public class LoginAccessTokenValidator extends Object implements AccessTokenValidator
AccessTokenValidator
that is used
by the client to perform some rudimentary validation of the JWT access token that is received
as part of the response from posting the client credentials to the OAuth/OIDC provider's
token endpoint.
The validation steps performed are:
b64token
value as defined in
RFC 6750 Section 2.1
exp
, subject, and iat
claimsModifier and Type | Field and Description |
---|---|
static String |
EXPIRATION_CLAIM_NAME |
static String |
ISSUED_AT_CLAIM_NAME |
Constructor and Description |
---|
LoginAccessTokenValidator(String scopeClaimName,
String subClaimName)
Creates a new LoginAccessTokenValidator that will be used by the client for lightweight
validation of the JWT.
|
Modifier and Type | Method and Description |
---|---|
OAuthBearerToken |
validate(String accessToken)
Accepts an OAuth JWT access token in base-64 encoded format, validates, and returns an
OAuthBearerToken.
|
public static final String EXPIRATION_CLAIM_NAME
public static final String ISSUED_AT_CLAIM_NAME
public LoginAccessTokenValidator(String scopeClaimName, String subClaimName)
scopeClaimName
- Name of the scope claim to use; must be non-null
subClaimName
- Name of the subject claim to use; must be non-null
public OAuthBearerToken validate(String accessToken) throws ValidateException
validate
in interface AccessTokenValidator
accessToken
- Non-null
JWT access tokenOAuthBearerToken
ValidateException
- Thrown on errors performing validation of given token