java.lang.Object
- org.forgerock.oauth.resolvers.BaseOpenIdResolver
- - org.forgerock.oauth.resolvers.JWKOpenIdResolverImpl

All Implemented Interfaces:

GenericOpenIdResolver<SignedJwt>, OpenIdResolver
```
public class JWKOpenIdResolverImpl
extends BaseOpenIdResolver
```
This class exists to allow Open Id Providers to supply or promote a JWK exposure point for their public keys. We convert the exposed keys they provide according to the algorithm defined by their JWK and offer their keys in a map key'd on their keyId. The map of keys is loaded on construction, and reloaded each time an Open Id token is passed in to this resolver whose keyId does not exist within the list that we currently have. This means that we will cache the keys for as long as they are valid, and as soon as we receive a request to verify using a key which we don't have we discard our current keys and re-fill our map.

Field Summary
- Fields inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver
  CLIENT_SECRET_KEY, ISSUER_KEY, JWK, KEY_ALIAS_KEY, KEYSTORE_LOCATION_KEY, KEYSTORE_PASS_KEY, KEYSTORE_TYPE_KEY, WELL_KNOWN_CONFIGURATION

Constructor Summary

Constructors
Constructor Description

JWKOpenIdResolverImpl(String issuer, JwksStore jwksStore)
Constructs a JWKOpenIdResolverImpl.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`validateIdentity(SignedJwt idClaim)`	Validates the supplied Jwt against this OpenId Connect Idp.
`void`	`verifySignature(SignedJwt idClaim)`	Verifies that the JWS was signed by the supplied key.

Methods inherited from class org.forgerock.oauth.resolvers.BaseOpenIdResolver
getIssuer

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver
getExpectedJwtType

- Constructor Detail
  - JWKOpenIdResolverImpl
```
public JWKOpenIdResolverImpl(String issuer,
                             JwksStore jwksStore)
                      throws FailedToLoadJWKException
```
    Constructs a JWKOpenIdResolverImpl.
    
    Parameters:
    
    issuer - The issuer (provider) of the Open Id Connect id token
    
    jwksStore - The jwks store
    
    Throws:
    
    FailedToLoadJWKException - if there were issues resolving or parsing the JWK
- Method Detail
  - validateIdentity
```
public void validateIdentity(SignedJwt idClaim)
                      throws OpenIdConnectVerificationException
```
    Description copied from class: BaseOpenIdResolver
    
    Validates the supplied Jwt against this OpenId Connect Idp.
    
    Specified by:
    
    validateIdentity in interface GenericOpenIdResolver<SignedJwt>
    
    Overrides:
    
    validateIdentity in class BaseOpenIdResolver
    
    Parameters:
    
    idClaim - The Jwt to test is authenticated
    
    Throws:
    
    OpenIdConnectVerificationException - If the Jwt is unable to be verified
  - verifySignature
```
public void verifySignature(SignedJwt idClaim)
                     throws InvalidSignatureException,
                            FailedToLoadJWKException
```
    Verifies that the JWS was signed by the supplied key. Throws an exception otherwise.
    
    Parameters:
    
    idClaim - The JWS to verify
    
    Throws:
    
    InvalidSignatureException - If the JWS supplied does not match the key for this resolver
    
    FailedToLoadJWKException - If the JWK supplied cannot be loaded from its remote location

Class JWKOpenIdResolverImpl

Field Summary

Fields inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver

Constructor Summary

Method Summary

Methods inherited from class org.forgerock.oauth.resolvers.BaseOpenIdResolver

Methods inherited from class java.lang.Object

Methods inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver

Constructor Detail

JWKOpenIdResolverImpl

Method Detail

validateIdentity

verifySignature