org.mockserver.oidc.OidcKeyProvider

public class OidcKeyProvider extends Object

Resolves the AsymmetricKeyPair that an OIDC provider signs tokens with and publishes via its JWKS endpoint.

Resolution order:

If jwkJson is supplied — parse the JWK (which carries both key material and, when present, its kid and algorithm).
If privateKeyPem is supplied — parse the private key; derive the public key from certificatePem when present, otherwise from the RSA private key's CRT parameters.
Otherwise — generate a fresh key pair for signingAlgorithm.

Whatever the source, the resulting key pair's algorithm matches the configured signingAlgorithm so the same key both signs tokens and is published in the JWKS — keeping the sign/publish invariant intact. A supplied keyId (or the JWK's own kid) gives a stable kid across restarts so JWKS-caching clients keep working; otherwise a random kid is generated.

Constructor Summary

Constructors

Constructor

Description

OidcKeyProvider()
Method Summary

Modifier and Type

Method

Description

static AsymmetricKeyPair

resolveKeyPair(OidcProviderConfiguration config)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- OidcKeyProvider
  
  public OidcKeyProvider()
Method Details
- resolveKeyPair
  
  public static AsymmetricKeyPair resolveKeyPair(OidcProviderConfiguration config)

Class OidcKeyProvider

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

OidcKeyProvider

Method Details

resolveKeyPair