Package net.shibboleth.idp.plugin.oidc.op.profile.logic

Class DefaultTokenRevocationLifetimeLookupStrategy

  • All Implemented Interfaces:
    Function<com.nimbusds.jwt.JWTClaimsSet,​Duration>
    public class DefaultTokenRevocationLifetimeLookupStrategy
extends Object
implements Function<com.nimbusds.jwt.JWTClaimsSet,​Duration>
    Default lookup function for fetching the token revocation lifetime from the given claims set. If an expiration time is found from the claims set, a difference between now and it is first calculated and then the configurable clock skew value and additional 5 minutes are added to the value. The result is returned.

    If the expiration time is in the past with clock skew considered, a Duration.ZERO is returned.

    If no expiration time is found, null is returned.

    • Field Detail

      • log

        @Nonnull
private final org.slf4j.Logger log
        Class logger.

      • clockSkew

        @Nonnull
private Duration clockSkew
        Positive clock skew adjustment to consider when calculating revocation lifetime.

    • Constructor Detail

      • DefaultTokenRevocationLifetimeLookupStrategy

        public DefaultTokenRevocationLifetimeLookupStrategy()
        Constructor.

    • Method Detail

      • setClockSkew

        public void setClockSkew​(@Nonnull
                         Duration skew)
        Set the clock skew.
        Parameters:
        skew - clock skew to set

      • apply

        @Nullable
public Duration apply​(@Nullable
                      com.nimbusds.jwt.JWTClaimsSet claimsSet)
        Specified by:
        apply in interface Function<com.nimbusds.jwt.JWTClaimsSet,​Duration>