Java Code Examples for com.nimbusds.jwt.JWTClaimsSet#getAudience()

/**
 * Check whether the token has been released to the expected audience
 */
private boolean validateTokenAudience(JWTClaimsSet claims) {
    List<String> audiences = claims.getAudience();

    if (audiences == null) {
        log.error("The authorization token doesn't have an audience (aud)");
        return false;
    }

    if (audiences.contains(this.audience)) {
        return true;
    }

    log.error("The authorization token audience `{}` doesn't match the expected audience `{}`",
        audiences, this.audience);

    return false;
}
 

/**
 * Check whether the token has been released to the expected audience
 */
private boolean validateTokenAudience(JWTClaimsSet claims) {
    List<String> audiences = claims.getAudience();

    if (audiences == null) {
        log.error("The authorization token doesn't have an audience (aud)");
        return false;
    }

    if (audiences.contains(this.audience)) {
        return true;
    }

    log.error("The authorization token audience `{}` doesn't match the expected audience `{}`",
        audiences, this.audience);

    return false;
}
 

/**
 * Check whether the token has been released to the expected audience
 */
private boolean validateTokenAudience(JWTClaimsSet claims) {
    List<String> audiences = claims.getAudience();

    if (audiences == null) {
        log.error("The authorization token doesn't have an audience (aud)");
        return false;
    }

    if (audiences.contains(this.audience)) {
        return true;
    }

    log.error("The authorization token audience `{}` doesn't match the expected audience `{}`",
        audiences, this.audience);

    return false;
}
 

private void validateMandatoryJWTClaims(JWTClaimsSet claimsSet) throws IdentityOAuth2Exception {

        String subject = claimsSet.getSubject();
        List<String> audience = claimsSet.getAudience();
        String jti = claimsSet.getJWTID();
        if (StringUtils.isEmpty(claimsSet.getIssuer()) || StringUtils.isEmpty(subject) ||
                claimsSet.getExpirationTime() == null || audience == null || jti == null) {
            throw new IdentityOAuth2Exception("Mandatory fields(Issuer, Subject, Expiration time, jtl or Audience) " +
                    "are empty in the given Token.");
        }
    }
 

private boolean validateAudiences(JWTClaimsSet claimsSet) {
  if (_audiences == null) {
    return true;
  }
  List<String> tokenAudienceList = claimsSet.getAudience();
  for (String aud : tokenAudienceList) {
    if (_audiences.contains(aud)) {
      JWT_LOGGER.trace("JWT token audience has been successfully validated");
      return true;
    }
  }
  JWT_LOGGER.trace("Couldn't find a valid audience");
  return false;
}
 

/**
 * Validate the jwt audience.
 *
 * @param jwtToken knox jwt
 * @return whether this jwt audience is valid
 * @throws ParseException if the payload of the jwt doesn't represent a valid json object and a jwt claims set
 */
private boolean validateAudience(final SignedJWT jwtToken) throws ParseException {
    if (audiences == null) {
        return true;
    }

    final JWTClaimsSet claimsSet = jwtToken.getJWTClaimsSet();
    if (claimsSet == null) {
        logger.error("Claims set is missing from Knox JWT.");
        return false;
    }

    final List<String> tokenAudiences = claimsSet.getAudience();
    if (tokenAudiences == null) {
        logger.error("Audience is missing from the Knox JWT.");
        return false;
    }

    boolean valid = false;
    for (final String tokenAudience : tokenAudiences) {
        // ensure one of the audiences is matched
        if (audiences.contains(tokenAudience)) {
            valid = true;
            break;
        }
    }

    if (!valid) {
        logger.error(String.format("The Knox JWT does not have the required audience(s). Required one of [%s]. Present in JWT [%s].",
                StringUtils.join(audiences, ", "), StringUtils.join(tokenAudiences, ", ")));
    }

    return valid;
}