java.lang.Object
io.helidon.security.jwt.Jwt
JWT token.
 
Representation of a JSON web token (a generic one).
- 
Nested Class SummaryNested ClassesModifier and TypeClassDescriptionstatic final classBuilder of aJwt.static final classValidator of expiration claim.static final classValidator of a string field obtained from a JWT.static final classValidator of issue time claim.static final classValidator of not before claim.
- 
Method SummaryModifier and TypeMethodDescriptionstatic voidaddAudienceValidator(Collection<Validator<Jwt>> validators, String audience, boolean mandatory) Add validator of audience to the collection of validators.static voidaddAudienceValidator(Collection<Validator<Jwt>> validators, Set<String> audience, boolean mandatory) Add validator of audience to the collection of validators.static voidaddIssuerValidator(Collection<Validator<Jwt>> validators, String issuer, boolean mandatory) Add validator of issuer to the collection of validators.static voidaddMaxTokenAgeValidator(Collection<Validator<Jwt>> validators, Duration expectedMaxTokenAge, Duration clockSkew, boolean iatRequired) Add validator of max token age to the collection of validators.address()Address claim.static voidaddUserPrincipalValidator(Collection<Validator<Jwt>> validators) Adds a validator that makes sure theuserPrincipal()is present.Algorithm claim.Optional<byte[]> atHash()AtHash claim.audience()Audience claim.birthday()Birthday claim.static Jwt.Builderbuilder()Get a builder to create a JWT.Optional<byte[]> cHash()CHash claim.Content type claim.Return a list of validators to validate expiration time, issue time and not-before time.defaultTimeValidators(Instant now, int timeSkewAmount, ChronoUnit timeSkewUnit, boolean mandatory) Return a list of validators to validate expiration time, issue time and not-before time.email()Email claim.Email verified claim.Expiration time claim.Family name claim.fullName()Full name claim.gender()Gender claim.Given name claim.headerClaim(String claim) Get a claim by its name from header.Create a JSON header object.headers()Headers.issuer()Issuer claim.Issue time claim.jwtId()Jwt id claim.keyId()Key id claim.locale()Locale claim.Middle name claim.nickname()Nickname claim.nonce()Nonce claim.Not before claim.payloadClaim(String claim) Get a claim by its name from payload.All payload claims in raw json form.Create a JSON payload object.Phone number claim.Phone number verified claim.picture()Picture URI claim.Preferred username claim.profile()Profile URI claim.scopes()Scopes of this token.subject()Subject claim.timeZone()Time Zone claim.type()Type claim.Updated at claim.User groups claim ("groups" from microprofile specification).User principal claim ("upn" from microprofile specification).Validates all default values.Validates all default values.Validates all default values.Validates all default values.Validate this JWT against provided validators.website()Website URI claim.
- 
Method Details- 
defaultTimeValidatorsReturn a list of validators to validate expiration time, issue time and not-before time. By default the time skew allowed is 5 seconds and all fields are optional.- Returns:
- list of validators
 
- 
defaultTimeValidatorspublic static List<Validator<Jwt>> defaultTimeValidators(Instant now, int timeSkewAmount, ChronoUnit timeSkewUnit, boolean mandatory) Return a list of validators to validate expiration time, issue time and not-before time.- Parameters:
- now- Time that acts as the "now" instant (this allows us to validate if a token was valid at an instant in the past
- timeSkewAmount- time skew allowed when validating (amount - such as 5)
- timeSkewUnit- time skew allowed when validating (unit - such as- ChronoUnit.SECONDS)
- mandatory- whether the field is mandatory. True for mandatory, false for optional (for all default time validators)
- Returns:
- list of validators
 
- 
addIssuerValidatorpublic static void addIssuerValidator(Collection<Validator<Jwt>> validators, String issuer, boolean mandatory) Add validator of issuer to the collection of validators.- Parameters:
- validators- collection of validators
- issuer- issuer expected to be in the token
- mandatory- whether issuer field is mandatory in the token (true - mandatory, false - optional)
 
- 
addAudienceValidatorpublic static void addAudienceValidator(Collection<Validator<Jwt>> validators, String audience, boolean mandatory) Add validator of audience to the collection of validators.- Parameters:
- validators- collection of validators
- audience- audience expected to be in the token, never null
- mandatory- whether the audience field is mandatory in the token
 
- 
addAudienceValidatorpublic static void addAudienceValidator(Collection<Validator<Jwt>> validators, Set<String> audience, boolean mandatory) Add validator of audience to the collection of validators.- Parameters:
- validators- collection of validators
- audience- audience expected to be in the token
- mandatory- whether the audience field is mandatory in the token
 
- 
addMaxTokenAgeValidatorpublic static void addMaxTokenAgeValidator(Collection<Validator<Jwt>> validators, Duration expectedMaxTokenAge, Duration clockSkew, boolean iatRequired) Add validator of max token age to the collection of validators.- Parameters:
- validators- collection of validators
- expectedMaxTokenAge- max token age since issue time
- clockSkew- clock skew
- iatRequired- whether to fail if iat clam is present
 
- 
builderGet a builder to create a JWT.- Returns:
- new builder
 
- 
scopesScopes of this token.- Returns:
- list of scopes or empty if claim is not defined
 
- 
headerClaimGet a claim by its name from header.- Parameters:
- claim- name of a claim
- Returns:
- claim value if present
 
- 
payloadClaimGet a claim by its name from payload.- Parameters:
- claim- name of a claim
- Returns:
- claim value if present
 
