.setExpectedIssuer(confService.getIssuer()) .setExpectedAudience(confService.getClientID()) .setVerificationKeyResolver(resolver) .build();
.setAllowedClockSkewInSeconds(315360000) // use seconds of 10 years to skip expiration validation as we need skip it in some cases. .setSkipDefaultAudienceValidation() .setVerificationKeyResolver(x509VerificationKeyResolver) .build();
/** * Set the key to be used for JWS signature/MAC verification. * @param verificationKey the verification key. * @return the same JwtConsumerBuilder */ public JwtConsumerBuilder setVerificationKey(Key verificationKey) { return setVerificationKeyResolver(new SimpleKeyResolver(verificationKey)); }
public static Map<String, Object> verifyJwt(String jwt) throws InvalidJwtException, MalformedClaimException { Map<String, Object> user = null; X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(certificate); x509VerificationKeyResolver.setTryAllOnNoThumbHeader(true); JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() // the JWT must have an expiration time .setAllowedClockSkewInSeconds((Integer) config.get(CLOCK_SKEW_IN_MINUTE)*60) // allow some leeway in validating time based claims to account for clock skew .setRequireSubject() // the JWT must have a subject claim .setExpectedIssuer(issuer) .setExpectedAudience(audience) .setVerificationKeyResolver(x509VerificationKeyResolver) // verify the signature with the certificates .build(); // create the JwtConsumer instance // Validate the JWT and process it to the Claims JwtClaims claims = jwtConsumer.processToClaims(jwt); if(claims != null) { user = new HashMap<String, Object>(); user.put("userId", claims.getClaimValue("userId")); user.put("clientId", claims.getClaimValue("clientId")); List roles = claims.getStringListClaimValue("roles"); user.put("roles", roles); Object host = claims.getClaimValue("host"); if(host != null) user.put("host", host); } return user; } }
public Processor(final URI jwksUri, String[] audiences, String[] expectedIssuers) { final HttpsJwksVerificationKeyResolver resolver = new HttpsJwksVerificationKeyResolver(new HttpsJwks(jwksUri.toString())); this.consumer = new JwtConsumerBuilder() .setVerificationKeyResolver(resolver) // Set resolver key .setRequireIssuedAt() // Set require reserved claim: iat .setRequireExpirationTime() // Set require reserved claim: exp .setRequireSubject() // // Set require reserved claim: sub .setExpectedIssuers(true, expectedIssuers) .setExpectedAudience(audiences) .build(); }
.setAllowedClockSkewInSeconds(315360000) // use seconds of 10 years to skip expiration validation as we need skip it in some cases. .setSkipDefaultAudienceValidation() .setVerificationKeyResolver(x509VerificationKeyResolver) .build();
builder.setVerificationKey(authContextInfo.getSignerKey()); } else if (authContextInfo.isFollowMpJwt11Rules()) { builder.setVerificationKeyResolver(new KeyLocationResolver(authContextInfo.getJwksUri())); } else { final List<JsonWebKey> jsonWebKeys = authContextInfo.loadJsonWebKeys(); builder.setVerificationKeyResolver(new JwksVerificationKeyResolver(jsonWebKeys));