API Business Services - OAUTH2 token validation

Implement a class extending class com.noheto.restapi.OAuth2IdTokenValidatorAdapter to validate id_token.

Method

  • validate(OAuth2IdTokenValidationContext context): must return true if the token is valid or else, false

Context

Provides some claims from the token, or properties from userinfo, or other variables…​

  • getLocale(): returns locale

  • getProperty(String name) returns value of property (from userinfo, token, etc)

  • hasProperty(String name) returns true if property exists

  • getOrganizationProperty() returns name of organization property name, or null if not supported (example: hd, for Google Suite)

  • getOrganization() returns organization if supported

  • getConfigurationURI() returns the configuration URI (also called server discovery end point, some URI finishing with /.well-known/openid-configuration by example)

  • getAud(): returns aud (audience) from the JWT token

  • getClientID(): returns clientid

  • getISS(): returns iss (issuer) from the JWT token

  • getExp(): returns exp (expiration date) from the JWT token

  • getNbf(): returns nbf (not before date) from the JWT token

  • getIDToken(): returns id_token

  • getHeader(): returns header of the JWT token (as org.json.JSONObject)

  • getPayload(): returns payload of the JWT token (as org.json.JSONObject)

  • getSignature(): : returns signature of the JWT token

  • getServerId(): returns authentication/identification server id (name of corresponding configuration)