Class MSEntraJWTSSOProvider

  • All Implemented Interfaces:
    com.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JCAContext>, com.nimbusds.jose.JOSEProvider, com.nimbusds.jose.JWSProvider, com.nimbusds.jose.JWSVerifier, JWTSSOProvider

    public class MSEntraJWTSSOProvider
    extends Object
    implements JWTSSOProvider
    JWT authorisation for access tokens issued by Microsoft Entra (formerly Azure) for Microsoft Entra-only applications (v1.0 tokens) cf.
    • Method Detail

      • getIssuer

        public String getIssuer()
        Description copied from interface: JWTSSOProvider
        Gives the identifier for the JWT issuer verified by this instance.
        Specified by:
        getIssuer in interface JWTSSOProvider
        identifier for the JWT issuer verified by this instance
      • supportedJWSAlgorithms

        public Set<com.nimbusds.jose.JWSAlgorithm> supportedJWSAlgorithms()
        Specified by:
        supportedJWSAlgorithms in interface com.nimbusds.jose.JWSProvider
      • getJCAContext

        public com.nimbusds.jose.jca.JCAContext getJCAContext()
        Specified by:
        getJCAContext in interface com.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JCAContext>
      • verify

        public boolean verify​(com.nimbusds.jose.JWSHeader header,
                              byte[] signingInput,
                              com.nimbusds.jose.util.Base64URL signature)
                       throws com.nimbusds.jose.JOSEException
        Specified by:
        verify in interface com.nimbusds.jose.JWSVerifier
      • resolve

        public Pair<User,​Set<SyncopeGrantedAuthority>> resolve​(com.nimbusds.jwt.JWTClaimsSet jwtClaims)
        Description copied from interface: JWTSSOProvider
        Attempts to resolve the given JWT claims into internal User and authorities. IMPORTANT: this is not invoked for the admin super-user.
        Specified by:
        resolve in interface JWTSSOProvider
        jwtClaims - JWT claims
        internal User, with authorities, matching the provided JWT claims, if found; otherwise null