claims.claim("response_type", "code"); claims.claim("client_id", clientConfig.getClientId()); claims.claim("scope", Joiner.on(" ").join(clientConfig.getScope())); claims.claim("redirect_uri", redirectUri); claims.claim("nonce", nonce); claims.claim("state", state); claims.claim(option.getKey(), option.getValue()); claims.claim("login_hint", loginHint);
claims.claim("response_type", "code"); claims.claim("client_id", clientConfig.getClientId()); claims.claim("scope", Joiner.on(" ").join(clientConfig.getScope())); claims.claim("redirect_uri", redirectUri); claims.claim("nonce", nonce); claims.claim("state", state); claims.claim(option.getKey(), option.getValue()); claims.claim("login_hint", loginHint);
.claim("azp", clientId) .issuer(configBean.getIssuer()) .issueTime(new Date())
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) throws Exception { JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .subject(sub) .issueTime(new Date(new Date().getTime())) .issuer("https://c2id.com") .claim("scope", "openid") .audience("bar") .expirationTime(expires) .build(); List<String> aud = new ArrayList<String>(); aud.add("bar"); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build(); SignedJWT signedJWT = new SignedJWT(header, claimsSet); JWSSigner signer = new RSASSASigner(privateKey); signedJWT.sign(signer); return signedJWT; } }
/** * Generate a JWT from a map of claims. * * @param claims the map of claims * @return the created JWT */ public String generate(final Map<String, Object> claims) { // claims builder final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); // add claims for (final Map.Entry<String, Object> entry : claims.entrySet()) { builder.claim(entry.getKey(), entry.getValue()); } if (this.expirationTime != null) { builder.expirationTime(this.expirationTime); } return internalGenerate(builder.build()); }
/** * A map with claim names and corresponding claim values is passed and all are inserted into jwtClaimSet. * * @param jwtClaimsSetBuilder contains JWT body * @param additionalIdTokenClaims a map with claim names and corresponding claim values */ private void setAdditionalClaimSet(JWTClaimsSet.Builder jwtClaimsSetBuilder, Map<String, Object> additionalIdTokenClaims) { for (Map.Entry<String, Object> entry : additionalIdTokenClaims.entrySet()) { jwtClaimsSetBuilder.claim(entry.getKey(), entry.getValue()); } if (log.isDebugEnabled()) { for (Map.Entry<String, Object> entry : additionalIdTokenClaims.entrySet()) { log.debug("Additional claim added to JWTClaimSet, key: " + entry.getKey() + ", value: " + entry.getValue()); } } }
/** * Calculate at hash claim. * * @param accessToken the access token * @param signingAlg the signing alg * @param idClaims the id claims * @param responseTypes the response types */ private void calculateAtHashClaim(final OAuth2AccessTokenEntity accessToken, final JWSAlgorithm signingAlg, final JWTClaimsSet.Builder idClaims, final Set<String> responseTypes) { if (responseTypes.contains(OIDCConstants.TOKEN)) { // calculate the token hash final Base64URL atHash = IdTokenHashUtils.getAccessTokenHash(signingAlg, accessToken); idClaims.claim(OIDCConstants.AT_HASH, atHash); log.debug("{} is set to {}", OIDCConstants.AT_HASH, atHash); } }
protected JWTClaimsSet buildJwtClaimsSet(final U profile) { // claims builder with subject and issue time final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder() .subject(profile.getTypedId()) .issueTime(new Date()); if (this.expirationTime != null) { builder.expirationTime(this.expirationTime); } // add attributes final Map<String, Object> attributes = profile.getAttributes(); for (final Map.Entry<String, Object> entry : attributes.entrySet()) { builder.claim(entry.getKey(), entry.getValue()); } builder.claim(INTERNAL_ROLES, profile.getRoles()); builder.claim(INTERNAL_PERMISSIONS, profile.getPermissions()); // claims return builder.build(); }
protected JWT getJwt() { String jti = (String) claims.get(ID_CLAIM); if (jti == null || jti.isEmpty()) { jti = UUID.randomUUID().toString(); claims.put(ID_CLAIM, jti); } JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); for (Map.Entry<String, Object> entry : claims.entrySet()) { builder = builder.claim(entry.getKey(), entry.getValue()); } PlainHeader header = new PlainHeader(); PlainJWT jwt = new PlainJWT(header, builder.build()); return jwt; }
