Class JwtAuthenticationConfig

java.lang.Object

io.confluent.security.authentication.AuthenticationConfig<BearerCredential, JwtPrincipal>

io.confluent.security.authentication.oauthbearer.JwtAuthenticationConfig

public final class JwtAuthenticationConfig
extends AuthenticationConfig<BearerCredential, JwtPrincipal>

Configure JwtAuthenticator instance. JwtAuthenticator instances have two primary responsibilities: 1. Manage Issuer public key material. 2. Decode JsonWebSignature tokens and validate their claims. Key material handling is performed by the JwtAuthenticator VerificationKeyResolver. Each JwtIssuer must be provided a name which should be the URL of the JWT issuing authority. There are exceptions to this rule so any string value will do as long as it matches the incoming JWT iss claim value. There may be certain scenarios where JwtAuthenticator may want to take some action in an Issuer agnostic manner. One such use cases would be to forward the token to another trusted service for validation. In order to support this use case register a JwtIssuer with the name '*'. This will act as a catchall for any unrecognized issuer. Token verification may be restricted to a specific set of keys by setting the AlgorithmWhitelist parameter. SignatureAlgorithm.RS256 and SignatureAlgorithm.ES256 are whitelisted by default.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	JwtAuthenticationConfig.Builder

Nested classes/interfaces inherited from class io.confluent.security.authentication.AuthenticationConfig

AuthenticationConfig.Kind

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CONFIG_PREFIX
static final String	CONFLUENT_ISSUER
static final String	CONFLUENT_SPIRE_ISSUER_SUFFIX
static final String	CONFLUENT_SPIRE_ISSUER_SUFFIX_PROP

Method Summary

Modifier and Type	Method	Description
Set<SignatureAlgorithm>	algorithmWhitelist()
static JwtAuthenticationConfig.Builder	builder()
Authenticator<BearerCredential, JwtPrincipal>	createAuthenticator()	Creates a new Authenticator instance.
List<JwtIssuer>	issuers()	List of JwtIssuers registered with this JwtAuthenticator.
AuthenticationConfig.Kind	kind()	Describes the AuthenticationConfig implementation.
String	spireAgentSocketEndpoint()

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CONFLUENT_ISSUER

public static final String CONFLUENT_ISSUER

See Also:

• Constant Field Values

CONFIG_PREFIX

public static final String CONFIG_PREFIX

See Also:

• Constant Field Values

CONFLUENT_SPIRE_ISSUER_SUFFIX_PROP

public static final String CONFLUENT_SPIRE_ISSUER_SUFFIX_PROP

See Also:

• Constant Field Values

CONFLUENT_SPIRE_ISSUER_SUFFIX

public static final String CONFLUENT_SPIRE_ISSUER_SUFFIX

See Also:

• Constant Field Values

Method Details

kind

public AuthenticationConfig.Kind kind()

Describes the AuthenticationConfig implementation.

Specified by:

kind in class AuthenticationConfig<BearerCredential, JwtPrincipal>

Returns:

AuthenticationConfig.Kind

algorithmWhitelist

public Set<SignatureAlgorithm> algorithmWhitelist()

issuers

public List<JwtIssuer> issuers()

List of JwtIssuers registered with this JwtAuthenticator.

Returns:

List<JwtIssuer>

spireAgentSocketEndpoint

public String spireAgentSocketEndpoint()

Returns:

String Spire Agent Socket Endpoint

createAuthenticator

public Authenticator<BearerCredential, JwtPrincipal> createAuthenticator()

Creates a new Authenticator instance.

Specified by:

createAuthenticator in class AuthenticationConfig<BearerCredential, JwtPrincipal>

Returns:

Authenticator

builder

public static JwtAuthenticationConfig.Builder builder()