java.lang.Object
- org.forgerock.openig.util.JwtFactoryConfigUtils

public final class JwtFactoryConfigUtils
extends Object

The JwtFactory supports securing of JWTs. Supported JWT types as follows:

signed JWT
signed then encrypted JWT
encrypted JWT
unsecured (unsigned JWT are not recommended, and deprecated as not secure)

Examples below based on JwtBuilderFilter usage:

 {
      "type": "JwtBuilderFilter",
      "config": {
          "secretsProvider":      :     Secrets Provider     [OPTIONAL - resolve signing/encryption keys.]
          "signature"             : {   object               [OPTIONAL - but if set, inner attributes MAY BE REQUIRED]
              "secretId"            :     expression           [REQUIRED - secret ID of the key used for signing]
              "includeKeyId"        :     expression           [OPTIONAL - configure if the keyId (kid) should be set
                                                                  in the JWT header - default is true.]
              "algorithm"           :     expression           [OPTIONAL - default to RS256 (1)]
              "encryption"          : {   object               [OPTIONAL but if set, inner attributes are REQUIRED]
                  "secretId"            :   expression           [REQUIRED - secret ID of the key used for encryption]
                  "algorithm"           :   expression           [REQUIRED - The encryption algorithm (2)]
                  "method"              :   expression           [REQUIRED - The encryption method (3)]
              }
          }
          "encryption"          : {   object                 [OPTIONAL but if set, inner attributes are REQUIRED]
              "secretId"            :   expression             [REQUIRED - secret ID of the key used for encryption]
              "algorithm"           :   expression             [REQUIRED - The encryption algorithm (2)]
              "method"              :   expression             [REQUIRED - The encryption method (3)]
          }
      }
 }

(1) List of JWS Algorithms (2) List of JWE Algorithms (3) List of Encryption Methods

Example for signing a JWT:

 {
      "type": "JwtBuilderFilter",
      "config": {
          "signature": {
              "secretId": "my.signature.key",
              "algorithm": "HS384"
          }
      }
 }

Example for signing then encrypting a JWT:

 {
      "type": "JwtBuilderFilter",
      "config": {
          "signature": {
              "secretId": "my.signature.key",
              "algorithm": "HS256",
              "encryption": {
                  "secretId": "my.encryption.key",
                  "algorithm": "dir",
                  "method": "A128CBC-HS256"
              }
          }
      }
 }

Example for encrypting a JWT:

 {
      "type": "JwtBuilderFilter",
      "config": {
          "secretsProvider": "SystemAndEnvSecretStore-1"
          "encryption": {
              "secretId": "my.encryption.key",
              "algorithm": "dir",
              "method": "A128GCM"
          }
      }
 }

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static Function<JsonValue,JwtFactory,HeapException>`	`jwtFactory(Heap heap)`	Function supporting transformation of JSON configuration to a `JwtFactory` instance registered in the heap.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - jwtFactory
```
public static Function<JsonValue,JwtFactory,HeapException> jwtFactory(Heap heap)
```
    Function supporting transformation of JSON configuration to a JwtFactory instance registered in the heap.
    
    Parameters:
    
    heap - The heap
    
    Returns:
    
    Function capable of transforming JSON value to JwtFactory instance in the heap

Class JwtFactoryConfigUtils

Method Summary

Methods inherited from class java.lang.Object

Method Detail

jwtFactory