Package org.springframework.security.oauth2.jwt

Class NimbusJwtDecoder.SecretKeyJwtDecoderBuilder

java.lang.Object

org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder

Enclosing class:

NimbusJwtDecoder

public static final class NimbusJwtDecoder.SecretKeyJwtDecoderBuilder
extends Object

A builder for creating NimbusJwtDecoder instances based on a SecretKey.

Method Summary

Modifier and Type	Method	Description
NimbusJwtDecoder	build()	Build the configured NimbusJwtDecoder.
NimbusJwtDecoder.SecretKeyJwtDecoderBuilder	jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer)	Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.
NimbusJwtDecoder.SecretKeyJwtDecoderBuilder	macAlgorithm(MacAlgorithm macAlgorithm)	Use the given algorithm when generating the MAC.
NimbusJwtDecoder.SecretKeyJwtDecoderBuilder	validateType(boolean shouldValidateTypHeader)	Whether to use Nimbus's typ header verification.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

validateType

public NimbusJwtDecoder.SecretKeyJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)

Whether to use Nimbus's typ header verification. This is true by default, however it may change to false in a future major release.

By turning off this feature, NimbusJwtDecoder expects applications to check the typ header themselves in order to determine what kind of validation is needed

This is done for you when you use JwtValidators to construct a validator.

That means that this: NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer).build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(issuer);

Is equivalent to this: NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) .validateType(false) .build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators( new JwtIssuerValidator(issuer), JwtTypeValidator.jwt());

The difference is that by setting this to false, it allows you to provide validation by type, like for at+jwt: NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) .validateType(false) .build(); jwtDecoder.setJwtValidator(new MyAtJwtValidator());

Parameters:

shouldValidateTypHeader - whether Nimbus should validate the typ header or not

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder for further configurations

Since:

6.5

macAlgorithm

public NimbusJwtDecoder.SecretKeyJwtDecoderBuilder macAlgorithm(MacAlgorithm macAlgorithm)

Use the given algorithm when generating the MAC. The value should be one of HS256, HS384 or HS512.

Parameters:

macAlgorithm - the MAC algorithm to use

Returns:

a NimbusJwtDecoder.SecretKeyJwtDecoderBuilder for further configurations

jwtProcessorCustomizer

public NimbusJwtDecoder.SecretKeyJwtDecoderBuilder jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer)

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.

Parameters:

jwtProcessorCustomizer - the callback used to alter the processor

Returns:

a NimbusJwtDecoder.SecretKeyJwtDecoderBuilder for further configurations

Since:

5.4

build

public NimbusJwtDecoder build()

Build the configured NimbusJwtDecoder.

Returns:

the configured NimbusJwtDecoder