Package io.confluent.kafka.schemaregistry.client.security.bearerauth.oauth

Class ClientJwtValidator

java.lang.Object
io.confluent.kafka.schemaregistry.client.security.bearerauth.oauth.ClientJwtValidator
All Implemented Interfaces:
Closeable, AutoCloseable, org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable, org.apache.kafka.common.security.oauthbearer.JwtValidator
public class ClientJwtValidator extends Object implements org.apache.kafka.common.security.oauthbearer.JwtValidator
ClientJwtValidator is an implementation of JwtValidator that is used by the client to perform some rudimentary validation of the JWT access token that is received as part of the response from posting the client credentials to the OAuth/OIDC provider's token endpoint. The validation steps performed are:
  1. Basic structural validation of the b64token value as defined in RFC 6750 Section 2.1
  2. Basic conversion of the token into an in-memory map
  3. Presence of scope, exp, subject, and iat claims

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    EXPIRATION_CLAIM_NAME
     
    static final String
    ISSUED_AT_CLAIM_NAME
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    ClientJwtValidator(String scopeClaimName, String subClaimName)
    Creates a new ClientJwtValidator that will be used by the client for lightweight validation of the JWT.

  • Method Summary

    Modifier and Type
    Method
    Description
    org.apache.kafka.common.security.oauthbearer.OAuthBearerToken
    validate(String accessToken)
    Accepts an OAuth JWT access token in base-64 encoded format, validates, and returns an OAuthBearerToken.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable

    close, configure

  • Field Details

  • Constructor Details

    • ClientJwtValidator

      public ClientJwtValidator(String scopeClaimName, String subClaimName)
      Creates a new ClientJwtValidator that will be used by the client for lightweight validation of the JWT.
      Parameters:
      scopeClaimName - Name of the scope claim to use; must be non-null
      subClaimName - Name of the subject claim to use; must be non-null

  • Method Details

    • validate

      public org.apache.kafka.common.security.oauthbearer.OAuthBearerToken validate(String accessToken) throws org.apache.kafka.common.security.oauthbearer.JwtValidatorException
      Accepts an OAuth JWT access token in base-64 encoded format, validates, and returns an OAuthBearerToken.
      Specified by:
      validate in interface org.apache.kafka.common.security.oauthbearer.JwtValidator
      Parameters:
      accessToken - Non-null JWT access token
      Returns:
      OAuthBearerToken
      Throws:
      org.apache.kafka.common.security.oauthbearer.JwtValidatorException - Thrown on errors performing validation of given token