claimsSet.subject(clientConfig.getClientId()); claimsSet.audience(Lists.newArrayList(serverConfig.getTokenEndpointUri())); claimsSet.jwtID(UUID.randomUUID().toString());
.issueTime(new Date()) .expirationTime(token.getExpiration()) .subject(authentication.getName())
idClaims.subject(sub); idClaims.audience(Lists.newArrayList(client.getClientId()));
.jwtID(ticketId) .issueTime(assertion.getAuthenticationDate()) .subject(assertion.getPrincipal().getName()); assertion.getAttributes().forEach(claims::claim); assertion.getPrincipal().getAttributes().forEach(claims::claim);
JWTClaimsSet.Builder jwtClaimsSetBuilder = new JWTClaimsSet.Builder(); jwtClaimsSetBuilder.issuer(issuer); jwtClaimsSetBuilder.subject(sub); jwtClaimsSetBuilder.claim(AUTHORIZATION_PARTY, consumerKey); jwtClaimsSetBuilder.issueTime(new Date(curTimeInMillis));
.subject(subject) .issuer("rapha.io") .expirationTime(new Date(getExpiration()))
builder.subject(SUBJECT.get()); builder.issueTime(issueTime); builder.issuer(ISSUER.get());
claimsSet.claim(Config._APPID, app.getId()); if (user != null) { claimsSet.subject(user.getId()); userSecret = user.getTokenSecret();
@Test public void nestedJWT() throws Exception { RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson); RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson)); // Create JWT SignedJWT signedJWT = new SignedJWT( new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(senderJWK.getKeyID()).build(), new JWTClaimsSet.Builder() .subject("testi") .issuer("https:devgluu.saminet.local") .build()); signedJWT.sign(new RSASSASigner(senderJWK)); JWEObject jweObject = new JWEObject( new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A128GCM) .contentType("JWT") // required to indicate nested JWT .build(), new Payload(signedJWT)); // Encrypt with the recipient's public key RSAEncrypter encrypter = new RSAEncrypter(recipientPublicJWK); jweObject.encrypt(encrypter); final String jweString = jweObject.serialize(); decryptAndValidateSignatureWithGluu(jweString); }
claimsSet.claim(Config._APPID, app.getId()); if (user != null) { claimsSet.subject(user.getId()); userSecret = user.getTokenSecret();
public String serialize(IdentityReference reference) throws Exception { // Create HMAC signer JWSSigner signer = new MACSigner(secretKey.getEncoded()); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .subject(reference.getReference()) .issuer(reference.getSource()) .build(); SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet); // Apply the HMAC protection signedJWT.sign(signer); // Create JWE object with signed JWT as payload JWEObject jweObject = new JWEObject( new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A256GCM) .contentType("JWT") // required to signal nested JWT .build(), new Payload(signedJWT)); // Perform encryption jweObject.encrypt(new DirectEncrypter(secretKey.getEncoded())); // Serialize to compact form return new String(Base64.getEncoder().encode(jweObject.serialize().getBytes())); }
public String serialize(IdentityReference reference) throws Exception { // Create HMAC signer JWSSigner signer = new MACSigner(secretKey.getEncoded()); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .subject(reference.getReference()) .issuer(reference.getSource()) .build(); SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet); // Apply the HMAC protection signedJWT.sign(signer); // Create JWE object with signed JWT as payload JWEObject jweObject = new JWEObject( new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A256GCM) .contentType("JWT") // required to signal nested JWT .build(), new Payload(signedJWT)); // Perform encryption jweObject.encrypt(new DirectEncrypter(secretKey.getEncoded())); // Serialize to compact form return new String(Base64.getEncoder().encode(jweObject.serialize().getBytes())); }
default String createToken(Object userId) { try { JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); builder.issuer(getIssuer()); builder.subject(userId.toString()); builder.issueTime(new Date()); builder.notBeforeTime(new Date()); builder.expirationTime(new Date(new Date().getTime() + getExpirationDate())); builder.jwtID(UUID.randomUUID().toString()); JWTClaimsSet claimsSet = builder.build(); JWSHeader header = new JWSHeader(JWSAlgorithm.HS256); Payload payload = new Payload(claimsSet.toJSONObject()); JWSObject jwsObject = new JWSObject(header, payload); JWSSigner signer = new MACSigner(getSharedKey()); jwsObject.sign(signer); return jwsObject.serialize(); } catch (JOSEException ex) { return null; } }
