Package uk.co.spudsoft.jwtvalidatorvertx.impl

Class JWKSOpenIdDiscoveryHandlerImpl

java.lang.Object
uk.co.spudsoft.jwtvalidatorvertx.impl.JWKSOpenIdDiscoveryHandlerImpl
All Implemented Interfaces:
JsonWebKeySetHandler, JsonWebKeySetOpenIdDiscoveryHandler, OpenIdDiscoveryHandler
public class JWKSOpenIdDiscoveryHandlerImpl extends Object implements JsonWebKeySetOpenIdDiscoveryHandler
Default implementation of JsonWebKeySetHandler.
Author:
jtalbut

  • Constructor Details

    • JWKSOpenIdDiscoveryHandlerImpl

      public JWKSOpenIdDiscoveryHandlerImpl(io.vertx.ext.web.client.WebClient webClient, IssuerAcceptabilityHandler issuerAcceptabilityHandler, Duration defaultJwkCacheDuration)
      Constructor.
      Parameters:
      webClient - Vertx WebClient, for the discovery handler to make asynchronous web requests.
      issuerAcceptabilityHandler - Object used to determine the acceptability of JWT issuers.
      defaultJwkCacheDuration - Time (in seconds) to keep JWKs in cache if no cache-control: max-age header is found. It is vital for the security of any system using OpenID Connect Discovery that it is only used with trusted issuers.

  • Method Details

    • optimize

      public void optimize()
      Description copied from interface: JsonWebKeySetHandler
      Perform whatever initialization is required to get this handler working.

      This is primarily intended to provide the opportunity for handlers to preload JWKs. It shouldn't matter whether or not the preload has completed, hence this method returns void and it is expected that processing continues in the background.

      Specified by:
      optimize in interface JsonWebKeySetHandler

    • performOpenIdDiscovery

      public io.vertx.core.Future<DiscoveryData> performOpenIdDiscovery(String issuer)
      Description copied from interface: OpenIdDiscoveryHandler
      Obtain the discovery data for an issuer as per openid-connect-discovery-1_0. If discovery data has not already been cached this will result in a call to 
       issuer + (issuer.endsWith("/") ? "" : "/") + ".well-known/openid-configuration"
      The resulting Discovery Data will be cached against the issuer.
      Specified by:
      performOpenIdDiscovery in interface OpenIdDiscoveryHandler
      Parameters:
      issuer - The issuer to obtain the discovery data for.
      Returns:
      A Future that will be completed with the Discovery Data.

    • findJwk

      public io.vertx.core.Future<io.vertx.ext.auth.impl.jose.JWK> findJwk(DiscoveryData discoveryData, String kid)
      Description copied from interface: JsonWebKeySetOpenIdDiscoveryHandler
      Find a JWK using the jwks_uri value from the Discovery Data. The resulting JWK will be cached against the jwks_uri.
      Specified by:
      findJwk in interface JsonWebKeySetOpenIdDiscoveryHandler
      Parameters:
      discoveryData - The Discovery Data that contains the jwks_uri.
      kid - The key ID being sought.
      Returns:
      A Future that will be completed with the JWK.

    • findJwk

      public io.vertx.core.Future<io.vertx.ext.auth.impl.jose.JWK> findJwk(String issuer, String kid)
      Description copied from interface: JsonWebKeySetHandler
      Find a JWK for the given issuer and kid. A specific implementation of JsonWebKeySetHandler will either require the issuer to be null, or not null. The issuer should never be extracted from the payload of a JWT for the purpose of finding the JWK. If the client has a mechanism for knowing the issuer of the token it can work with a greater number of issuers, if the client is not able to determine the issuer for a token (before validation) then it must maintain a cache of the keys for all known JWK sets.
      Specified by:
      findJwk in interface JsonWebKeySetHandler
      Parameters:
      issuer - the issuer of the JWT (and JWK).
      kid - The key ID being sought.
      Returns:
      A Future that will be completed with a JWK.