oidc-provider.token
Token generation and validation using Nimbus OAuth SDK.
generate-access-token
(generate-access-token)Generates a bearer access token.
Returns: String token value
generate-authorization-code
(generate-authorization-code)Generates an authorization code.
Returns: String code value
generate-id-token
(generate-id-token {:keys [issuer signing-key id-token-ttl-seconds], :as config} user-id client-id claims {:keys [nonce auth-time]})Generates a signed OIDC ID token.
Args: provider-config: Provider configuration map matching ProviderConfig schema user-id: User identifier (becomes ‘sub’ claim) client-id: OAuth2 client identifier (becomes ‘aud’ claim) claims: Additional claims map to include in the token opts: Optional parameters - :nonce - Nonce value for replay protection - :auth-time - Authentication timestamp
Returns: Signed JWT string
generate-refresh-token
(generate-refresh-token)Generates a refresh token.
Returns: String token value
generate-rsa-key
(generate-rsa-key)(generate-rsa-key key-size)Generates an RSA key pair for signing tokens.
Args: key-size: Key size in bits (default 2048)
Returns: RSAKey instance
jwks
(jwks {:keys [signing-key], :as config})Returns JWKS (JSON Web Key Set) for token validation.
Args: provider-config: Provider configuration map
Returns: Map with :keys vector containing public key in JWK format
ProviderConfig
Malli schema for OIDC provider configuration.
validate-id-token
(validate-id-token {:keys [issuer signing-key], :as config} token expected-client-id)Validates an ID token signature and claims.
Args: provider-config: Provider configuration map token: ID token string expected-client-id: Expected audience (client-id)
Returns: Validated claims map
Throws: ex-info on validation failure