Example 1 with IDTokenValidator
use of com.nimbusds.openid.connect.sdk.validators.IDTokenValidator in project pac4j by pac4j.
the class OidcProfileCreator method internalInit.
@Override
protected void internalInit() {
assertNotNull("configuration", configuration);
// check algorithms
final List<JWSAlgorithm> metadataAlgorithms = configuration.findProviderMetadata().getIDTokenJWSAlgs();
CommonHelper.assertTrue(CommonHelper.isNotEmpty(metadataAlgorithms), "There must at least one JWS algorithm supported on the OpenID Connect provider side");
JWSAlgorithm jwsAlgorithm;
final JWSAlgorithm preferredAlgorithm = configuration.getPreferredJwsAlgorithm();
if (metadataAlgorithms.contains(preferredAlgorithm)) {
jwsAlgorithm = preferredAlgorithm;
} else {
jwsAlgorithm = metadataAlgorithms.get(0);
logger.warn("Preferred JWS algorithm: {} not available. Defaulting to: {}", preferredAlgorithm, jwsAlgorithm);
}
if ("none".equals(jwsAlgorithm.getName())) {
jwsAlgorithm = null;
}
final ClientID _clientID = new ClientID(configuration.getClientId());
final Secret _secret = new Secret(configuration.getSecret());
// Init IDTokenVerifier
if (jwsAlgorithm == null) {
this.idTokenValidator = new IDTokenValidator(configuration.findProviderMetadata().getIssuer(), _clientID);
} else if (CommonHelper.isNotBlank(configuration.getSecret()) && (JWSAlgorithm.HS256.equals(jwsAlgorithm) || JWSAlgorithm.HS384.equals(jwsAlgorithm) || JWSAlgorithm.HS512.equals(jwsAlgorithm))) {
this.idTokenValidator = createHMACTokenValidator(jwsAlgorithm, _clientID, _secret);
} else {
this.idTokenValidator = createRSATokenValidator(jwsAlgorithm, _clientID);
}
this.idTokenValidator.setMaxClockSkew(configuration.getMaxClockSkew());
defaultProfileDefinition(new OidcProfileDefinition<>());
}
Also used :
Secret(com.nimbusds.oauth2.sdk.auth.Secret)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
IDTokenValidator(com.nimbusds.openid.connect.sdk.validators.IDTokenValidator)
Example 2 with IDTokenValidator
use of com.nimbusds.openid.connect.sdk.validators.IDTokenValidator in project pac4j by pac4j.
the class AzureAdIdTokenValidator method validate.
@Override
public IDTokenClaimsSet validate(final JWT idToken, final Nonce expectedNonce) throws BadJOSEException, JOSEException {
try {
if (originalIssuer.contains("%7Btenantid%7D")) {
Object tid = idToken.getJWTClaimsSet().getClaim("tid");
if (tid == null) {
throw new BadJWTException("ID token does not contain the 'tid' claim");
}
base = new IDTokenValidator(new Issuer(originalIssuer.replace("%7Btenantid%7D", tid.toString())), base.getClientID(), base.getJWSKeySelector(), base.getJWEKeySelector());
base.setMaxClockSkew(getMaxClockSkew());
}
} catch (ParseException e) {
throw new BadJWTException(e.getMessage(), e);
}
return base.validate(idToken, expectedNonce);
}
Also used :
Issuer(com.nimbusds.oauth2.sdk.id.Issuer)
BadJWTException(com.nimbusds.jwt.proc.BadJWTException)
ParseException(java.text.ParseException)
IDTokenValidator(com.nimbusds.openid.connect.sdk.validators.IDTokenValidator)
Aggregations
IDTokenValidator (com.nimbusds.openid.connect.sdk.validators.IDTokenValidator)2
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1
BadJWTException (com.nimbusds.jwt.proc.BadJWTException)1
Secret (com.nimbusds.oauth2.sdk.auth.Secret)1
ClientID (com.nimbusds.oauth2.sdk.id.ClientID)1
Issuer (com.nimbusds.oauth2.sdk.id.Issuer)1
ParseException (java.text.ParseException)1
