Package io.confluent.security.authentication.oauthbearer

Class JwtIssuerJku

java.lang.Object
io.confluent.security.authentication.oauthbearer.JwtIssuer
io.confluent.security.authentication.oauthbearer.JwtIssuerJku
public final class JwtIssuerJku extends JwtIssuer
Fetches Signature Verification key information at the URL found in the tokens jku claim. Use the parameter domainWhiteList to restrict which Issuers may provide public key information.

  • Method Details

    • name

      public String name()
      JsonWebSignature Issuer name. This should be the URL of the Authorization Server though there may be some cases where its not.
      Specified by:
      name in class JwtIssuer
      Returns:
      JsonWebSignature Issuing authority.

    • audience

      public Set<String> audience()
      The recipient(s) for this token.
      Specified by:
      audience in class JwtIssuer
      Returns:
      audience claim value.

    • keyResolver

      public ConstrainedVerificationKeyResolver keyResolver(Collection<Constraint> constraints, io.confluent.security.util.SecurityContext context)
      Returns Signature Verification Key identified by HeaderParameterNames.JWK_SET_URL
      Specified by:
      keyResolver in class JwtIssuer
      Parameters:
      constraints - Collection of Constraint to be enforced.
      Returns:
      ConstrainedVerificationKeyResolver

    • createConsumer

      public org.jose4j.jwt.consumer.JwtConsumer createConsumer(Collection<Constraint> constraints, boolean requireSubjectClaim, io.confluent.security.util.SecurityContext context)
      Description copied from class: JwtIssuer
      Creates a new JwtConsumer to process incoming JsonWebSignatures.
      Overrides:
      createConsumer in class JwtIssuer
      Parameters:
      constraints - Custom collection of Constraint instances.
      Returns:
      JwtConsumer instance.

    • builder

      public static JwtIssuerJku.Builder builder()