Class LoginAccessTokenValidator
java.lang.Object
org.apache.kafka.common.security.oauthbearer.secured.LoginAccessTokenValidator
- All Implemented Interfaces:
AccessTokenValidator
LoginAccessTokenValidator is an implementation of
AccessTokenValidator that is used
by the client to perform some rudimentary validation of the JWT access token that is received
as part of the response from posting the client credentials to the OAuth/OIDC provider's
token endpoint.
The validation steps performed are:
-
Basic structural validation of the
b64tokenvalue as defined in RFC 6750 Section 2.1 - Basic conversion of the token into an in-memory map
- Presence of scope,
exp, subject, andiatclaims
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionLoginAccessTokenValidator(String scopeClaimName, String subClaimName) Creates a new LoginAccessTokenValidator that will be used by the client for lightweight validation of the JWT. -
Method Summary
Modifier and TypeMethodDescriptionAccepts an OAuth JWT access token in base-64 encoded format, validates, and returns an OAuthBearerToken.
-
Field Details
-
EXPIRATION_CLAIM_NAME
- See Also:
-
ISSUED_AT_CLAIM_NAME
- See Also:
-
-
Constructor Details
-
LoginAccessTokenValidator
Creates a new LoginAccessTokenValidator that will be used by the client for lightweight validation of the JWT.- Parameters:
scopeClaimName- Name of the scope claim to use; must be non-nullsubClaimName- Name of the subject claim to use; must be non-null
-
-
Method Details
-
validate
Accepts an OAuth JWT access token in base-64 encoded format, validates, and returns an OAuthBearerToken.- Specified by:
validatein interfaceAccessTokenValidator- Parameters:
accessToken- Non-nullJWT access token- Returns:
OAuthBearerToken- Throws:
ValidateException- Thrown on errors performing validation of given token
-