protected JWT getJwt() { String jti = (String) claims.get(ID_CLAIM); if (jti == null || jti.isEmpty()) { jti = UUID.randomUUID().toString(); claims.put(ID_CLAIM, jti); } JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); for (Map.Entry<String, Object> entry : claims.entrySet()) { builder = builder.claim(entry.getKey(), entry.getValue()); } PlainHeader header = new PlainHeader(); PlainJWT jwt = new PlainJWT(header, builder.build()); return jwt; }
/** * Calculate auth time claim. * * @param request the request * @param idClaims the id claims */ private void calculateAuthTimeClaim(final OAuth2Request request, final JWTClaimsSet.Builder idClaims) { final long authTime = Long.parseLong( request.getExtensions().get(OIDCConstants.AUTH_TIME).toString()) / 1000; log.debug("Request contains {} extension. {} set to {}", ConnectRequestParameters.MAX_AGE, OIDCConstants.AUTH_TIME, authTime); idClaims.claim(OIDCConstants.AUTH_TIME, authTime); }
/** * Calculate nonce claim. * * @param request the request * @param idClaims the id claims */ private void calculateNonceClaim(final OAuth2Request request, final JWTClaimsSet.Builder idClaims) { final String nonce = (String) request.getExtensions().get(ConnectRequestParameters.NONCE); if (!Strings.isNullOrEmpty(nonce)) { idClaims.claim(ConnectRequestParameters.NONCE, nonce); log.debug("{} is set to {}", ConnectRequestParameters.NONCE, nonce); } }
private static String signJWT(String uid, PrivateKey privateKey) { final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(); final JWTClaimsSet payload = new JWTClaimsSet.Builder().claim("uid", uid).build(); final SignedJWT signedJWT = new SignedJWT(header, payload); try { signedJWT.sign(new RSASSASigner(privateKey)); return signedJWT.serialize(); } catch (JOSEException e) { throw new RuntimeException(e); } }
private static String signJWT(String uid, PrivateKey privateKey) { final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(); final JWTClaimsSet payload = new JWTClaimsSet.Builder().claim("uid", uid).build(); final SignedJWT signedJWT = new SignedJWT(header, payload); try { signedJWT.sign(new RSASSASigner(privateKey)); return signedJWT.serialize(); } catch (JOSEException e) { throw new RuntimeException(e); } }
@Override protected void populateWithUserDetails(JWTClaimsSet.Builder builder, UserDetails userDetails) { super.populateWithUserDetails(builder, userDetails); if (userDetails instanceof InsuranceAgentDetails) { builder.claim("avatar", ((InsuranceAgentDetails) userDetails).getAvatarUrl()); } } }
public static String serialize(LoginSessionToken loginSession, String callerPrincipal, List<String> roles) { JWTClaimsSet claimSet = new JWTClaimsSet.Builder().claim("principal", callerPrincipal).claim("roles", roles) .claim("loginSession", loginSession.getValue()).build(); String encryptedToken = EncryptedTokenSerializer.serialize(claimSet, getSecretKey()); return encryptedToken; }
@Override public void extendClaims(JWTClaimsSet.Builder claimsBuilder, String[] audiences, String[] resources, String subject) { Map<String, String> encryptedSecretClaims = buildEncryptedSecretClaimsForAudiencesXorResources(audiences, resources, subject); claimsBuilder.claim(TokenExchangeConstants.SECRETS_CLAIM_KEY, encryptedSecretClaims); }
protected Payload createPayload(String aud, String subject, Long expirationMillis, Map<String, Object> claimMap) { JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); builder //.issueTime(new Date()) .expirationTime(new Date(System.currentTimeMillis() + expirationMillis)) .audience(aud) .subject(subject) .claim(LEMON_IAT, System.currentTimeMillis()); claimMap.forEach(builder::claim); JWTClaimsSet claims = builder.build(); return new Payload(claims.toJSONObject()); }
private static String getSignedJwt(ServiceAccountCredentials credentials, String iapClientId) throws Exception { Instant now = Instant.now(clock); long expirationTime = now.getEpochSecond() + EXPIRATION_TIME_IN_SECONDS; // generate jwt signed by service account // header must contain algorithm ("alg") and key ID ("kid") JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(credentials.getPrivateKeyId()).build(); // set required claims JWTClaimsSet claims = new JWTClaimsSet.Builder() .audience(OAUTH_TOKEN_URI) .issuer(credentials.getClientEmail()) .subject(credentials.getClientEmail()) .issueTime(Date.from(now)) .expirationTime(Date.from(Instant.ofEpochSecond(expirationTime))) .claim("target_audience", iapClientId) .build(); // sign using service account private key JWSSigner signer = new RSASSASigner(credentials.getPrivateKey()); SignedJWT signedJwt = new SignedJWT(jwsHeader, claims); signedJwt.sign(signer); return signedJwt.serialize(); }