aud - the Audience claim identifies the recipient(s) that the JWT is intended forJwtorg.springframework.security.authentication.BadCredentialsException
that indicates a Jwt that is invalid in some way.JwtNimbusJwtDecoder.NimbusJwtDecoder.NimbusJwtDecoder.NimbusReactiveJwtDecoder.NimbusReactiveJwtDecoder.NimbusReactiveJwtDecoder.NimbusReactiveJwtDecoder.JwtJwt.Builder.claim(String, Object)
declared so far with the possibility to add, replace, or remove.JwtDecoder using the supplied "contextual" type.ReactiveJwtDecoder using the supplied "contextual" type.Jwt Validator that contains all standard validators.Jwt Validator that contains all standard validators when an issuer is known.Jwt.Jwt.exp - the Expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processingJwtMacAlgorithm.SignatureAlgorithm.JwtDecoder using the provided
Issuer by querying
three different discovery endpoints serially, using the values in the first successful response to
initialize.ReactiveJwtDecoder using the provided
Issuer by querying
three different discovery endpoints serially, using the values in the first successful response to
initialize.JwtDecoder using the provided
Issuer by making an
OpenID Provider
Configuration Request and using the values in the
OpenID
Provider Configuration Response to initialize the JwtDecoder.ReactiveJwtDecoder using the provided
Issuer by making an
OpenID Provider
Configuration Request and using the values in the
OpenID
Provider Configuration Response to initialize the ReactiveJwtDecoder.(aud) claim which identifies the recipient(s)
that the JWT is intended for.OAuth2Errors associated with this exception(exp) claim which identifies the expiration time
on or after which the JWT MUST NOT be accepted for processing.(jti) claim which provides a unique identifier for the JWT.(iat) claim which identifies the time at which the JWT was issued.(iss) claim which identifies the principal that issued the JWT.(nbf) claim which identifies the time
before which the JWT MUST NOT be accepted for processing.(sub) claim which identifies the principal
that is the subject of the JWT.JwtJwt.Builder.header(String, Object)
declared so far with the possibility to add, replace, or remove.iat - The Issued at claim identifies the time at which the JWT was issuediss - the Issuer claim identifies the principal that issued the JWTJwtJwtJwtjti - The JWT ID claim provides a unique identifier for the JWTConsumer.Consumer.AbstractOAuth2Token representing a JSON Web Token (JWT).Jwt using the provided parameters.JwtClaimAccessor for the "claims" that may be contained
in the JSON object JWT Claims Set of a JSON Web Token (JWT).Jwt against a provided PredicateJwtClaimValidator using the provided parametersJwt.JwtDecoder(s).JwtDecoder from an
OpenID Provider Configuration or
Authorization Server Metadata Request based on provided
issuer and method invoked.JwtException using the provided parameters.JwtException using the provided parameters.Jwt, that is matches a configured valueJwtIssuerValidator using the provided parametersOAuth2TokenValidator for verifying claims in a Jwt-based access tokenOAuth2TokenValidatorResultJwtValidationException using the provided parameters
While each OAuth2Error does contain an error description, this constructor
can take an overarching description that encapsulates the composition of failures
That said, it is appropriate to pass one of the messages from the error list in as
the exception description, for example:OAuth2TokenValidator<Jwt>MappedJwtClaimSetConverter with the provided arguments
This will completely replace any set of default converters.nbf - the Not Before claim identifies the time before which the JWT MUST NOT be accepted for processingJwtDecoder which takes a raw Nimbus configuration.NimbusJwtDecoder with the given parametersNimbusJwtDecoder instances based on a
JWK Set uri.NimbusJwtDecoder instances based on a public key.NimbusJwtDecoder instances based on a SecretKey.NimbusJwtDecoder or JwtDecoders insteadNimbusJwtDecoderJwkSupport using the provided parameters.NimbusJwtDecoderJwkSupport using the provided parameters.ReactiveJwtDecoder that "decodes" a
JSON Web Token (JWT) and additionally verifies it's digital signature if the JWT is a
JSON Web Signature (JWS).NimbusReactiveJwtDecoder using the provided parameters.NimbusReactiveJwtDecoder using the provided parameters.NimbusReactiveJwtDecoder using the provided parameters.NimbusReactiveJwtDecoder instances based on a
JWK Set uri.NimbusReactiveJwtDecoder instances.NimbusReactiveJwtDecoder instances based on a public key.NimbusReactiveJwtDecoder instances based on a SecretKey.JwtJwt.ReactiveJwtDecoder(s).ReactiveJwtDecoder from an
OpenID Provider Configuration or
Authorization Server Metadata Request based on provided
issuer and method invoked.Converter for manipulating the JWT's claim setConverter for manipulating the JWT's claim setConverter for manipulating the JWT's claim setClock with Instant.now() for assessing
timestamp validityJwt ValidatorJwt ValidatorOAuth2TokenValidator to validate incoming Jwts.RestOperations used when requesting the JSON Web Key (JWK) Set.sub - the Subject claim identifies the principal that is the subject of the JWTJwtJwtMappedJwtClaimSetConverter, overriding individual claim
converters with the provided Map of Converters.Function to validate JWTsSecretKey to validate the MAC on a JSON Web Signature (JWS).SecretKey to validate the MAC on a JSON Web Signature (JWS).Jwt.Builder