public static void validateTokenClaims(JwtClaims claims, int timeToLive, int clockOffset, boolean validateAudienceRestriction) { // If we have no issued time then we need to have an expiry boolean expiredRequired = claims.getIssuedAt() == null; validateJwtExpiry(claims, clockOffset, expiredRequired); validateJwtNotBefore(claims, clockOffset, false); // If we have no expiry then we must have an issued at boolean issuedAtRequired = claims.getExpiryTime() == null; validateJwtIssuedAt(claims, timeToLive, clockOffset, issuedAtRequired); if (validateAudienceRestriction) { validateJwtAudienceRestriction(claims, PhaseInterceptorChain.getCurrentMessage()); } }
public static void validateTokenClaims(JwtClaims claims, int timeToLive, int clockOffset, boolean validateAudienceRestriction) { // If we have no issued time then we need to have an expiry boolean expiredRequired = claims.getIssuedAt() == null; validateJwtExpiry(claims, clockOffset, expiredRequired); validateJwtNotBefore(claims, clockOffset, false); // If we have no expiry then we must have an issued at boolean issuedAtRequired = claims.getExpiryTime() == null; validateJwtIssuedAt(claims, timeToLive, clockOffset, issuedAtRequired); if (validateAudienceRestriction) { validateJwtAudienceRestriction(claims, PhaseInterceptorChain.getCurrentMessage()); } }
validateClaimsAlways || strictTimeValidation && claims.getIssuedAt() == null; try { JwtUtils.validateJwtExpiry(claims, getClockOffset(), expiredRequired); } catch (JwtException ex) { throw new OAuthServiceException("ID Token has expired", ex);
validateClaimsAlways || strictTimeValidation && claims.getIssuedAt() == null; try { JwtUtils.validateJwtExpiry(claims, getClockOffset(), expiredRequired); } catch (JwtException ex) { throw new OAuthServiceException("ID Token has expired", ex);
protected boolean checkSecurityContext(ContainerRequestContext rc) { OidcClientTokenContext tokenContext = (OidcClientTokenContext)stateManager.getClientTokenContext(mc); if (tokenContext == null) { return false; } IdToken idToken = tokenContext.getIdToken(); try { // If ID token has expired then the context is no longer valid JwtUtils.validateJwtExpiry(idToken, 0, idToken.getExpiryTime() != null); } catch (JwtException ex) { stateManager.removeClientTokenContext(new MessageContextImpl(JAXRSUtils.getCurrentMessage())); return false; } OidcClientTokenContextImpl newTokenContext = new OidcClientTokenContextImpl(); newTokenContext.setToken(tokenContext.getToken()); newTokenContext.setIdToken(idToken); newTokenContext.setUserInfo(tokenContext.getUserInfo()); newTokenContext.setState(toRequestState(rc)); JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, newTokenContext); OidcSecurityContext oidcSecCtx = new OidcSecurityContext(newTokenContext); oidcSecCtx.setRoleClaim(roleClaim); rc.setSecurityContext(oidcSecCtx); return true; } private MultivaluedMap<String, String> toRequestState(ContainerRequestContext rc) {
protected boolean checkSecurityContext(ContainerRequestContext rc) { OidcClientTokenContext tokenContext = (OidcClientTokenContext)stateManager.getClientTokenContext(mc); if (tokenContext == null) { return false; } IdToken idToken = tokenContext.getIdToken(); try { // If ID token has expired then the context is no longer valid JwtUtils.validateJwtExpiry(idToken, 0, idToken.getExpiryTime() != null); } catch (JwtException ex) { stateManager.removeClientTokenContext(new MessageContextImpl(JAXRSUtils.getCurrentMessage())); return false; } OidcClientTokenContextImpl newTokenContext = new OidcClientTokenContextImpl(); newTokenContext.setToken(tokenContext.getToken()); newTokenContext.setIdToken(idToken); newTokenContext.setUserInfo(tokenContext.getUserInfo()); newTokenContext.setState(toRequestState(rc)); JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, newTokenContext); OidcSecurityContext oidcSecCtx = new OidcSecurityContext(newTokenContext); oidcSecCtx.setRoleClaim(roleClaim); rc.setSecurityContext(oidcSecCtx); return true; } private MultivaluedMap<String, String> toRequestState(ContainerRequestContext rc) {