/** * Get a single audience value. If the audience claim value is an array then the * first value will be returned. * @return the audience */ public String getAudience() { List<String> audiences = getAudiences(); if (!StringUtils.isEmpty(audiences)) { return audiences.get(0); } return null; }
/** * Get a single audience value. If the audience claim value is an array then the * first value will be returned. * @return the audience */ public String getAudience() { List<String> audiences = getAudiences(); if (!StringUtils.isEmpty(audiences)) { return audiences.get(0); } return null; }
public static void validateJwtAudienceRestriction(JwtClaims claims, Message message) { // If the expected audience is configured, a matching "aud" must be present String expectedAudience = (String)message.getContextualProperty(JwtConstants.EXPECTED_CLAIM_AUDIENCE); if (expectedAudience != null) { if (claims.getAudiences().contains(expectedAudience)) { return; } throw new JwtException("Invalid audience restriction"); } // Otherwise if we have no aud claims then the token is valid if (claims.getAudiences().isEmpty()) { return; } // Otherwise one of the aud claims must match the request URL expectedAudience = (String)message.getContextualProperty(Message.REQUEST_URL); if (expectedAudience != null && claims.getAudiences().contains(expectedAudience)) { return; } throw new JwtException("Invalid audience restriction"); }
public static void validateJwtAudienceRestriction(JwtClaims claims, Message message) { // If the expected audience is configured, a matching "aud" must be present String expectedAudience = (String)message.getContextualProperty(JwtConstants.EXPECTED_CLAIM_AUDIENCE); if (expectedAudience != null) { if (claims.getAudiences().contains(expectedAudience)) { return; } throw new JwtException("Invalid audience restriction"); } // Otherwise if we have no aud claims then the token is valid if (claims.getAudiences().isEmpty()) { return; } // Otherwise one of the aud claims must match the request URL expectedAudience = (String)message.getContextualProperty(Message.REQUEST_URL); if (expectedAudience != null && claims.getAudiences().contains(expectedAudience)) { return; } throw new JwtException("Invalid audience restriction"); }
protected void validateToken(JwtToken jwt, String clientId) { // We must have the following claims if (jwt.getClaim(JwtConstants.CLAIM_ISSUER) == null || jwt.getClaim(JwtConstants.CLAIM_SUBJECT) == null || jwt.getClaim(JwtConstants.CLAIM_AUDIENCE) == null || jwt.getClaim(JwtConstants.CLAIM_EXPIRY) == null || jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT) == null) { LOG.warn("The IdToken is missing a required claim"); throw new IllegalStateException("The IdToken is missing a required claim"); } // The audience must match the client_id of this client boolean match = false; for (String audience : jwt.getClaims().getAudiences()) { if (clientId.equals(audience)) { match = true; break; } } if (!match) { LOG.warn("The audience of the token does not match this client"); throw new IllegalStateException("The audience of the token does not match this client"); } JwtUtils.validateTokenClaims(jwt.getClaims(), 300, 0, false); }
atv.setTokenLifetime(claims.getExpiryTime() - atv.getTokenIssuedAt()); List<String> audiences = claims.getAudiences(); if (audiences != null && !audiences.isEmpty()) { atv.setAudiences(claims.getAudiences());
atv.setTokenLifetime(claims.getExpiryTime() - atv.getTokenIssuedAt()); List<String> audiences = claims.getAudiences(); if (audiences != null && !audiences.isEmpty()) { atv.setAudiences(claims.getAudiences());
BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt); List<String> audiences = claims.getAudiences(); if (audiences != null && !audiences.isEmpty()) { at.setAudiences(claims.getAudiences());
BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt); List<String> audiences = claims.getAudiences(); if (audiences != null && !audiences.isEmpty()) { at.setAudiences(claims.getAudiences());
List<String> audiences = claims.getAudiences(); if (StringUtils.isEmpty(audiences) && validateClaimsAlways || !StringUtils.isEmpty(audiences) && !audiences.contains(clientId)) {
List<String> audiences = claims.getAudiences(); if (StringUtils.isEmpty(audiences) && validateClaimsAlways || !StringUtils.isEmpty(audiences) && !audiences.contains(clientId)) {