private String getIssuer(String accessToken) { try { JWT jwt = JWTParser.parse(accessToken); String issuer = jwt.getJWTClaimsSet().getIssuer(); return issuer; } catch (ParseException e) { throw new IllegalArgumentException("Unable to parse JWT", e); } }
@Override public Collection<? extends GrantedAuthority> mapAuthorities(JWT idToken, UserInfo userInfo) { Set<GrantedAuthority> out = new HashSet<>(); try { JWTClaimsSet claims = idToken.getJWTClaimsSet(); SubjectIssuerGrantedAuthority authority = new SubjectIssuerGrantedAuthority(claims.getSubject(), claims.getIssuer()); out.add(authority); if (admins.contains(authority)) { out.add(ROLE_ADMIN); } // everybody's a user by default out.add(ROLE_USER); } catch (ParseException e) { logger.error("Unable to parse ID Token inside of authorities mapper (huh?)"); } return out; }
@Override public boolean isValid(JWT assertion) { if (!(assertion instanceof SignedJWT)) { // unsigned assertion return false; } JWTClaimsSet claims; try { claims = assertion.getJWTClaimsSet(); } catch (ParseException e) { logger.debug("Invalid assertion claims"); return false; } if (Strings.isNullOrEmpty(claims.getIssuer())) { logger.debug("No issuer for assertion, rejecting"); return false; } if (!whitelist.containsKey(claims.getIssuer())) { logger.debug("Issuer is not in whitelist, rejecting"); return false; } String jwksUri = whitelist.get(claims.getIssuer()); JWTSigningAndValidationService validator = jwkCache.getValidator(jwksUri); if (validator.validateSignature((SignedJWT) assertion)) { return true; } else { return false; } }
@Override public boolean isValid(JWT assertion) { if (!(assertion instanceof SignedJWT)) { // unsigned assertion return false; } JWTClaimsSet claims; try { claims = assertion.getJWTClaimsSet(); } catch (ParseException e) { logger.debug("Invalid assertion claims"); return false; } // make sure the issuer exists if (Strings.isNullOrEmpty(claims.getIssuer())) { logger.debug("No issuer for assertion, rejecting"); return false; } // make sure the issuer is us if (!claims.getIssuer().equals(config.getIssuer())) { logger.debug("Issuer is not the same as this server, rejecting"); return false; } // validate the signature based on our public key if (jwtService.validateSignature((SignedJWT) assertion)) { return true; } else { return false; } }
if (idClaims.getIssuer() == null) { throw new AuthenticationServiceException("Id Token Issuer is null"); } else if (!idClaims.getIssuer().equals(serverConfig.getIssuer())){ throw new AuthenticationServiceException("Issuers do not match, expected " + serverConfig.getIssuer() + " got " + idClaims.getIssuer()); PendingOIDCAuthenticationToken token = new PendingOIDCAuthenticationToken(idClaims.getSubject(), idClaims.getIssuer(), serverConfig, idToken, accessTokenValue, refreshTokenValue);
if (jwtClaims.getIssuer() == null) { throw new AuthenticationServiceException("Assertion Token Issuer is null"); } else if (!jwtClaims.getIssuer().equals(client.getClientId())){ throw new AuthenticationServiceException("Issuers do not match, expected " + client.getClientId() + " got " + jwtClaims.getIssuer());
Preconditions.checkArgument(claims.getIssuer().equals(IAP_ISSUER_URL));
public String getIssuer() { return jwtClaimsSet == null ? null : jwtClaimsSet.getIssuer(); }
public String getIssuer() { return jwtClaimsSet == null ? null : jwtClaimsSet.getIssuer(); }
private boolean isIssuedCorrectly(JWTClaimsSet claimsSet) { return claimsSet.getIssuer().equals(jwtConfiguration.getCognitoIdentityPoolUrl()); }
@Override public void verify(JWTClaimsSet claimsSet, SecurityContext ctx) throws BadJWTException { super.verify(claimsSet, ctx); final String issuer = claimsSet.getIssuer(); if (issuer == null || !issuer.contains("https://sts.windows.net/") && !issuer.contains("https://sts.chinacloudapi.cn/")) { throw new BadJWTException("Invalid token issuer"); } } });
