I am using nimbus jost+jwt version 8.19 in a normal java project (not using spring). I have some claims such as iss, aud and sub and want to validate them. (I want iss, aud and sub to be a specific value). I want the parser to throw an exception when the claims dont match. The example provided here worked fine in earlier versions , But it seems like it was changed in later versions.
Earlier (version 8.3) I used to validate using the following code
JWKSet jwkSet = new JWKSet(utils.rsakey);
JWKSource<SecurityContext> jwkSource = new ImmutableJWKSet<>(jwkSet);
ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
jwtProcessor.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("jwt")));
JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
JWTClaimsSet validClaims= new JWTClaimsSet.Builder()
.issuer(InetAddress.getLocalHost().getHostName()
.subject("matchvalue")
.audience("matchvalue")
.build();
JWSKeySelector<SecurityContext> keySelector =
new JWSVerificationKeySelector<>(expectedJWSAlg, jwkSource);
jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(
//exact match claims
validClaims,
//Required claims
new HashSet<>(Arrays.asList("exp", "sub","iss"))));
jwtProcessor.setJWSKeySelector(keySelector);
// Process the token
SecurityContext ctx = null; // optional context parameter, not required here
JWTClaimsSet tokenClaims= jwtProcessor.process(token, ctx);
but now (version 8.19) the DefaultJWTClaimsVerifier does not seem to be accepting exact match claims and Required claims parameters. Is there any way to implement the exact match and required claims?
All of my imports for refrence
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.ws.rs.FormParam;
import javax.ws.rs.core.Response;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;