Package com.nimbusds.oauth2.sdk.jarm

Class JARMUtils

  • public final class JARMUtils
extends Object
    JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) utilities.

    • Method Detail

      • supportsJARM

        public static boolean supportsJARM​(AuthorizationServerMetadata asMetadata)
        Returns true if JARM is supported for the specified OpenID provider / Authorisation server metadata.
        Parameters:
        asMetadata - The OpenID provider / Authorisation server metadata. Must not be null.
        Returns:
        true if JARM is supported, else false.

      • toJWTClaimsSet

        public static com.nimbusds.jwt.JWTClaimsSet toJWTClaimsSet​(Issuer iss,
                                                           ClientID aud,
                                                           Date exp,
                                                           AuthorizationResponse response)
        Creates a JSON Web Token (JWT) claims set for the specified authorisation success response.
        Parameters:
        iss - The OAuth 2.0 authorisation server issuer. Must not be null.
        aud - The client ID. Must not be null.
        exp - The JWT expiration time. Must not be null.
        response - The plain authorisation response to use its parameters. If it specifies an iss (issuer) parameter its value must match the JWT iss claim. Must not be null.
        Returns:
        The JWT claims set.

      • toMultiValuedStringParameters

        public static Map<String,​List<String>> toMultiValuedStringParameters​(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet)
        Returns a multi-valued map representation of the specified JWT claims set.
        Parameters:
        jwtClaimsSet - The JWT claims set. Must not be null.
        Returns:
        The multi-valued map.

      • impliesAuthorizationErrorResponse

        public static boolean impliesAuthorizationErrorResponse​(String jwtString)
                                                 throws ParseException
        Returns true if the specified JWT-secured authorisation response implies an error response. Note that the JWT is not validated in any way!
        Parameters:
        jwtString - The JWT-secured authorisation response string. Must not be null.
        Returns:
        true if an error is implied by the presence of the error claim, else false (also for encrypted JWTs which payload cannot be inspected without decrypting first).
        Throws:
        ParseException - If the JWT is invalid or plain (unsecured).

      • impliesAuthorizationErrorResponse

        public static boolean impliesAuthorizationErrorResponse​(com.nimbusds.jwt.JWT jwt)
                                                 throws ParseException
        Returns true if the specified JWT-secured authorisation response implies an error response. Note that the JWT is not validated in any way!
        Parameters:
        jwt - The JWT-secured authorisation response. Must not be null.
        Returns:
        true if an error is implied by the presence of the error claim, else false (also for encrypted JWTs which payload cannot be inspected without decrypting first).
        Throws:
        ParseException - If the JWT is plain (unsecured).