Package org.springframework.security.oauth2.jwt

Class JwtDecoders

java.lang.Object

org.springframework.security.oauth2.jwt.JwtDecoders

public final class JwtDecoders
extends java.lang.Object

Allows creating a JwtDecoder from an OpenID Provider Configuration or Authorization Server Metadata Request based on provided issuer and method invoked.

Since:

5.1

Method Summary

Modifier and Type	Method	Description
static <T extends JwtDecoder> T	fromIssuerLocation(java.lang.String issuer)	Creates a JwtDecoder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize.
static <T extends JwtDecoder> T	fromOidcIssuerLocation(java.lang.String oidcIssuerLocation)	Creates a JwtDecoder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the JwtDecoder.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

fromOidcIssuerLocation

public static <T extends JwtDecoder> T fromOidcIssuerLocation(java.lang.String oidcIssuerLocation)

Creates a JwtDecoder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the JwtDecoder.

Parameters:

oidcIssuerLocation - the Issuer

Returns:

a JwtDecoder that was initialized by the OpenID Provider Configuration.

fromIssuerLocation

public static <T extends JwtDecoder> T fromIssuerLocation(java.lang.String issuer)

Creates a JwtDecoder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize. If an endpoint returns anything other than a 200 or a 4xx, the method will exit without attempting subsequent endpoints. The three endpoints are computed as follows, given that the issuer is composed of a host and a path:

1. host/.well-known/openid-configuration/path, as defined in RFC 8414's Compatibility Notes.
2. issuer/.well-known/openid-configuration, as defined in OpenID Provider Configuration.
3. host/.well-known/oauth-authorization-server/path, as defined in Authorization Server Metadata Request.

Note that the second endpoint is the equivalent of calling fromOidcIssuerLocation(String)

Parameters:

issuer - the Issuer

Returns:

a JwtDecoder that was initialized by one of the described endpoints