throws org.jose4j.jwt.consumer.InvalidJwtException

Throws:

org.jose4j.jwt.consumer.InvalidJwtException

builder

public static TokenValidator.Builder builder(OidcClientConfiguration clientConfiguration)

Construct a new builder instance.

Parameters:

clientConfiguration - the OIDC client configuration

Returns:

the new builder instance

getAccessTokenHash

private static String getAccessTokenHash(String accessTokenString,
                                         String jwsAlgorithm)
                                  throws NoSuchAlgorithmException

Throws:

NoSuchAlgorithmException