Class MSEntraJWTSSOProvider
java.lang.Object
org.apache.syncope.core.spring.security.MSEntraJWTSSOProvider
- All Implemented Interfaces:
com.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JCAContext>,com.nimbusds.jose.JOSEProvider,com.nimbusds.jose.JWSProvider,com.nimbusds.jose.JWSVerifier,JWTSSOProvider
JWT authorisation for access tokens issued by Microsoft Entra (formerly Azure)
for Microsoft Entra-only applications (v1.0 tokens)
cf. https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final Stringprotected final AuthDataAccessorprotected final Stringprotected final Durationprotected final Stringprotected final UserDAOprotected final MSEntraAccessTokenJWSVerifier -
Constructor Summary
ConstructorsConstructorDescriptionMSEntraJWTSSOProvider(UserDAO userDAO, AuthDataAccessor authDataAccessor, String tenantId, String appId, String authUsername, Duration clockSkew, MSEntraAccessTokenJWSVerifier verifier) -
Method Summary
Modifier and TypeMethodDescriptionGives the identifier for the JWT issuer verified by this instance.com.nimbusds.jose.jca.JCAContextresolve(com.nimbusds.jwt.JWTClaimsSet jwtClaims) Attempts to resolve the given JWT claims into internalUserand authorities.Set<com.nimbusds.jose.JWSAlgorithm> booleanverify(com.nimbusds.jose.JWSHeader header, byte[] signingInput, com.nimbusds.jose.util.Base64URL signature)
-
Field Details
-
userDAO
-
authDataAccessor
-
tenantId
-
appId
-
authUsername
-
clockSkew
-
verifier
-
-
Constructor Details
-
MSEntraJWTSSOProvider
public MSEntraJWTSSOProvider(UserDAO userDAO, AuthDataAccessor authDataAccessor, String tenantId, String appId, String authUsername, Duration clockSkew, MSEntraAccessTokenJWSVerifier verifier)
-
-
Method Details
-
getIssuer
Description copied from interface:JWTSSOProviderGives the identifier for the JWT issuer verified by this instance.- Specified by:
getIssuerin interfaceJWTSSOProvider- Returns:
- identifier for the JWT issuer verified by this instance
-
supportedJWSAlgorithms
- Specified by:
supportedJWSAlgorithmsin interfacecom.nimbusds.jose.JWSProvider
-
getJCAContext
public com.nimbusds.jose.jca.JCAContext getJCAContext()- Specified by:
getJCAContextin interfacecom.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JCAContext>
-
verify
public boolean verify(com.nimbusds.jose.JWSHeader header, byte[] signingInput, com.nimbusds.jose.util.Base64URL signature) throws com.nimbusds.jose.JOSEException - Specified by:
verifyin interfacecom.nimbusds.jose.JWSVerifier- Throws:
com.nimbusds.jose.JOSEException
-
resolve
@Transactional(readOnly=true) public Pair<User,Set<SyncopeGrantedAuthority>> resolve(com.nimbusds.jwt.JWTClaimsSet jwtClaims) Description copied from interface:JWTSSOProviderAttempts to resolve the given JWT claims into internalUserand authorities. IMPORTANT: this is not invoked for theadminsuper-user.- Specified by:
resolvein interfaceJWTSSOProvider- Parameters:
jwtClaims- JWT claims- Returns:
- internal User, with authorities, matching the provided JWT claims, if found; otherwise null
-