better api support for cnf claim access
Issue #47
new
the cnf claim is going RFC http://www.ietf.org/mail-archive/web/oauth/current/msg15325.html and while you can work with it using jose4j now, it'd be nice to have some more straightforward stuff on JwtClaims.
Related email snippet about 'serialize an RsaJsonWebKey into a JWT as a "cnf" claim' for reference/reminder:
The *trick* is to convert the JWK into a Map before you set it on the JwtClaims, which can be done easily with the toParams(OutputControlLevel outputLevel) method on JsonWebKey.
So to get the example that you had there to work as straight up JSON rather than an escaped string, you'd do something like this:
RsaJsonWebKey cnfKey ...
claims.setClaim("cnf", cnfKey.toParams(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
Note however that https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-05#section-3.2 actually has an additional layer of nesting for the key in the cnf claim. You can get it to serialize like that by wrapping it in another map like this:
Map<String,Object> cnfJwkParams = cnfKey.toParams(JsonWebKey.OutputControlLevel.PUBLIC_ONLY);
claims.setClaim("cnf", Collections.singletonMap("jwk", cnfJwkParams));
Hope that helps.
Comments (1)
-
reporter
- Log in to comment
and it is now RFC 7800