Example 1 with JWTAuthorizationGrantsException
use of oidc.exceptions.JWTAuthorizationGrantsException in project OpenConext-oidcng by OpenConext.
the class TokenEndpoint method verifySignature.
boolean verifySignature(JWTAuthentication jwtAuthentication, OpenIDClient openIDClient, String tokenEndpoint) throws JOSEException, java.text.ParseException, CertificateException, IOException, BadJOSEException {
Optional<JWTClaimsSet> jwtClaimsSetOptional = jwtClaimsSet(openIDClient, jwtAuthentication);
if (!jwtClaimsSetOptional.isPresent()) {
return false;
}
JWTClaimsSet claimsSet = jwtClaimsSetOptional.get();
// https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-10
if (!openIDClient.getClientId().equals(claimsSet.getIssuer())) {
throw new JWTAuthorizationGrantsException("Invalid issuer");
}
if (!openIDClient.getClientId().equals(claimsSet.getSubject())) {
throw new JWTAuthorizationGrantsException("Invalid subject");
}
if (!claimsSet.getAudience().contains(tokenEndpoint)) {
throw new JWTAuthorizationGrantsException("Invalid audience");
}
if (new Date().after(claimsSet.getExpirationTime())) {
throw new JWTAuthorizationGrantsException("Expired claims");
}
return true;
}
Also used :
JWTAuthorizationGrantsException(oidc.exceptions.JWTAuthorizationGrantsException)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
Date(java.util.Date)
Aggregations
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1
Date (java.util.Date)1
JWTAuthorizationGrantsException (oidc.exceptions.JWTAuthorizationGrantsException)1
