Module io.helidon.security.jwt
Package io.helidon.security.jwt

Class Jwt.Builder

java.lang.Object
io.helidon.security.jwt.Jwt.Builder
All Implemented Interfaces:
Builder<Jwt.Builder,Jwt>, Supplier<Jwt>
Enclosing class:
Jwt
public static final class Jwt.Builder extends Object implements Builder<Jwt.Builder,Jwt>
Builder of a Jwt.

  • Method Details

    • keyId

      public Jwt.Builder keyId(String keyId)
      Key id to be used to sign/verify this JWT.
      Parameters:
      keyId - key id (pointing to a JWK)
      Returns:
      updated builder instance

    • type

      public Jwt.Builder type(String type)
      Type of this JWT.
      Parameters:
      type - type definition (JWT, JWE)
      Returns:
      updated builder instance

    • scopes

      public Jwt.Builder scopes(List<String> scopes)
      OAuth2 scope claims to set.
      Parameters:
      scopes - scope claims to add to a JWT
      Returns:
      update builder instance

    • addScope

      public Jwt.Builder addScope(String scope)
      OAuth2 scope claim to add.
      Parameters:
      scope - scope claim to add to a JWT
      Returns:
      updated builder instance

    • addUserGroup

      public Jwt.Builder addUserGroup(String group)
      A user group claim to add. Based on Microprofile JWT Auth specification, uses claim "groups".
      Parameters:
      group - group name to add to the list of groups
      Returns:
      updated builder instance

    • contentType

      public Jwt.Builder contentType(String contentType)
      This header claim should only be used when nesting or encrypting JWT. See RFC 7519, section 5.2.
      Parameters:
      contentType - content type to use, use "JWT" if nested
      Returns:
      updated builder instance

    • addHeaderClaim

      public Jwt.Builder addHeaderClaim(String claim, Object value)
      Add a generic header claim.
      Parameters:
      claim - claim to add
      value - value of the header claim
      Returns:
      updated builder instance

    • addPayloadClaim

      public Jwt.Builder addPayloadClaim(String claim, Object value)
      Add a generic payload claim.
      Parameters:
      claim - claim to add
      value - value of the payload claim
      Returns:
      updated builder instance

    • algorithm

      public Jwt.Builder algorithm(String algorithm)
      The "alg" claim is used to define the signature algorithm. Note that this algorithm should be the same as is supported by the JWK used to sign (or verify) the JWT.
      Parameters:
      algorithm - algorithm to use, Jwk.ALG_NONE for none
      Returns:
      updated builder instance

    • issuer

      public Jwt.Builder issuer(String issuer)
      The issuer claim identifies the principal that issued the JWT. See RFC 7519, section 4.1.1.
      Parameters:
      issuer - issuer name or URL
      Returns:
      updated builder instance

    • expirationTime

      public Jwt.Builder expirationTime(Instant expirationTime)
      The expiration time defines the time that this JWT loses validity. See RFC 7519, section 4.1.4.
      Parameters:
      expirationTime - when this JWT expires
      Returns:
      updated builder instance

    • issueTime

      public Jwt.Builder issueTime(Instant issueTime)
      The issue time defines the time that this JWT was issued. See RFC 7519, section 4.1.6.
      Parameters:
      issueTime - when this JWT was created
      Returns:
      updated builder instance

    • notBefore

      public Jwt.Builder notBefore(Instant notBefore)
      The not before time defines the time that this JWT starts being valid. See RFC 7519, section 4.1.5.
      Parameters:
      notBefore - JWT is not valid before this time
      Returns:
      updated builder instance

    • subject

      public Jwt.Builder subject(String subject)
      Subject defines the principal this JWT was issued for (e.g. user id). See RFC 7519, section 4.1.2.
      Parameters:
      subject - subject of this JWt
      Returns:
      updated builder instance

    • userPrincipal

      public Jwt.Builder userPrincipal(String principal)
      User principal claim as defined by Microprofile JWT Auth spec. Uses "upn" claim.
      Parameters:
      principal - name of the principal, falls back to preferredUsername(String) and then to subject(String)
      Returns:
      updated builder instance

    • addAudience

      public Jwt.Builder addAudience(String audience)
      Audience identifies the expected recipients of this JWT (optional). Multiple audience may be added See RFC 7519, section 4.1.3.
      Parameters:
      audience - audience of this JWT
      Returns:
      updated builder instance

    • audience

      public Jwt.Builder audience(List<String> audience)
      Audience identifies the expected recipients of this JWT (optional). Replaces existing configured audiences. This configures audience in header claims, usually this is defined in payload. See RFC 7519, section 4.1.3.
      Parameters:
      audience - audience of this JWT
      Returns:
      updated builder instance

    • jwtId

      public Jwt.Builder jwtId(String jwtId)
      A unique identifier of this JWT (optional) - must be unique across issuers. See RFC 7519, section 4.1.7.
      Parameters:
      jwtId - unique identifier
      Returns:
      updated builder instance

    • email

      public Jwt.Builder email(String email)
      Email claim.
      Parameters:
      email - email claim for this JWT's subject
      Returns:
      updated builder instance

