Package org.springframework.security.oauth2.jwt

Class NimbusJwtDecoder.PublicKeyJwtDecoderBuilder

java.lang.Object
org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder
Enclosing class:
NimbusJwtDecoder
public static final class NimbusJwtDecoder.PublicKeyJwtDecoderBuilder extends Object
A builder for creating NimbusJwtDecoder instances based on a public key.

  • Method Details

    • validateType

      public NimbusJwtDecoder.PublicKeyJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)
      Whether to use Nimbus's typ header verification. This is true by default, however it may change to false in a future major release.

      By turning off this feature, NimbusJwtDecoder expects applications to check the typ header themselves in order to determine what kind of validation is needed

      This is done for you when you use JwtValidators to construct a validator.

      That means that this: NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer).build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(issuer);

      Is equivalent to this: NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) .validateType(false) .build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators( new JwtIssuerValidator(issuer), JwtTypeValidator.jwt());

      The difference is that by setting this to false, it allows you to provide validation by type, like for at+jwt: NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) .validateType(false) .build(); jwtDecoder.setJwtValidator(new MyAtJwtValidator());

      Parameters:
      shouldValidateTypHeader - whether Nimbus should validate the typ header or not
      Returns:
      a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder for further configurations
      Since:
      6.5

    • signatureAlgorithm

      public NimbusJwtDecoder.PublicKeyJwtDecoderBuilder signatureAlgorithm(SignatureAlgorithm signatureAlgorithm)
      Use the given signing algorithm. The value should be one of RS256, RS384, or RS512.
      Parameters:
      signatureAlgorithm - the algorithm to use
      Returns:
      a NimbusJwtDecoder.PublicKeyJwtDecoderBuilder for further configurations

    • jwtProcessorCustomizer

      public NimbusJwtDecoder.PublicKeyJwtDecoderBuilder jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer)
      Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.
      Parameters:
      jwtProcessorCustomizer - the callback used to alter the processor
      Returns:
      a NimbusJwtDecoder.PublicKeyJwtDecoderBuilder for further configurations
      Since:
      5.4

    • build

      public NimbusJwtDecoder build()
      Build the configured NimbusJwtDecoder.
      Returns:
      the configured NimbusJwtDecoder