JwtTokenVerificationService
class JwtTokenVerificationService(nonceService: NonceService, dpopNonceService: NonceService = DefaultNonceService(), issuerKey: JsonWebKey, verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), verifyJwsSignatureWithKey: VerifyJwsSignatureWithKeyFun = VerifyJwsSignatureWithKey(), clock: Clock = System, timeLeeway: Duration = 5.minutes) : TokenVerificationService(source)
Verifies JWT tokens that have been generated by JwtTokenGenerationService, as OpenId4VciAccessToken.
Implemented from OAuth 2.0 Demonstrating Proof of Possession (DPoP)
Constructors
Link copied to clipboard
constructor(nonceService: NonceService, dpopNonceService: NonceService = DefaultNonceService(), issuerKey: JsonWebKey, verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), verifyJwsSignatureWithKey: VerifyJwsSignatureWithKeyFun = VerifyJwsSignatureWithKey(), clock: Clock = System, timeLeeway: Duration = 5.minutes)
Functions
Link copied to clipboard
open suspend override fun extractValidatedClientKey(httpRequest: RequestInfo?): KmmResult<JsonWebKey?>
Validate a DPoP proof and extract the client's key if the proof exists at all.
Link copied to clipboard
Reads information about the token contained in tokenOrAuthHeader for token introspection.
Link copied to clipboard
open suspend override fun validateAccessToken(tokenOrAuthHeader: String, httpRequest: RequestInfo?, dpopNonceService: NonceService?): KmmResult<Unit>
Validates the token (either plain token or from an HTTP Authorization header, i.e., with prefix).
Link copied to clipboard
open suspend override fun validateRefreshToken(refreshToken: String, httpRequest: RequestInfo?, validatedClientKey: JsonWebKey?): String
Validates that this refresh token was actually issued by the known TokenGenerationService.