JWTBearerTokenExchange Class

Contains methods that POST the signed JWT bearer token to a token endpoint to request an access token, in the OAuth 2.0 JWT bearer token flow.

Namespace

Auth

Usage

Use the methods in this class to post a signed JWT bearer token to the OAuth token endpoint, in exchange for an access token.

Example

In the following example application, the Apex controller:
  1. Creates the JSON Claims Set.
  2. Specifies the scope of the request with additional claims.
  3. Creates the signed JWT.
  4. Specifies the token endpoint and POSTs to it.
  5. Gets the access token from the HTTP response.
public class MyController{
 
    
     public MyController() {      
        Auth.JWT jwt = new Auth.JWT();
        jwt.setSub('user@salesforce.com'); 
        jwt.setAud('https://login.salesforce.com'); 
        jwt.setIss('3MVG99OxTyEMCQ3gNp2PjkqeZKxnmAiG1xV4oHh9AKL_rSK.BoSVPGZHQ​ukXnVjzRgSuQqGn75NL7yfkQcyy7');
        
        //Additional claims to set scope
        Map<String, Object> claims = new Map<String, Object>();
        claims.put('scope', 'scope name');
            
        jwt.setAdditionalClaims(claims);

        //Create the object that signs the JWT bearer token
        Auth.JWS jws = new Auth.JWS(jwt, 'CertFromCertKeyManagement');
        
        //Get the resulting JWS in case debugging is required
        String token = jws.getCompactSerialization();
        
        //Set the token endpoint that the JWT bearer token is posted to
        String tokenEndpoint = 'https://login.salesforce.com/services/oauth2/token';
        
        //POST the JWT bearer token
        Auth.JWTBearerTokenExchange bearer = new Auth.JWTBearerTokenExchange(tokenEndpoint, jws);
        
        //Get the access token
        String accessToken = bearer.getAccessToken();

    }
}

JWTBearerTokenExchange Constructors

The following are constructors for JWTBearerTokenExchange.

JWTBearerTokenExchange(tokenEndpoint, jws)

Creates an instance of the JWTBearerTokenExchange class using the specified token endpoint and the signed JWT bearer token.

Signature

public JWTBearerTokenExchange(String tokenEndpoint, Auth.JWS jws)

Parameters

tokenEndpoint
Type: String
The token endpoint that the signed JWT bearer token is POSTed to.
jws
Type: Auth.JWS
The signed JWT bearer token.

JWTBearerTokenExchange()

Creates an instance of the Auth.JWTBearerTokenExchange class.

Signature

public JWTBearerTokenExchange()

JWTBearerTokenExchange Methods

The following are methods for JWTBearerTokenExchange. All are instance methods.

clone()

Makes a duplicate copy of the JWTBearerTokenExchange object.

Signature

public Object clone()

Return Value

Type: JWTBearerTokenExchange

getAccessToken()

Returns the access_token in the token response to the JWT bearer token request.

Signature

public String getAccessToken()

Return Value

Type: String

Usage

This method extracts the access_token from the token response. If the token response issues the access token in a different parameter, the request fails.

If you want the full HTTP token response returned, use getHttpResponse instead.

getGrantType()

Returns the grant type specified in the JWT bearer token request. The grant type value defaults to urn:ietf:params:oauth:grant-type:jwt-bearer.

Signature

public String getGrantType()

Return Value

Type: String

getHttpResponse()

Returns the full System.HttpResponse token response to the JWT bearer token request.

Signature

public System.HttpResponse getHttpResponse()

Return Value

Type: System.HttpResponse

Usage

You can get the access token from the full System.HttpResponse. If you want only the access_token from the token response, you can use getAccessToken instead.

getJWS()

Returns the JWS specified in the JWT bearer token request.

Signature

public Auth.JWS getJWS()

Return Value

Type: Auth.JWS

getTokenEndpoint()

Returns the token endpoint that the JWT bearer token request is POSTed to.

Signature

public String getTokenEndpoint()

Return Value

Type: String

setGrantType(grantType)

Sets the grant type in the JWT bearer token request. Returned by the getGrantType() method.

Signature

public void setGrantType(String grantType)

Parameters

grantType
Type: String

Return Value

Type: void

setJWS(jws)

Sets the JWS in the JWT bearer token request. Returned by the getJWS() method.

Signature

public void setJWS(Auth.JWS jws)

Parameters

jws
Type: Auth.JWS

Return Value

Type: void

setTokenEndpoint(tokenEndpoint)

Sets the token endpoint that the JWT bearer token request is POSTed to. Returned by the getTokenEndpoint() method.

Signature

public void setTokenEndpoint(String tokenEndpoint)

Parameters

tokenEndpoint
Type: String

Return Value

Type: void