- 
headersHeaders.- Returns:
- JWT headers information
 
- 
payloadClaimsAll payload claims in raw json form.- Returns:
- map of payload names to claims
 
- 
algorithmAlgorithm claim.- Returns:
- algorithm or empty if claim is not defined
 
- 
keyIdKey id claim.- Returns:
- key id or empty if claim is not defined
 
- 
typeType claim.- Returns:
- type or empty if claim is not defined
 
- 
contentTypeContent type claim.- Returns:
- content type or empty if claim is not defined
 
- 
issuerIssuer claim.- Returns:
- Issuer or empty if claim is not defined
 
- 
expirationTimeExpiration time claim.- Returns:
- expiration time or empty if claim is not defined
 
- 
issueTimeIssue time claim.- Returns:
- issue time or empty if claim is not defined
 
- 
notBeforeNot before claim.- Returns:
- not before or empty if claim is not defined
 
- 
subjectSubject claim.- Returns:
- subject or empty if claim is not defined
 
- 
userPrincipalUser principal claim ("upn" from microprofile specification).- Returns:
- user principal or empty if claim is not defined
 
- 
userGroupsUser groups claim ("groups" from microprofile specification).- Returns:
- groups or empty if claim is not defined
 
- 
audienceAudience claim.- Returns:
- audience or empty if claim is not defined
 
- 
jwtIdJwt id claim.- Returns:
- jwt id or empty if claim is not defined
 
- 
emailEmail claim.- Returns:
- email or empty if claim is not defined
 
- 
emailVerifiedEmail verified claim.- Returns:
- email verified or empty if claim is not defined
 
- 
fullNameFull name claim.- Returns:
- full name or empty if claim is not defined
 
- 
givenNameGiven name claim.- Returns:
- given name or empty if claim is not defined
 
- 
middleNameMiddle name claim.- Returns:
- middle name or empty if claim is not defined
 
- 
familyNameFamily name claim.- Returns:
- family name or empty if claim is not defined
 
- 
localeLocale claim.- Returns:
- locale or empty if claim is not defined
 
- 
nicknameNickname claim.- Returns:
- nickname or empty if claim is not defined
 
- 
preferredUsernamePreferred username claim.- Returns:
- preferred username or empty if claim is not defined
 
- 
profileProfile URI claim.- Returns:
- profile URI or empty if claim is not defined
 
- 
picturePicture URI claim.- Returns:
- picture URI or empty if claim is not defined
 
- 
websiteWebsite URI claim.- Returns:
- website URI or empty if claim is not defined
 
- 
genderGender claim.- Returns:
- gender or empty if claim is not defined
 
- 
birthdayBirthday claim.- Returns:
- birthday or empty if claim is not defined
 
- 
timeZoneTime Zone claim.- Returns:
- time zone or empty if claim is not defined
 
- 
phoneNumberPhone number claim.- Returns:
- phone number or empty if claim is not defined
 
- 
phoneNumberVerifiedPhone number verified claim.- Returns:
- phone number verified or empty if claim is not defined
 
- 
updatedAtUpdated at claim.- Returns:
- updated at or empty if claim is not defined
 
- 
addressAddress claim.- Returns:
- address or empty if claim is not defined
 
- 
atHashAtHash claim.- Returns:
- atHash or empty if claim is not defined
 
- 
cHashCHash claim.- Returns:
- cHash or empty if claim is not defined
 
- 
nonceNonce claim.- Returns:
- nonce or empty if claim is not defined
 
- 
headerJsonCreate a JSON header object.- Returns:
- JsonObject for header
 
- 
payloadJsonCreate a JSON payload object.- Returns:
- JsonObject for payload
 
- 
validateValidate this JWT against provided validators.- Parameters:
- validators- Validators to validate with. Obtain them through (e.g.)- defaultTimeValidators(),- addAudienceValidator(Collection, String, boolean),- addIssuerValidator(Collection, String, boolean)
- Returns:
- errors instance to check if valid and access error messages
 
- 
validateValidates all default values. Values validated:- Expiration timeif defined
- Issue timeif defined
- Not before timeif defined
- issuer()Issuer} if defined
- Audienceif defined
 - Parameters:
- issuer- validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory
- audience- validates that this JWT was issued for this audience. Setting this to non-null value will make audience claim mandatory
- Returns:
- errors instance to check for validation result
 
- 
validateValidates all default values. Values validated:validate(String, Set, boolean)- Parameters:
- issuer- validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory
- audience- validates that this JWT was issued for this audience. Setting this to non-null value will make audience claim mandatory
- checkAudience- whether audience claim validation should be executed
- Returns:
- errors instance to check for validation result
 
- 
validateValidates all default values. Values validated:- Expiration timeif defined
- Issue timeif defined
- Not before timeif defined
- issuer()Issuer} if defined
- Audienceif defined
 - Parameters:
- issuer- validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory
- audience- validates that this JWT was issued for this audience. Setting this to non-null value and with any non-null value in the Set will make audience claim mandatory
- checkAudience- whether audience claim validation should be executed
- Returns:
- errors instance to check for validation result
 
- 
validateValidates all default values. Audience claim check is not mandatory. Values validated:validate(String, Set, boolean)- Parameters:
- issuer- validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory
- audience- validates that this JWT was issued for this audience. Setting this to non-null value and with any non-null value in the Set will make audience claim mandatory
- Returns:
- errors instance to check for validation result
 
- 
addUserPrincipalValidatorAdds a validator that makes sure theuserPrincipal()is present.- Parameters:
- validators- validator collection to update
 
 
-