@Override public void verify(JWTClaimsSet claimsSet, SecurityContext ctx) throws BadJWTException { super.verify(claimsSet, ctx); final String issuer = claimsSet.getIssuer(); if (issuer == null || !issuer.contains("https://sts.windows.net/") && !issuer.contains("https://sts.chinacloudapi.cn/")) { throw new BadJWTException("Invalid token issuer"); } } });
protected boolean isValidIssuer(RequestObject requestObject, OAuth2Parameters oAuth2Parameters) { String issuer = requestObject.getClaimsSet().getIssuer(); return StringUtils.isNotEmpty(issuer) && issuer.equals(oAuth2Parameters.getClientId()); }
private String getIssuer(String accessToken) { try { JWT jwt = JWTParser.parse(accessToken); String issuer = jwt.getJWTClaimsSet().getIssuer(); return issuer; } catch (ParseException e) { throw new IllegalArgumentException("Unable to parse JWT", e); } }
private boolean validateRequiredFields(JWTClaimsSet claimsSet) throws IdentityOAuth2Exception { String subject = resolveSubject(claimsSet); List<String> audience = claimsSet.getAudience(); String jti = claimsSet.getJWTID(); if (StringUtils.isEmpty(claimsSet.getIssuer()) || StringUtils.isEmpty(subject) || claimsSet.getExpirationTime() == null || audience == null || jti == null) { throw new IdentityOAuth2Exception("Mandatory fields(Issuer, Subject, Expiration time," + " jtl or Audience) are empty in the given Token."); } return true; }
public IdentityReference deserialize(String token) throws Exception { String sToken = new String(Base64.getDecoder().decode(token)); // Parse the JWE string JWEObject jweObject = JWEObject.parse(sToken); // Decrypt with shared key jweObject.decrypt(new DirectDecrypter(secretKey.getEncoded())); // Extract payload SignedJWT signedJWT = jweObject.getPayload().toSignedJWT(); // Check the HMAC signedJWT.verify(new MACVerifier(secretKey.getEncoded())); // Retrieve the JWT claims return new IdentityReference(signedJWT.getJWTClaimsSet().getIssuer(), signedJWT.getJWTClaimsSet().getSubject()); } }
public IdentityReference deserialize(String token) throws Exception { String sToken = new String(Base64.getDecoder().decode(token)); // Parse the JWE string JWEObject jweObject = JWEObject.parse(sToken); // Decrypt with shared key jweObject.decrypt(new DirectDecrypter(secretKey.getEncoded())); // Extract payload SignedJWT signedJWT = jweObject.getPayload().toSignedJWT(); // Check the HMAC signedJWT.verify(new MACVerifier(secretKey.getEncoded())); // Retrieve the JWT claims return new IdentityReference(signedJWT.getJWTClaimsSet().getIssuer(), signedJWT.getJWTClaimsSet().getSubject()); } }
@Nonnull @Override public Jwt parse(String jwt) throws JwtParseException { JWSObject jwsObject = parseJWSObject(jwt); try { JWTClaimsSet claims = JWTClaimsSet.parse(jwsObject.getPayload().toJSONObject()); return new SimpleJwt(claims.getIssuer(), claims.getSubject(), jwsObject.getPayload().toString()); } catch (ParseException e) { throw new JwtParseException(e); } }
private void validateRequiredClaims(JWTClaimsSet claims) throws MissingRequiredClaimException { checkClaimNotNull(claims.getAudience(), Claim.AUDIENCE); checkClaimNotNull(claims.getIssuer(), Claim.ISSUER); checkClaimNotNull(claims.getJWTID(), Claim.JWT_ID); checkClaimNotNull(claims.getIssueTime(), Claim.ISSUED_AT); checkClaimNotNull(claims.getExpirationTime(), Claim.EXPIRY); }
public SimpleUnverifiedJwt parse(String jwt) throws JwtParseException { JWSObject jwsObject = parseJWSObject(jwt); try { JWTClaimsSet claims = JWTClaimsSet.parse(jwsObject.getPayload().toJSONObject()); return new SimpleUnverifiedJwt(jwsObject.getHeader().getAlgorithm().getName(), claims.getIssuer(), claims.getSubject(), jwsObject.getPayload().toString()); } catch (ParseException e) { throw new JwtParseException(e); } }