Package org.forgerock.oauth.resolvers
Interface OpenIdResolver
-
- All Known Implementing Classes:
BaseOpenIdResolver,JWKOpenIdResolverImpl,PublicKeyOpenIdResolverImpl,SharedSecretOpenIdResolverImpl
public interface OpenIdResolverValidation of Open ID Connect JWTs via verification of their internals (issuer, audience, signature, etc.). Each Resolver relates to one specific issuer (which can be retrieved viagetIssuer()) and performs validation against a suppliedSignedJwt, throwing anOpenIdConnectVerificationExceptionif there are any issues which do not conform to the verification spec as per: More details on how the verification should be completed can be found at http://openid.net/specs/openid-authentication-2_0.htmlvalidateIdentity(org.forgerock.json.jose.jws.SignedJwt)performs all individual checks.
-
-
Field Summary
Fields Modifier and Type Field Description static StringCLIENT_SECRET_KEYLookup key for the client secret.static StringISSUER_KEYLookup key for the issuer's name.static StringJWKLookup key for JWK configuration.static StringKEY_ALIAS_KEYLookup key for a key stored in a keystore.static StringKEYSTORE_LOCATION_KEYLookup key for the location of a keystore.static StringKEYSTORE_PASS_KEYLookup key for the password to a keystore.static StringKEYSTORE_TYPE_KEYLookup key for the type of a keystore.static StringWELL_KNOWN_CONFIGURATIONLookup key for a .well-known Open ID Connect config.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description StringgetIssuer()Returns the issuer (IdP) for which this resolver will resolve identities.voidvalidateIdentity(SignedJwt idClaim)Validates the supplied Jwt against this OpenId Connect Idp.
-
-
-
Field Detail
-
KEY_ALIAS_KEY
static final String KEY_ALIAS_KEY
Lookup key for a key stored in a keystore.- See Also:
- Constant Field Values
-
ISSUER_KEY
static final String ISSUER_KEY
Lookup key for the issuer's name.- See Also:
- Constant Field Values
-
CLIENT_SECRET_KEY
static final String CLIENT_SECRET_KEY
Lookup key for the client secret.- See Also:
- Constant Field Values
-
JWK
static final String JWK
Lookup key for JWK configuration.- See Also:
- Constant Field Values
-
WELL_KNOWN_CONFIGURATION
static final String WELL_KNOWN_CONFIGURATION
Lookup key for a .well-known Open ID Connect config.- See Also:
- Constant Field Values
-
KEYSTORE_LOCATION_KEY
static final String KEYSTORE_LOCATION_KEY
Lookup key for the location of a keystore.- See Also:
- Constant Field Values
-
KEYSTORE_TYPE_KEY
static final String KEYSTORE_TYPE_KEY
Lookup key for the type of a keystore.- See Also:
- Constant Field Values
-
KEYSTORE_PASS_KEY
static final String KEYSTORE_PASS_KEY
Lookup key for the password to a keystore.- See Also:
- Constant Field Values
-
-
Method Detail
-
validateIdentity
void validateIdentity(SignedJwt idClaim) throws OpenIdConnectVerificationException
Validates the supplied Jwt against this OpenId Connect Idp.- Parameters:
idClaim- The Jwt to test is authenticated from this issuer- Throws:
OpenIdConnectVerificationException- If the Jwt is unable to be verified
-
getIssuer
String getIssuer()
Returns the issuer (IdP) for which this resolver will resolve identities.- Returns:
- the name of the issuer
-
-