PrivateKeyJWT (OAuth 2.0 SDK with OpenID Connect extensions 5.8.2 API)

java.lang.Object
- com.nimbusds.oauth2.sdk.auth.ClientAuthentication
- - com.nimbusds.oauth2.sdk.auth.JWTAuthentication
  - - com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT

```
@Immutable
public final class PrivateKeyJWT
extends JWTAuthentication
```
Private key JWT authentication at the Token endpoint. Implements ClientAuthenticationMethod.PRIVATE_KEY_JWT.
Supported signature JSON Web Algorithms (JWAs) by this implementation:
- RS256
- RS384
- RS512
- PS256
- PS384
- PS512
- ES256
- ES384
- ES512
Example TokenRequest with private key JWT authentication:
```
 POST /token HTTP/1.1
 Host: server.example.com
 Content-Type: application/x-www-form-urlencoded

 grant_type=authorization_code&
 code=i1WsRn1uB1&
 client_id=s6BhdRkqt3&
 client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&
 client_assertion=PHNhbWxwOl...[omitted for brevity]...ZT
 
```
Related specifications:
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521).
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523)

Field Summary
- Fields inherited from class com.nimbusds.oauth2.sdk.auth.JWTAuthentication
  CLIENT_ASSERTION_TYPE

Constructor Summary

Constructors
Constructor and Description
`PrivateKeyJWT(ClientID clientID, java.net.URI tokenEndpoint, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, java.security.interfaces.ECPrivateKey ecPrivateKey, java.lang.String keyID, java.security.Provider jcaProvider)` Creates a new EC private key JWT authentication.
`PrivateKeyJWT(ClientID clientID, java.net.URI tokenEndpoint, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, java.security.interfaces.RSAPrivateKey rsaPrivateKey, java.lang.String keyID, java.security.Provider jcaProvider)` Creates a new RSA private key JWT authentication.
`PrivateKeyJWT(JWTAuthenticationClaimsSet jwtAuthClaimsSet, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, java.security.interfaces.ECPrivateKey ecPrivateKey, java.lang.String keyID, java.security.Provider jcaProvider)` Creates a new EC private key JWT authentication.
`PrivateKeyJWT(JWTAuthenticationClaimsSet jwtAuthClaimsSet, com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, java.security.interfaces.RSAPrivateKey rsaPrivateKey, java.lang.String keyID, java.security.Provider jcaProvider)` Creates a new RSA private key JWT authentication.
`PrivateKeyJWT(com.nimbusds.jwt.SignedJWT clientAssertion)` Creates a new private key JWT authentication.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static PrivateKeyJWT`	`parse(HTTPRequest httpRequest)` Parses the specified HTTP POST request for a private key JSON Web Token (JWT) authentication.
`static PrivateKeyJWT`	`parse(java.util.Map<java.lang.String,java.lang.String> params)` Parses the specified parameters map for a private key JSON Web Token (JWT) authentication.
`static PrivateKeyJWT`	`parse(java.lang.String paramsString)` Parses a private key JSON Web Token (JWT) authentication from the specified `application/x-www-form-urlencoded` encoded parameters string.
`static java.util.Set<com.nimbusds.jose.JWSAlgorithm>`	`supportedJWAs()` Returns the supported signature JSON Web Algorithms (JWAs).

Methods inherited from class com.nimbusds.oauth2.sdk.auth.JWTAuthentication
applyTo, ensureClientAssertionType, getClientAssertion, getJWTAuthenticationClaimsSet, parseClientAssertion, parseClientID, toParameters

Methods inherited from class com.nimbusds.oauth2.sdk.auth.ClientAuthentication
getClientID, getMethod

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - PrivateKeyJWT
```
public PrivateKeyJWT(ClientID clientID,
                     java.net.URI tokenEndpoint,
                     com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                     java.security.interfaces.RSAPrivateKey rsaPrivateKey,
                     java.lang.String keyID,
                     java.security.Provider jcaProvider)
              throws com.nimbusds.jose.JOSEException
```
    Creates a new RSA private key JWT authentication. The expiration time (exp) is set to five minutes from the current system time. Generates a default identifier (jti) for the JWT. The issued-at (iat) and not-before (nbf) claims are not set.
    
    Parameters:
    
    clientID - The client identifier. Must not be null.
    
    tokenEndpoint - The token endpoint URI of the authorisation server. Must not be null.
    
    jwsAlgorithm - The expected RSA signature algorithm (RS256, RS384 or RS512) for the private key JWT assertion. Must be supported and not null.
    
    rsaPrivateKey - The RSA private key. Must not be null.
    
    keyID - Optional identifier for the RSA key, to aid key selection at the authorisation server. Recommended. null if not specified.
    
    jcaProvider - Optional specific JCA provider, null to use the default one.
    
    Throws:
    
    com.nimbusds.jose.JOSEException - If RSA signing failed.
  - PrivateKeyJWT
```
public PrivateKeyJWT(JWTAuthenticationClaimsSet jwtAuthClaimsSet,
                     com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                     java.security.interfaces.RSAPrivateKey rsaPrivateKey,
                     java.lang.String keyID,
                     java.security.Provider jcaProvider)
              throws com.nimbusds.jose.JOSEException
```
    Creates a new RSA private key JWT authentication.
    
    Parameters:
    
    jwtAuthClaimsSet - The JWT authentication claims set. Must not be null.
    
    jwsAlgorithm - The expected RSA signature algorithm (RS256, RS384 or RS512) for the private key JWT assertion. Must be supported and not null.
    
    rsaPrivateKey - The RSA private key. Must not be null.
    
    keyID - Optional identifier for the RSA key, to aid key selection at the authorisation server. Recommended. null if not specified.
    
    jcaProvider - Optional specific JCA provider, null to use the default one.
    
