vck-openid/at.asitplus.wallet.lib.oauth2/JwtTokenService

JwtTokenService

class JwtTokenService(val generation: JwtTokenGenerationService, val verification: JwtTokenVerificationService, val dpopSigningAlgValuesSupportedStrings: Set<String>?, val supportsRefreshTokens: Boolean) : TokenService(source)

Combines sender-constrained JWT tokens from JwtTokenGenerationService and JwtTokenVerificationService.

Constructors

Link copied to clipboard
constructor(generation: JwtTokenGenerationService, verification: JwtTokenVerificationService, dpopSigningAlgValuesSupportedStrings: Set<String>?, supportsRefreshTokens: Boolean)

Properties

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
open override val supportsRefreshTokens: Boolean
Link copied to clipboard

Functions

Link copied to clipboard
open suspend fun dpopNonce(): String?
Link copied to clipboard
open suspend override fun readUserInfo(authorizationHeader: String, request: RequestInfo?): ValidatedAccessToken

Provides information about the access token from authorizationHeader, if it has been issued by generation. Access token needs to be validated before (see TokenVerificationService.validateAccessToken)

Link copied to clipboard
open suspend fun tokenExchange(request: TokenRequestParameters, expectedResource: String, httpRequest: RequestInfo?): TokenResponseParameters

OAuth 2.0 Token Exchange: Validate the received token from TokenRequestParameters.subjectToken and issue a fresh access token. Callers need to make sure that the client has been authenticated before calling this method.

Link copied to clipboard
open suspend override fun validateTokenForTokenExchange(subjectToken: String): ValidatedAccessToken

Validates the subject token (that is a token sent by a third party) for token exchange) is one issued from generation, and that the client presented a valid proof-of-possession for the key the token is bound to. Callers need to authenticate the client before calling this method.