Class NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
- Enclosing class:
- NimbusReactiveJwtDecoder
NimbusReactiveJwtDecoder
instances based on a public
key.- Since:
- 5.2
-
Method Summary
Modifier and TypeMethodDescriptionbuild()
Build the configuredNimbusReactiveJwtDecoder
.jwtProcessorCustomizer
(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer) Use the givenConsumer
to customize theConfigurableJWTProcessor
before passing it to the buildNimbusReactiveJwtDecoder
.signatureAlgorithm
(SignatureAlgorithm signatureAlgorithm) Use the given signing algorithm.validateType
(boolean shouldValidateTypHeader) Whether to use Nimbus's typ header verification.
-
Method Details
-
signatureAlgorithm
public NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder signatureAlgorithm(SignatureAlgorithm signatureAlgorithm) Use the given signing algorithm. The value should be one of RS256, RS384, or RS512.- Parameters:
signatureAlgorithm
- the algorithm to use- Returns:
- a
NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
for further configurations
-
validateType
public NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder validateType(boolean shouldValidateTypHeader) Whether to use Nimbus's typ header verification. This istrue
by default, however it may change tofalse
in a future major release.By turning off this feature,
NimbusReactiveJwtDecoder
expects applications to check thetyp
header themselves in order to determine what kind of validation is neededThis is done for you when you use
JwtValidators
to construct a validator.That means that this:
NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withIssuerLocation(issuer).build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(issuer);
Is equivalent to this:
NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withPublicKey(key) .validateType(false) .build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators( new JwtIssuerValidator(issuer), JwtTypeValidator.jwt()); new JwtIssuerValidator(issuer), JwtTypeValidator.jwt());
The difference is that by setting this to
false
, it allows you to provide validation by type, like forat+jwt
:NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withPublicKey(key) .validateType(false) .build(); jwtDecoder.setJwtValidator(new MyAtJwtValidator());
- Parameters:
shouldValidateTypHeader
- whether Nimbus should validate the typ header or not- Returns:
- a
NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
for further configurations - Since:
- 6.5
-
jwtProcessorCustomizer
public NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer) Use the givenConsumer
to customize theConfigurableJWTProcessor
before passing it to the buildNimbusReactiveJwtDecoder
.- Parameters:
jwtProcessorCustomizer
- the callback used to alter the processor- Returns:
- a
NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
for further configurations - Since:
- 5.4
-
build
Build the configuredNimbusReactiveJwtDecoder
.- Returns:
- the configured
NimbusReactiveJwtDecoder
-