    Throws:
    
    com.nimbusds.jose.JOSEException - If RSA signing failed.
  - PrivateKeyJWT
```
public PrivateKeyJWT(ClientID clientID,
                     java.net.URI tokenEndpoint,
                     com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                     java.security.interfaces.ECPrivateKey ecPrivateKey,
                     java.lang.String keyID,
                     java.security.Provider jcaProvider)
              throws com.nimbusds.jose.JOSEException
```
    Creates a new EC private key JWT authentication. The expiration time (exp) is set to five minutes from the current system time. Generates a default identifier (jti) for the JWT. The issued-at (iat) and not-before (nbf) claims are not set.
    
    Parameters:
    
    clientID - The client identifier. Must not be null.
    
    tokenEndpoint - The token endpoint URI of the authorisation server. Must not be null.
    
    jwsAlgorithm - The expected EC signature algorithm (ES256, ES384 or ES512) for the private key JWT assertion. Must be supported and not null.
    
    ecPrivateKey - The EC private key. Must not be null.
    
    keyID - Optional identifier for the EC key, to aid key selection at the authorisation server. Recommended. null if not specified.
    
    jcaProvider - Optional specific JCA provider, null to use the default one.
    
    Throws:
    
    com.nimbusds.jose.JOSEException - If RSA signing failed.
  - PrivateKeyJWT
```
public PrivateKeyJWT(JWTAuthenticationClaimsSet jwtAuthClaimsSet,
                     com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                     java.security.interfaces.ECPrivateKey ecPrivateKey,
                     java.lang.String keyID,
                     java.security.Provider jcaProvider)
              throws com.nimbusds.jose.JOSEException
```
    Creates a new EC private key JWT authentication.
    
    Parameters:
    
    jwtAuthClaimsSet - The JWT authentication claims set. Must not be null.
    
    jwsAlgorithm - The expected ES signature algorithm (ES256, ES384 or ES512) for the private key JWT assertion. Must be supported and not null.
    
    ecPrivateKey - The EC private key. Must not be null.
    
    keyID - Optional identifier for the EC key, to aid key selection at the authorisation server. Recommended. null if not specified.
    
    jcaProvider - Optional specific JCA provider, null to use the default one.
    
    Throws:
    
    com.nimbusds.jose.JOSEException - If RSA signing failed.
  - PrivateKeyJWT
```
public PrivateKeyJWT(com.nimbusds.jwt.SignedJWT clientAssertion)
```
    Creates a new private key JWT authentication.
    
    Parameters:
    
    clientAssertion - The client assertion, corresponding to the client_assertion parameter, as a supported RSA or ECDSA-signed JWT. Must be signed and not null.
- Method Detail
  - supportedJWAs
```
public static java.util.Set<com.nimbusds.jose.JWSAlgorithm> supportedJWAs()
```
    Returns the supported signature JSON Web Algorithms (JWAs).
    
    Returns:
    
    The supported JSON Web Algorithms (JWAs).
  - parse
```
public static PrivateKeyJWT parse(java.util.Map<java.lang.String,java.lang.String> params)
                           throws ParseException
```
    Parses the specified parameters map for a private key JSON Web Token (JWT) authentication. Note that the parameters must not be application/x-www-form-urlencoded encoded.
    
    Parameters:
    
    params - The parameters map to parse. The private key JSON Web Token (JWT) parameters must be keyed under "client_assertion" and "client_assertion_type". The map must not be null.
    
    Returns:
    
    The private key JSON Web Token (JWT) authentication.
    
    Throws:
    
    ParseException - If the parameters map couldn't be parsed to a private key JSON Web Token (JWT) authentication.
  - parse
```
public static PrivateKeyJWT parse(java.lang.String paramsString)
                           throws ParseException
```
    Parses a private key JSON Web Token (JWT) authentication from the specified application/x-www-form-urlencoded encoded parameters string.
    
    Parameters:
    
    paramsString - The parameters string to parse. The private key JSON Web Token (JWT) parameters must be keyed under "client_assertion" and "client_assertion_type". The string must not be null.
    
    Returns:
    
    The private key JSON Web Token (JWT) authentication.
    
    Throws:
    
    ParseException - If the parameters string couldn't be parsed to a private key JSON Web Token (JWT) authentication.
  - parse
```
public static PrivateKeyJWT parse(HTTPRequest httpRequest)
                           throws ParseException
```
    Parses the specified HTTP POST request for a private key JSON Web Token (JWT) authentication.
    
    Parameters:
    
    httpRequest - The HTTP POST request to parse. Must not be null and must contain a valid application/x-www-form-urlencoded encoded parameters string in the entity body. The private key JSON Web Token (JWT) parameters must be keyed under "client_assertion" and "client_assertion_type".
    
    Returns:
    
    The private key JSON Web Token (JWT) authentication.
    
    Throws:
    
    ParseException - If the HTTP request header couldn't be parsed to a private key JSON Web Token (JWT) authentication.

Class PrivateKeyJWT

Field Summary

Fields inherited from class com.nimbusds.oauth2.sdk.auth.JWTAuthentication

Constructor Summary

Method Summary

Methods inherited from class com.nimbusds.oauth2.sdk.auth.JWTAuthentication

Methods inherited from class com.nimbusds.oauth2.sdk.auth.ClientAuthentication

Methods inherited from class java.lang.Object

Constructor Detail

PrivateKeyJWT

PrivateKeyJWT

PrivateKeyJWT

PrivateKeyJWT

PrivateKeyJWT

Method Detail

supportedJWAs

parse

parse

parse