Interface OidcClientCommonConfig.Credentials.Jwt
- All Known Implementing Classes:
OidcClientCommonConfig.Credentials.Jwt
- Enclosing interface:
OidcClientCommonConfig.Credentials
public static interface OidcClientCommonConfig.Credentials.Jwt
Supports the client authentication `client_secret_jwt` and `private_key_jwt` methods, which involves sending a JWT
token assertion signed with a client secret or private key.
JWT Bearer client authentication is also supported.
- See Also:
-
Nested Class Summary
Nested Classes -
Method Summary
Modifier and TypeMethodDescriptionbooleanIf true then the client authentication token is a JWT bearer grant assertion.audience()The JWT audience (`aud`) claim value.claims()Additional claims.issuer()The issuer of the signing key added as a JWT `iss` claim.key()String representation of a private key.keyFile()If provided, indicates that JWT is signed using a private key in PEM or JWK format.keyId()The private key id or alias.The private key password.If provided, indicates that JWT is signed using a private key from a keystore.A parameter to specify the password of the keystore file.intlifespan()The JWT lifespan in seconds.secret()If provided, indicates that JWT is signed using a secret key.If provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider.The signature algorithm used for thekeyFile()property.source()JWT token source: OIDC provider client or an existing JWT bearer token.subject()Subject of the signing key added as a JWT `sub` claim The default value is the client id.The key identifier of the signing key added as a JWT `kid` header.Path to a file with a JWT bearer token that should be used as a client assertion.
-
Method Details
-
source
JWT token source: OIDC provider client or an existing JWT bearer token. -
tokenPath
Path to a file with a JWT bearer token that should be used as a client assertion. This path can only be set when JWT source (source()) is set toOidcClientCommonConfig.Credentials.Jwt.Source.BEARER. -
secret
-
secretProvider
OidcClientCommonConfig.Credentials.Provider secretProvider()If provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider. -
key
String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive withsecret(),keyFile()andproperties. You can use theinvalid reference
#keyStoresignatureAlgorithm()property to override the default key algorithm, `RS256`. -
keyFile
If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive withsecret(),key()andproperties. You can use theinvalid reference
#keyStoresignatureAlgorithm()property to override the default key algorithm, `RS256`. -
keyStoreFile
-
keyStorePassword
A parameter to specify the password of the keystore file. -
keyId
The private key id or alias. -
keyPassword
The private key password. -
audience
The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. -
tokenKeyId
The key identifier of the signing key added as a JWT `kid` header. -
issuer
The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. -
subject
Subject of the signing key added as a JWT `sub` claim The default value is the client id. -
claims
Additional claims. -
signatureAlgorithm
The signature algorithm used for thekeyFile()property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. -
lifespan
@WithDefault("10") int lifespan()The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. -
assertion
@WithDefault("false") boolean assertion()If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension.
-