    • emailVerified

      public Jwt.Builder emailVerified(Boolean emailVerified)
      Claim defining whether e-mail is verified or not.
      Parameters:
      emailVerified - true if verified
      Returns:
      updated builder instance

    • fullName

      public Jwt.Builder fullName(String fullName)
      Full name of subject.
      Parameters:
      fullName - full name of the subject
      Returns:
      updated builder instance

    • givenName

      public Jwt.Builder givenName(String givenName)
      Given name of subject (first name).
      Parameters:
      givenName - given name of the subject
      Returns:
      updated builder instance

    • middleName

      public Jwt.Builder middleName(String middleName)
      Middle name of subject.
      Parameters:
      middleName - middle name of the subject
      Returns:
      updated builder instance

    • familyName

      public Jwt.Builder familyName(String familyName)
      Family name of subject (surname).
      Parameters:
      familyName - family name of the subject
      Returns:
      updated builder instance

    • locale

      public Jwt.Builder locale(Locale locale)
      Locale of the subject.
      Parameters:
      locale - locale to use
      Returns:
      updated builder instance

    • nickname

      public Jwt.Builder nickname(String nickname)
      Nickname of the subject.
      Parameters:
      nickname - nickname
      Returns:
      updated builder instance

    • preferredUsername

      public Jwt.Builder preferredUsername(String preferredUsername)
      Preferred username of the subject.
      Parameters:
      preferredUsername - username to view
      Returns:
      updated builder instance

    • profile

      public Jwt.Builder profile(URI profile)
      Profile URI of the subject.
      Parameters:
      profile - link to profile of subject
      Returns:
      updated builder instance

    • picture

      public Jwt.Builder picture(URI picture)
      Profile picture URI of the subject.
      Parameters:
      picture - link to picture of subject
      Returns:
      updated builder instance

    • website

      public Jwt.Builder website(URI website)
      Website URI of the subject.
      Parameters:
      website - link to website of subject
      Returns:
      updated builder instance

    • gender

      public Jwt.Builder gender(String gender)
      Gender of the subject. As this is an extension (e.g. a custom claim) used by some of the issuers, the content may be arbitrary, though base values are male and female.
      Parameters:
      gender - gender to use
      Returns:
      updated builder instance

    • birthday

      public Jwt.Builder birthday(LocalDate birthday)
      Birthday of the subject.
      Parameters:
      birthday - birthday
      Returns:
      updated builder instance

    • timeZone

      public Jwt.Builder timeZone(ZoneId timeZone)
      Time zone of the subject.
      Parameters:
      timeZone - time zone
      Returns:
      updated builder instance

    • phoneNumber

      public Jwt.Builder phoneNumber(String phoneNumber)
      Phone number of the subject.
      Parameters:
      phoneNumber - phone number
      Returns:
      updated builder instance

    • phoneNumberVerified

      public Jwt.Builder phoneNumberVerified(Boolean phoneNumberVerified)
      Whether the phone number is verified or not.
      Parameters:
      phoneNumberVerified - true if number is verified
      Returns:
      updated builder instance

    • updatedAt

      public Jwt.Builder updatedAt(Instant updatedAt)
      Last time the subject's record was updated.
      Parameters:
      updatedAt - instant of update
      Returns:
      updated builder instance

    • address

      public Jwt.Builder address(JwtUtil.Address address)
      Address of the subject.
      Parameters:
      address - address to use
      Returns:
      updated builder instance

    • atHash

      public Jwt.Builder atHash(byte[] atHash)
      Access Token hash value. Its value is the bytes of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and set them here. If the ID Token is issued from the Authorization Endpoint with an access_token value, which is the case for the response_type value code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL. See OIDC 1.0 section 3.1.3.6.
      Parameters:
      atHash - hash to use (explicit). If not defined, it will be computed if needed.
      Returns:
      updated builder instance

    • cHash

      public Jwt.Builder cHash(byte[] cHash)
      Code hash value. Its value is the bytes of the left-most half of the hash of the octets of the ASCII representation of the code value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is HS512, hash the code value with SHA-512, then take the left-most 256 bits. If the ID Token is issued from the Authorization Endpoint with a code, which is the case for the response_type values code id_token and code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL.
      Parameters:
      cHash - hash bytes (explicit). If not defined, it will be computed if needed.
      Returns:
      updated builder instance

    • nonce

      public Jwt.Builder nonce(String nonce)
      Nonce value is used to prevent replay attacks and must be returned if it was sent in authentication request.
      Parameters:
      nonce - nonce value
      Returns:
      updated builder instance

    • headerBuilder

      public Jwt.Builder headerBuilder(Consumer<JwtHeaders.Builder> consumer)
      Allows configuration of JWT headers directly over the JwtHeaders.Builder.
      Parameters:
      consumer - header builder consumer
      Returns:
      updated builder instance

    • build

      public Jwt build()
      Build and instance of the Jwt.
      Specified by:
      build in interface Builder<Jwt.Builder,Jwt>
      Returns:
      a new token instance

    • removePayloadClaim

      public Jwt.Builder removePayloadClaim(String name)
      Remove a payload claim by its name.
      Parameters:
      name - name of the claim to remove
      Returns:
      updated builder instance