1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.syncope.core.spring.security; 20 21 import com.nimbusds.jose.JWSVerifier; 22 import com.nimbusds.jwt.JWTClaimsSet; 23 import java.util.Set; 24 import org.apache.commons.lang3.tuple.Pair; 25 import org.apache.syncope.core.persistence.api.entity.user.User; 26 27 /** 28 * Enables a generic mechanism for JWT validation and subject resolution which allows to plug in implementations 29 * recognizing JWT produced by third parties. 30 */ 31 public interface JWTSSOProvider extends JWSVerifier { 32 33 /** 34 * Gives the identifier for the JWT issuer verified by this instance. 35 * 36 * @return identifier for the JWT issuer verified by this instance 37 */ 38 String getIssuer(); 39 40 /** 41 * Attempts to resolve the given JWT claims into internal {@link User} and authorities. 42 * <strong>IMPORTANT</strong>: this is not invoked for the {@code admin} super-user. 43 * 44 * @param jwtClaims JWT claims 45 * @return internal User, with authorities, matching the provided JWT claims, if found; otherwise null 46 */ 47 Pair<User, Set<SyncopeGrantedAuthority>> resolve(JWTClaimsSet jwtClaims); 48 }