SharedSecretOpenIdResolverImpl (OpenAM Server Only 7.2.2 Documentation)

java.lang.Object
- org.forgerock.oauth.resolvers.BaseOpenIdResolver
- - org.forgerock.oauth.resolvers.SharedSecretOpenIdResolverImpl

All Implemented Interfaces:

GenericOpenIdResolver<SignedJwt>, OpenIdResolver
```
public class SharedSecretOpenIdResolverImpl
extends BaseOpenIdResolver
```
This class exists to allow functionality for those Open ID Connect providers which supply their signatures through symmetric key algorithms (e.g. HMAC). In these cases we want to use the shared secret (known to both the provider and client) such that we can generate a "private key". We do this using the SecretKeySpec call in verifySignature(org.forgerock.json.jose.jws.SignedJwt).

Field Summary
- Fields inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver
  CLIENT_SECRET_KEY, ISSUER_KEY, JWK, KEY_ALIAS_KEY, KEYSTORE_LOCATION_KEY, KEYSTORE_PASS_KEY, KEYSTORE_TYPE_KEY, WELL_KNOWN_CONFIGURATION

Constructor Summary

Constructors
Constructor Description

SharedSecretOpenIdResolverImpl(String issuer, String sharedSecret)
Constructor for SharedSecretOpenIdResolverImpl.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`validateIdentity(SignedJwt idClaim)`	Validates the supplied Jwt against this OpenId Connect Idp.
`void`	`verifySignature(SignedJwt idClaim)`	Verifies that the JWS was signed by the supplied key.

Methods inherited from class org.forgerock.oauth.resolvers.BaseOpenIdResolver
getIssuer

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver
getExpectedJwtType

- Constructor Detail
  - SharedSecretOpenIdResolverImpl
```
public SharedSecretOpenIdResolverImpl(String issuer,
                                      String sharedSecret)
```
    Constructor for SharedSecretOpenIdResolverImpl.
    
    Parameters:
    
    issuer - The issuer (provider) of the Open Id Connect id token
    
    sharedSecret - The secret String, known to both provider and consumer
    
    Throws:
    
    IllegalArgumentException - if the sharedSecret is null
- Method Detail
  - validateIdentity
```
public void validateIdentity(SignedJwt idClaim)
                      throws OpenIdConnectVerificationException
```
    Validates the supplied Jwt against this OpenId Connect Idp.
    
    Specified by:
    
    validateIdentity in interface GenericOpenIdResolver<SignedJwt>
    
    Overrides:
    
    validateIdentity in class BaseOpenIdResolver
    
    Parameters:
    
    idClaim - The Jwt to test is authenticated
    
    Throws:
    
    OpenIdConnectVerificationException - If the Jwt is unable to be verified
  - verifySignature
```
public void verifySignature(SignedJwt idClaim)
                     throws InvalidSignatureException
```
    Verifies that the JWS was signed by the supplied key. Throws an exception otherwise.
    
    Parameters:
    
    idClaim - The JWS to verify
    
    Throws:
    
    InvalidSignatureException - If the JWS supplied does not match the key for this resolver