org.mockserver.authentication.oidc.OidcJWTValidator

public class OidcJWTValidator extends Object

Verifies a control-plane OIDC bearer token against a remote/immutable JWK set. Installs an OidcJWTClaimsVerifier so issuer, audience, exp/nbf and required-scope checks are all enforced. On any failure throws AuthenticationException (-> 401).

Only ASYMMETRIC JWS algorithms are accepted (RS*, PS*, ES*, EdDSA). HMAC (HS256/384/512) is deliberately excluded: OIDC IdPs sign with asymmetric keys, and accepting HMAC against a public JWK set is the classic algorithm-confusion footgun (an attacker forges an HMAC token using the public key bytes as the shared secret). The alg=none (unsecured) JWS is likewise rejected by nimbus because it is not in this set.

Constructor Summary

Constructors

Constructor

Description

OidcJWTValidator(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> jwkSource, String expectedAudience, String expectedIssuer, String scopeClaim, Set<String> requiredScopes)
Method Summary

Modifier and Type

Method

Description

com.nimbusds.jwt.JWTClaimsSet

validate(String jwt)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- OidcJWTValidator
  
  public OidcJWTValidator(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> jwkSource, String expectedAudience, String expectedIssuer, String scopeClaim, Set<String> requiredScopes)
Method Details
- validate
  
  public com.nimbusds.jwt.JWTClaimsSet validate(String jwt)

Class OidcJWTValidator

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

OidcJWTValidator

Method Details

validate