EncryptedJWT jwt = new EncryptedJWT(new JWEHeader(alg, enc), claims.build());
SignedJWT jwt = new SignedJWT(new JWSHeader(alg), claims.build());
private OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client, AuthenticationHolderEntity authHolder) { OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken(); JWTClaimsSet.Builder refreshClaims = new JWTClaimsSet.Builder(); // make it expire if necessary if (client.getRefreshTokenValiditySeconds() != null) { Date expiration = new Date(System.currentTimeMillis() + (client.getRefreshTokenValiditySeconds() * 1000L)); refreshToken.setExpiration(expiration); refreshClaims.expirationTime(expiration); } // set a random identifier refreshClaims.jwtID(UUID.randomUUID().toString()); // TODO: add issuer fields, signature to JWT PlainJWT refreshJwt = new PlainJWT(refreshClaims.build()); refreshToken.setJwt(refreshJwt); //Add the authentication refreshToken.setAuthenticationHolder(authHolder); refreshToken.setClient(client); // save the token first so that we can set it to a member of the access token (NOTE: is this step necessary?) OAuth2RefreshTokenEntity savedRefreshToken = tokenRepository.saveRefreshToken(refreshToken); return savedRefreshToken; }
public JWTToken(String alg, String[] claimsArray, List<String> audiences) { JWSHeader header = new JWSHeader(new JWSAlgorithm(alg)); if (claimsArray[2] != null) { if (audiences == null) { audiences = new ArrayList<>(); } audiences.add(claimsArray[2]); } JWTClaimsSet claims; JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder() .issuer(claimsArray[0]) .subject(claimsArray[1]) .audience(audiences); if(claimsArray[3] != null) { builder = builder.expirationTime(new Date(Long.parseLong(claimsArray[3]))); } claims = builder.build(); jwt = new SignedJWT(header, claims); }
private OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client, AuthenticationHolderEntity authHolder) { OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken(); JWTClaimsSet.Builder refreshClaims = new JWTClaimsSet.Builder(); // make it expire if necessary if (client.getRefreshTokenValiditySeconds() != null) { Date expiration = new Date(System.currentTimeMillis() + (client.getRefreshTokenValiditySeconds() * 1000L)); refreshToken.setExpiration(expiration); refreshClaims.expirationTime(expiration); } // set a random identifier refreshClaims.jwtID(UUID.randomUUID().toString()); // TODO: add issuer fields, signature to JWT PlainJWT refreshJwt = new PlainJWT(refreshClaims.build()); refreshToken.setJwt(refreshJwt); //Add the authentication refreshToken.setAuthenticationHolder(authHolder); refreshToken.setClient(client); // save the token first so that we can set it to a member of the access token (NOTE: is this step necessary?) OAuth2RefreshTokenEntity savedRefreshToken = tokenRepository.saveRefreshToken(refreshToken); return savedRefreshToken; }
public JWTToken(String alg, String[] claimsArray, List<String> audiences) { JWSHeader header = new JWSHeader(new JWSAlgorithm(alg)); if (claimsArray[2] != null) { if (audiences == null) { audiences = new ArrayList<>(); } audiences.add(claimsArray[2]); } JWTClaimsSet claims = null; JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder() .issuer(claimsArray[0]) .subject(claimsArray[1]) .audience(audiences); if(claimsArray[3] != null) { builder = builder.expirationTime(new Date(Long.parseLong(claimsArray[3]))); } claims = builder.build(); jwt = new SignedJWT(header, claims); }
protected JWTClaimsSet buildJwtClaimsSet(final U profile) { // claims builder with subject and issue time final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder() .subject(profile.getTypedId()) .issueTime(new Date()); if (this.expirationTime != null) { builder.expirationTime(this.expirationTime); } // add attributes final Map<String, Object> attributes = profile.getAttributes(); for (final Map.Entry<String, Object> entry : attributes.entrySet()) { builder.claim(entry.getKey(), entry.getValue()); } builder.claim(INTERNAL_ROLES, profile.getRoles()); builder.claim(INTERNAL_PERMISSIONS, profile.getPermissions()); // claims return builder.build(); }
