Package uk.co.spudsoft.jwtvalidatorvertx
Interface JsonWebKeySetKnownJwksHandler
- All Superinterfaces:
JsonWebKeySetHandler
- All Known Implementing Classes:
JWKSStaticSetHandlerImpl
Manage JWKs manually.
It is not usually necessary to use this interface for anything other than the Factory methods.
- Author:
- jtalbut
-
Method Summary
Static MethodsModifier and TypeMethodDescriptioncreate(io.vertx.ext.web.client.WebClient webClient, Collection<String> jwksUrls, Duration defaultJwkCacheDuration) Construct an instance of the implementation class.Methods inherited from interface uk.co.spudsoft.jwtvalidatorvertx.JsonWebKeySetHandler
findJwk, optimize
-
Method Details
-
create
static JsonWebKeySetKnownJwksHandler create(io.vertx.ext.web.client.WebClient webClient, Collection<String> jwksUrls, Duration defaultJwkCacheDuration) Construct an instance of the implementation class. With a static map of JWKs the security of the system is not compromised by allowing any issuer, though you should question why this is necessary (so still avoid overly permissive acceptable issuer regexes). Each JWKs endpoint must use KIDs that are globally unique. When a KID is requested and cannot be found ALL the configured JWKS URLs will be queried and the single cache will be updated. Entries in the cache will be retained for a duration based on either the Cache-Control max-age header of the response or, if that is not present, the defaultJwkCacheDuration. Given that only positive responses are cached it is reasonable for the defaultJwkCacheDuration to be 24 hours (or more).- Parameters:
webClient- Vertx WebClient instance, that will be used for querying the JWKS URLs.jwksUrls- Static set of URLs that will be used for obtaining JWKs.defaultJwkCacheDuration- Time to keep JWKs in cache if no cache-control: max-age header is found.- Returns:
- a newly created instance of the implementation class. The JWKS URLs must be accessed via https for the environment to offer any security. This is not enforced at the code level.
-