Class ClientJwtValidator
java.lang.Object
org.apache.kafka.common.security.oauthbearer.ClientJwtValidator
- All Implemented Interfaces:
Closeable,AutoCloseable,org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable,JwtValidator
ClientJwtValidator is an implementation of JwtValidator that is used by the client to perform some rudimentary validation of the JWT access token that is received as part of the response from posting the client credentials to the OAuth/OIDC provider's token endpoint. The validation steps performed are: - Basic structural validation of the
b64tokenvalue as defined in RFC 6750 Section 2.1 - Basic conversion of the token into an in-memory map
- Presence of
scope,exp,subject, andiatclaims
Field Summary
FieldsFields inherited from interface org.apache.kafka.common.security.oauthbearer.JwtValidator
IAT_CLAIM_REQUIRED, JTI_CLAIM_REQUIREDConstructor Summary
ConstructorsMethod Summary
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable
close
Field Details
EXPIRATION_CLAIM_NAME
- See Also:
ISSUED_AT_CLAIM_NAME
- See Also:
Constructor Details
ClientJwtValidator
public ClientJwtValidator()
Method Details
configure
public void configure(Map<String, ?> configs, String saslMechanism, List<AppConfigurationEntry> jaasConfigEntries) - Specified by:
configurein interfaceorg.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable
validate
Accepts an OAuth JWT access token in base-64 encoded format, validates, and returns an OAuthBearerToken.- Specified by:
validatein interfaceJwtValidator- Parameters:
accessToken- Non-nullJWT access token- Returns:
OAuthBearerToken- Throws:
JwtValidatorException- Thrown on errors performing validation of given token