Package org.keycloak.authentication.authenticators.client

Class AbstractBaseJWTValidator

java.lang.Object

org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator

Direct Known Subclasses:

AbstractJWTClientValidator, JWTAuthorizationGrantValidator

public abstract class AbstractBaseJWTValidator
extends Object

Base validator for JWT authorization grant and JWT client validators.

Author:

rmartinc

Field Summary

Fields

Modifier and Type	Field	Description
protected final ClientAssertionState	clientAssertionState
protected final int	currentTime
protected final KeycloakSession	session

Constructor Summary

Constructors

Constructor	Description
AbstractBaseJWTValidator(KeycloakSession session, ClientAssertionState clientAssertionState)

Method Summary

Modifier and Type	Method	Description
protected abstract void	failureCallback(String errorDescription)
String	getClientAssertion()
JWSInput	getJws()
ClientAssertionState	getState()
boolean	validateSignatureAlgorithm(String expectedSignatureAlg)
boolean	validateTokenActive(int allowedClockSkew, int maxExp, boolean reusePermitted)
boolean	validateTokenAudience(List<String> expectedAudiences, boolean multipleAudienceAllowed)
protected boolean	validateTokenReuse(long lifespanInSecs)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

clientAssertionState

protected final ClientAssertionState clientAssertionState

session

protected final KeycloakSession session

currentTime

protected final int currentTime

Constructor Details

AbstractBaseJWTValidator

public AbstractBaseJWTValidator(KeycloakSession session,
 ClientAssertionState clientAssertionState)

Method Details

getState

public ClientAssertionState getState()

getClientAssertion

public String getClientAssertion()

getJws

public JWSInput getJws()

validateTokenActive

public boolean validateTokenActive(int allowedClockSkew,
 int maxExp,
 boolean reusePermitted)

validateTokenReuse

protected boolean validateTokenReuse(long lifespanInSecs)

validateTokenAudience

public boolean validateTokenAudience(List<String> expectedAudiences,
 boolean multipleAudienceAllowed)

validateSignatureAlgorithm

public boolean validateSignatureAlgorithm(String expectedSignatureAlg)

failureCallback

protected abstract void failureCallback(String errorDescription)