1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19 package org.apache.syncope.core.spring.security;
20
21 import com.nimbusds.jose.JWSVerifier;
22 import com.nimbusds.jwt.JWTClaimsSet;
23 import java.util.Set;
24 import org.apache.commons.lang3.tuple.Pair;
25 import org.apache.syncope.core.persistence.api.entity.user.User;
26
27 /**
28 * Enables a generic mechanism for JWT validation and subject resolution which allows to plug in implementations
29 * recognizing JWT produced by third parties.
30 */
31 public interface JWTSSOProvider extends JWSVerifier {
32
33 /**
34 * Gives the identifier for the JWT issuer verified by this instance.
35 *
36 * @return identifier for the JWT issuer verified by this instance
37 */
38 String getIssuer();
39
40 /**
41 * Attempts to resolve the given JWT claims into internal {@link User} and authorities.
42 * <strong>IMPORTANT</strong>: this is not invoked for the {@code admin} super-user.
43 *
44 * @param jwtClaims JWT claims
45 * @return internal User, with authorities, matching the provided JWT claims, if found; otherwise null
46 */
47 Pair<User, Set<SyncopeGrantedAuthority>> resolve(JWTClaimsSet jwtClaims);
48 }