.audience(Lists.newArrayList(client.getClientId())) .issuer(config.getIssuer()) .issueTime(new Date())
claimsSet.audience(Lists.newArrayList(serverConfig.getTokenEndpointUri())); claimsSet.jwtID(UUID.randomUUID().toString());
.audience(Lists.newArrayList(client.getClientId())) .issuer(configBean.getIssuer()) .issueTime(new Date())
val claims = new JWTClaimsSet.Builder() .audience(serviceAudience) .issuer(casSeverPrefix) .jwtID(jwtId)
.audience(Collections.singletonList(jwtAudience)) .issuer(credential.getClientId()) .jwtID(UUID.randomUUID().toString())
claims.audience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString())); claims.issuer(config.getIssuer()); claims.jwtID(UUID.randomUUID().toString());
final JWTClaimsSet.Builder claims = new JWTClaimsSet.Builder() .audience(service.getId()) .issuer(casProperties.getServer().getPrefix()) .jwtID(ticketId)
.audience(Lists.newArrayList(client.getClientId())) .issuer(configBean.getIssuer()) .issueTime(new Date())
public String buildIdToken(OAuth2AccessToken accessToken, String orcid, String clientID, String nonce) throws JOSEException { Builder claims = new JWTClaimsSet.Builder(); claims.audience(clientID); if (Features.OPENID_SIMPLE_SUBJECT.isActive()){ claims.subject(orcid);
/** * Build a signed jwt token from authorization request message context. * * @param request Oauth authorization message context. * @return Signed jwt string. * @throws IdentityOAuth2Exception */ protected String buildJWTToken(OAuthAuthzReqMessageContext request) throws IdentityOAuth2Exception { // Set claims to jwt token. JWTClaimsSet jwtClaimsSet = createJWTClaimSet(request, null, request.getAuthorizationReqDTO() .getConsumerKey()); JWTClaimsSet.Builder jwtClaimsSetBuilder = new JWTClaimsSet.Builder(jwtClaimsSet); if (request.getApprovedScope() != null && Arrays.asList((request.getApprovedScope())).contains(AUDIENCE)) { jwtClaimsSetBuilder.audience(Arrays.asList(request.getApprovedScope())); } jwtClaimsSet = jwtClaimsSetBuilder.build(); if (JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName())) { return new PlainJWT(jwtClaimsSet).serialize(); } return signJWT(jwtClaimsSet, null, request); }
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) throws Exception { JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .subject(sub) .issueTime(new Date(new Date().getTime())) .issuer("https://c2id.com") .claim("scope", "openid") .audience("bar") .expirationTime(expires) .build(); List<String> aud = new ArrayList<String>(); aud.add("bar"); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build(); SignedJWT signedJWT = new SignedJWT(header, claimsSet); JWSSigner signer = new RSASSASigner(privateKey); signedJWT.sign(signer); return signedJWT; } }
/** * Build a signed jwt token from OauthToken request message context. * * @param request Token request message context. * @return Signed jwt string. * @throws IdentityOAuth2Exception */ protected String buildJWTToken(OAuthTokenReqMessageContext request) throws IdentityOAuth2Exception { // Set claims to jwt token. JWTClaimsSet jwtClaimsSet = createJWTClaimSet(null, request, request.getOauth2AccessTokenReqDTO() .getClientId()); JWTClaimsSet.Builder jwtClaimsSetBuilder = new JWTClaimsSet.Builder(jwtClaimsSet); if (request.getScope() != null && Arrays.asList((request.getScope())).contains(AUDIENCE)) { jwtClaimsSetBuilder.audience(Arrays.asList(request.getScope())); } jwtClaimsSet = jwtClaimsSetBuilder.build(); if (JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName())) { return new PlainJWT(jwtClaimsSet).serialize(); } return signJWT(jwtClaimsSet, request, null); }
public JWTToken(String alg, String[] claimsArray, List<String> audiences) { JWSHeader header = new JWSHeader(new JWSAlgorithm(alg)); if (claimsArray[2] != null) { if (audiences == null) { audiences = new ArrayList<>(); } audiences.add(claimsArray[2]); } JWTClaimsSet claims; JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder() .issuer(claimsArray[0]) .subject(claimsArray[1]) .audience(audiences); if(claimsArray[3] != null) { builder = builder.expirationTime(new Date(Long.parseLong(claimsArray[3]))); } claims = builder.build(); jwt = new SignedJWT(header, claims); }
public JWTToken(String alg, String[] claimsArray, List<String> audiences) { JWSHeader header = new JWSHeader(new JWSAlgorithm(alg)); if (claimsArray[2] != null) { if (audiences == null) { audiences = new ArrayList<>(); } audiences.add(claimsArray[2]); } JWTClaimsSet claims = null; JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder() .issuer(claimsArray[0]) .subject(claimsArray[1]) .audience(audiences); if(claimsArray[3] != null) { builder = builder.expirationTime(new Date(Long.parseLong(claimsArray[3]))); } claims = builder.build(); jwt = new SignedJWT(header, claims); }
protected Payload createPayload(String aud, String subject, Long expirationMillis, Map<String, Object> claimMap) { JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); builder //.issueTime(new Date()) .expirationTime(new Date(System.currentTimeMillis() + expirationMillis)) .audience(aud) .subject(subject) .claim(LEMON_IAT, System.currentTimeMillis()); claimMap.forEach(builder::claim); JWTClaimsSet claims = builder.build(); return new Payload(claims.toJSONObject()); }
private static String getSignedJwt(ServiceAccountCredentials credentials, String iapClientId) throws Exception { Instant now = Instant.now(clock); long expirationTime = now.getEpochSecond() + EXPIRATION_TIME_IN_SECONDS; // generate jwt signed by service account // header must contain algorithm ("alg") and key ID ("kid") JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(credentials.getPrivateKeyId()).build(); // set required claims JWTClaimsSet claims = new JWTClaimsSet.Builder() .audience(OAUTH_TOKEN_URI) .issuer(credentials.getClientEmail()) .subject(credentials.getClientEmail()) .issueTime(Date.from(now)) .expirationTime(Date.from(Instant.ofEpochSecond(expirationTime))) .claim("target_audience", iapClientId) .build(); // sign using service account private key JWSSigner signer = new RSASSASigner(credentials.getPrivateKey()); SignedJWT signedJwt = new SignedJWT(jwsHeader, claims); signedJwt.sign(signer); return signedJwt.serialize(); }
idClaims.audience(Lists.newArrayList(client.getClientId()));
builder.audience(Lists.newArrayList(audience));
claims.audience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString())); claims.issuer(config.getIssuer()); claims.jwtID(UUID.randomUUID().toString());