Package org.springframework.security.oauth2.jwt

Class NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder

java.lang.Object

org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder

Enclosing class:

NimbusReactiveJwtDecoder

public static final class NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder
extends Object

A builder for creating NimbusReactiveJwtDecoder instances based on a SecretKey.

Since:

5.2

Method Summary

Modifier and Type	Method	Description
NimbusReactiveJwtDecoder	build()	Build the configured NimbusReactiveJwtDecoder.
NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder	jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer)	Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.
NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder	macAlgorithm(MacAlgorithm macAlgorithm)	Use the given algorithm when generating the MAC.
NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder	validateType(boolean shouldValidateTypHeader)	Whether to use Nimbus's typ header verification.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

macAlgorithm

public NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder macAlgorithm(MacAlgorithm macAlgorithm)

Use the given algorithm when generating the MAC. The value should be one of HS256, HS384 or HS512.

Parameters:

macAlgorithm - the MAC algorithm to use

Returns:

a NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder for further configurations

validateType

public NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)

Whether to use Nimbus's typ header verification. This is true by default, however it may change to false in a future major release.

By turning off this feature, NimbusReactiveJwtDecoder expects applications to check the typ header themselves in order to determine what kind of validation is needed

This is done for you when you use JwtValidators to construct a validator.

That means that this: NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withIssuerLocation(issuer).build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(issuer);

Is equivalent to this: NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withSecretKey(key) .validateType(false) .build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators( new JwtIssuerValidator(issuer), JwtTypeValidator.jwt());

The difference is that by setting this to false, it allows you to provide validation by type, like for at+jwt: NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withSecretKey(key) .validateType(false) .build(); jwtDecoder.setJwtValidator(new MyAtJwtValidator());

Parameters:

shouldValidateTypHeader - whether Nimbus should validate the typ header or not

Returns:

a NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder for further configurations

Since:

6.5

jwtProcessorCustomizer

public NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer)

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.

Parameters:

jwtProcessorCustomizer - the callback used to alter the processor

Returns:

a NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder for further configurations

Since:

5.4

build

public NimbusReactiveJwtDecoder build()

Build the configured NimbusReactiveJwtDecoder.

Returns:

the configured NimbusReactiveJwtDecoder