protected JWT getJwt() { String jti = (String) claims.get(ID_CLAIM); if (jti == null || jti.isEmpty()) { jti = UUID.randomUUID().toString(); claims.put(ID_CLAIM, jti); } JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); for (Map.Entry<String, Object> entry : claims.entrySet()) { builder = builder.claim(entry.getKey(), entry.getValue()); } PlainHeader header = new PlainHeader(); PlainJWT jwt = new PlainJWT(header, builder.build()); return jwt; }
protected JWT getJwt() { String jti = (String) claims.get(ID_CLAIM); if (jti == null || jti.isEmpty()) { jti = UUID.randomUUID().toString(); claims.put(ID_CLAIM, jti); } JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); for (Map.Entry<String, Object> entry : claims.entrySet()) { builder = builder.claim(entry.getKey(), entry.getValue()); } PlainHeader header = new PlainHeader(); PlainJWT jwt = new PlainJWT(header, builder.build()); return jwt; }
private static String signJWT(String uid, PrivateKey privateKey) { final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(); final JWTClaimsSet payload = new JWTClaimsSet.Builder().claim("uid", uid).build(); final SignedJWT signedJWT = new SignedJWT(header, payload); try { signedJWT.sign(new RSASSASigner(privateKey)); return signedJWT.serialize(); } catch (JOSEException e) { throw new RuntimeException(e); } }
private static String signJWT(String uid, PrivateKey privateKey) { final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(); final JWTClaimsSet payload = new JWTClaimsSet.Builder().claim("uid", uid).build(); final SignedJWT signedJWT = new SignedJWT(header, payload); try { signedJWT.sign(new RSASSASigner(privateKey)); return signedJWT.serialize(); } catch (JOSEException e) { throw new RuntimeException(e); } }
public static String serialize(LoginSessionToken loginSession, String callerPrincipal, List<String> roles) { JWTClaimsSet claimSet = new JWTClaimsSet.Builder().claim("principal", callerPrincipal).claim("roles", roles) .claim("loginSession", loginSession.getValue()).build(); String encryptedToken = EncryptedTokenSerializer.serialize(claimSet, getSecretKey()); return encryptedToken; }
protected Payload createPayload(String aud, String subject, Long expirationMillis, Map<String, Object> claimMap) { JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); builder //.issueTime(new Date()) .expirationTime(new Date(System.currentTimeMillis() + expirationMillis)) .audience(aud) .subject(subject) .claim(LEMON_IAT, System.currentTimeMillis()); claimMap.forEach(builder::claim); JWTClaimsSet claims = builder.build(); return new Payload(claims.toJSONObject()); }
private static String getSignedJwt(ServiceAccountCredentials credentials, String iapClientId) throws Exception { Instant now = Instant.now(clock); long expirationTime = now.getEpochSecond() + EXPIRATION_TIME_IN_SECONDS; // generate jwt signed by service account // header must contain algorithm ("alg") and key ID ("kid") JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(credentials.getPrivateKeyId()).build(); // set required claims JWTClaimsSet claims = new JWTClaimsSet.Builder() .audience(OAUTH_TOKEN_URI) .issuer(credentials.getClientEmail()) .subject(credentials.getClientEmail()) .issueTime(Date.from(now)) .expirationTime(Date.from(Instant.ofEpochSecond(expirationTime))) .claim("target_audience", iapClientId) .build(); // sign using service account private key JWSSigner signer = new RSASSASigner(credentials.getPrivateKey()); SignedJWT signedJwt = new SignedJWT(jwsHeader, claims); signedJwt.sign(signer); return signedJwt.serialize(); }
signer.getDefaultSignerKeyId(), null, null); SignedJWT jwt = new SignedJWT(header, claimsSet.build());
idToken = new EncryptedJWT(new JWEHeader(client.getIdTokenEncryptedResponseAlg(), client.getIdTokenEncryptedResponseEnc()), idClaims.build()); idToken = new PlainJWT(idClaims.build()); jwtService.getDefaultSignerKeyId(), null, null); idToken = new SignedJWT(header, idClaims.build()); null, null); idToken = new SignedJWT(header, idClaims.build());
.issueTime(new Date()) .build();
JWTClaimsSet claims = builder.build();
.expirationTime(token.getExpiration()) .build();
jwtService.getDefaultSignerKeyId(), null, null); SignedJWT signed = new SignedJWT(header, claims.build());