Package org.springframework.security.oauth2.jwt

Class NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder

java.lang.Object

org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder

Enclosing class:

NimbusReactiveJwtDecoder

public static final class NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
extends Object

A builder for creating NimbusReactiveJwtDecoder instances based on a JWK Set uri.

Since:

5.2

Method Summary

Modifier and Type	Method	Description
NimbusReactiveJwtDecoder	build()	Build the configured NimbusReactiveJwtDecoder.
NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder	jwsAlgorithm(SignatureAlgorithm signatureAlgorithm)	Append the given signing algorithm to the set of algorithms to use.
NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder	jwsAlgorithms(Consumer<Set<SignatureAlgorithm>> signatureAlgorithmsConsumer)	Configure the list of algorithms to use with the given Consumer.
NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder	jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.JWKSecurityContext>> jwtProcessorCustomizer)	Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.
NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder	validateType(boolean shouldValidateTypHeader)	Whether to use Nimbus's typ header verification.
NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder	webClient(org.springframework.web.reactive.function.client.WebClient webClient)	Use the given WebClient to coordinate with the authorization servers indicated in the JWK Set uri as well as the Issuer.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

jwsAlgorithm

public NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder jwsAlgorithm(SignatureAlgorithm signatureAlgorithm)

Append the given signing algorithm to the set of algorithms to use.

Parameters:

signatureAlgorithm - the algorithm to use

Returns:

a NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder for further configurations

validateType

public NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)

Whether to use Nimbus's typ header verification. This is true by default, however it may change to false in a future major release.

By turning off this feature, NimbusReactiveJwtDecoder expects applications to check the typ header themselves in order to determine what kind of validation is needed

This is done for you when you use JwtValidators to construct a validator.

That means that this: NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withIssuerLocation(issuer).build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(issuer);

Is equivalent to this: NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withIssuerLocation(issuer) .validateType(false) .build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators( new JwtIssuerValidator(issuer), JwtTypeValidator.jwt());

The difference is that by setting this to false, it allows you to provide validation by type, like for at+jwt: NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withIssuerLocation(issuer) .validateType(false) .build(); jwtDecoder.setJwtValidator(new MyAtJwtValidator());

Parameters:

shouldValidateTypHeader - whether Nimbus should validate the typ header or not

Returns:

a NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder for further configurations

Since:

6.5

jwsAlgorithms

public NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder jwsAlgorithms(Consumer<Set<SignatureAlgorithm>> signatureAlgorithmsConsumer)

Configure the list of algorithms to use with the given Consumer.

Parameters:

signatureAlgorithmsConsumer - a Consumer for further configuring the algorithm list

Returns:

a NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder for further configurations

webClient

public NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder webClient(org.springframework.web.reactive.function.client.WebClient webClient)

Use the given WebClient to coordinate with the authorization servers indicated in the JWK Set uri as well as the Issuer.

Parameters:

webClient -

Returns:

a NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder for further configurations

jwtProcessorCustomizer

public NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.JWKSecurityContext>> jwtProcessorCustomizer)

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.

Parameters:

jwtProcessorCustomizer - the callback used to alter the processor

Returns:

a NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder for further configurations

Since:

5.4

build

public NimbusReactiveJwtDecoder build()

Build the configured NimbusReactiveJwtDecoder.

Returns:

the configured NimbusReactiveJwtDecoder