Class ClientJwtValidator
java.lang.Object
org.apache.kafka.common.security.oauthbearer.ClientJwtValidator
- All Implemented Interfaces:
Closeable,AutoCloseable,org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable,JwtValidator
ClientJwtValidator is an implementation of JwtValidator that is used
by the client to perform some rudimentary validation of the JWT access token that is received
as part of the response from posting the client credentials to the OAuth/OIDC provider's
token endpoint.
The validation steps performed are:
-
Basic structural validation of the
b64tokenvalue as defined in RFC 6750 Section 2.1 - Basic conversion of the token into an in-memory map
- Presence of
scope,exp,subject, andiatclaims
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable
close
-
Field Details
-
EXPIRATION_CLAIM_NAME
- See Also:
-
ISSUED_AT_CLAIM_NAME
- See Also:
-
-
Constructor Details
-
ClientJwtValidator
public ClientJwtValidator()
-
-
Method Details
-
configure
public void configure(Map<String, ?> configs, String saslMechanism, List<AppConfigurationEntry> jaasConfigEntries) - Specified by:
configurein interfaceorg.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable
-
validate
Accepts an OAuth JWT access token in base-64 encoded format, validates, and returns an OAuthBearerToken.- Specified by:
validatein interfaceJwtValidator- Parameters:
accessToken- Non-nullJWT access token- Returns:
OAuthBearerToken- Throws:
JwtValidatorException- Thrown on errors performing validation of given token
-