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) throws Exception { JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .subject(sub) .issueTime(new Date(new Date().getTime())) .issuer("https://c2id.com") .claim("scope", "openid") .audience("bar") .expirationTime(expires) .build(); List<String> aud = new ArrayList<String>(); aud.add("bar"); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build(); SignedJWT signedJWT = new SignedJWT(header, claimsSet); JWSSigner signer = new RSASSASigner(privateKey); signedJWT.sign(signer); return signedJWT; } }
public JWTToken(String alg, String[] claimsArray, List<String> audiences) { JWSHeader header = new JWSHeader(new JWSAlgorithm(alg)); if (claimsArray[2] != null) { if (audiences == null) { audiences = new ArrayList<>(); } audiences.add(claimsArray[2]); } JWTClaimsSet claims; JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder() .issuer(claimsArray[0]) .subject(claimsArray[1]) .audience(audiences); if(claimsArray[3] != null) { builder = builder.expirationTime(new Date(Long.parseLong(claimsArray[3]))); } claims = builder.build(); jwt = new SignedJWT(header, claims); }
public JWTToken(String alg, String[] claimsArray, List<String> audiences) { JWSHeader header = new JWSHeader(new JWSAlgorithm(alg)); if (claimsArray[2] != null) { if (audiences == null) { audiences = new ArrayList<>(); } audiences.add(claimsArray[2]); } JWTClaimsSet claims = null; JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder() .issuer(claimsArray[0]) .subject(claimsArray[1]) .audience(audiences); if(claimsArray[3] != null) { builder = builder.expirationTime(new Date(Long.parseLong(claimsArray[3]))); } claims = builder.build(); jwt = new SignedJWT(header, claims); }
protected JWTClaimsSet buildJwtClaimsSet(final U profile) { // claims builder with subject and issue time final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder() .subject(profile.getTypedId()) .issueTime(new Date()); if (this.expirationTime != null) { builder.expirationTime(this.expirationTime); } // add attributes final Map<String, Object> attributes = profile.getAttributes(); for (final Map.Entry<String, Object> entry : attributes.entrySet()) { builder.claim(entry.getKey(), entry.getValue()); } builder.claim(INTERNAL_ROLES, profile.getRoles()); builder.claim(INTERNAL_PERMISSIONS, profile.getPermissions()); // claims return builder.build(); }
protected Payload createPayload(String aud, String subject, Long expirationMillis, Map<String, Object> claimMap) { JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); builder //.issueTime(new Date()) .expirationTime(new Date(System.currentTimeMillis() + expirationMillis)) .audience(aud) .subject(subject) .claim(LEMON_IAT, System.currentTimeMillis()); claimMap.forEach(builder::claim); JWTClaimsSet claims = builder.build(); return new Payload(claims.toJSONObject()); }
private static String getSignedJwt(ServiceAccountCredentials credentials, String iapClientId) throws Exception { Instant now = Instant.now(clock); long expirationTime = now.getEpochSecond() + EXPIRATION_TIME_IN_SECONDS; // generate jwt signed by service account // header must contain algorithm ("alg") and key ID ("kid") JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(credentials.getPrivateKeyId()).build(); // set required claims JWTClaimsSet claims = new JWTClaimsSet.Builder() .audience(OAUTH_TOKEN_URI) .issuer(credentials.getClientEmail()) .subject(credentials.getClientEmail()) .issueTime(Date.from(now)) .expirationTime(Date.from(Instant.ofEpochSecond(expirationTime))) .claim("target_audience", iapClientId) .build(); // sign using service account private key JWSSigner signer = new RSASSASigner(credentials.getPrivateKey()); SignedJWT signedJwt = new SignedJWT(jwsHeader, claims); signedJwt.sign(signer); return signedJwt.serialize(); }