Token generation and validation using Nimbus OAuth SDK.
Token generation and validation using Nimbus OAuth SDK.
(generate-access-token)Generates a bearer access token.
Returns: String token value
Generates a bearer access token. Returns: String token value
(generate-authorization-code)Generates a cryptographically random authorization code using the Nimbus SDK
AuthorizationCode class, which produces a 256-bit SecureRandom base64url value.
Generates a cryptographically random authorization code using the Nimbus SDK `AuthorizationCode` class, which produces a 256-bit `SecureRandom` base64url value.
(generate-id-token {:keys [issuer key-set active-signing-key-id
id-token-ttl-seconds clock]
:as config}
user-id
client-id
claims
{:keys [nonce auth-time]})Generates a signed OIDC ID token.
Args: provider-config: Provider configuration map matching ProviderConfig schema user-id: User identifier (becomes 'sub' claim) client-id: OAuth2 client identifier (becomes 'aud' claim) claims: Additional claims map to include in the token opts: Optional parameters - :nonce - Nonce value for replay protection - :auth-time - Authentication timestamp
Returns: Signed JWT string
Generates a signed OIDC ID token.
Args:
provider-config: Provider configuration map matching ProviderConfig schema
user-id: User identifier (becomes 'sub' claim)
client-id: OAuth2 client identifier (becomes 'aud' claim)
claims: Additional claims map to include in the token
opts: Optional parameters
- :nonce - Nonce value for replay protection
- :auth-time - Authentication timestamp
Returns:
Signed JWT string(generate-refresh-token)Generates a cryptographically random refresh token using the Nimbus SDK
RefreshToken class, which produces a 256-bit SecureRandom base64url value.
Generates a cryptographically random refresh token using the Nimbus SDK `RefreshToken` class, which produces a 256-bit `SecureRandom` base64url value.
(generate-rsa-key)(generate-rsa-key key-size)Generates an RSA key pair for signing tokens.
Args: key-size: Key size in bits (default 2048)
Returns: RSAKey instance
Generates an RSA key pair for signing tokens. Args: key-size: Key size in bits (default 2048) Returns: RSAKey instance
(jwks {:keys [key-set] :as config})Returns JWKS (JSON Web Key Set) for token validation.
Args: provider-config: Provider configuration map
Returns: Map with :keys vector containing public key in JWK format
Returns JWKS (JSON Web Key Set) for token validation. Args: provider-config: Provider configuration map Returns: Map with :keys vector containing public key in JWK format
(normalize-to-jwk-set key-or-set)Normalizes a key input to a JWKSet. If the input is already a JWKSet, it
passes through unchanged. If it is a single RSAKey, it wraps it in a
one-element JWKSet.
Normalizes a key input to a `JWKSet`. If the input is already a `JWKSet`, it passes through unchanged. If it is a single `RSAKey`, it wraps it in a one-element `JWKSet`.
Malli schema for OIDC provider configuration.
Malli schema for OIDC provider configuration.
(validate-id-token {:keys [issuer key-set] :as config} token expected-client-id)Validates an ID token signature and claims.
Args: provider-config: Provider configuration map token: ID token string expected-client-id: Expected audience (client-id)
Returns: Validated claims map
Throws: ex-info on validation failure
Validates an ID token signature and claims. Args: provider-config: Provider configuration map token: ID token string expected-client-id: Expected audience (client-id) Returns: Validated claims map Throws: ex-info on validation failure
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |