Package io.helidon.security.jwt
Class Jwt.Builder
- java.lang.Object
-
- io.helidon.security.jwt.Jwt.Builder
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Jwt.Builder
addHeaderClaim(String claim, Object value)
Add a generic header claim.Jwt.Builder
addPayloadClaim(String claim, Object value)
Add a generic payload claim.Jwt.Builder
address(JwtUtil.Address address)
Address of the subject.Jwt.Builder
addScope(String scope)
OAuth2 scope claim to add.Jwt.Builder
addUserGroup(String group)
A user group claim to add.Jwt.Builder
algorithm(String algorithm)
The "alg" claim is used to define the signature algorithm.Jwt.Builder
atHash(byte[] atHash)
Access Token hash value.Jwt.Builder
audience(String audience)
Audience identifies the expected recipients of this JWT (optional).Jwt.Builder
birthday(LocalDate birthday)
Birthday of the subject.Jwt
build()
Build and instance of theJwt
.Jwt.Builder
cHash(byte[] cHash)
Code hash value.Jwt.Builder
contentType(String contentType)
This header claim should only be used when nesting or encrypting JWT.Jwt.Builder
email(String email)
Email claim.Jwt.Builder
emailVerified(Boolean emailVerified)
Claim defining whether e-mail is verified or not.Jwt.Builder
expirationTime(Instant expirationTime)
The expiration time defines the time that this JWT loses validity.Jwt.Builder
familyName(String familyName)
Family name of subject (surname).Jwt.Builder
fullName(String fullName)
Full name of subject.Jwt.Builder
gender(String gender)
Gender of the subject.Jwt.Builder
givenName(String givenName)
Given name of subject (first name).Jwt.Builder
issuer(String issuer)
The issuer claim identifies the principal that issued the JWT.Jwt.Builder
issueTime(Instant issueTime)
The issue time defines the time that this JWT was issued.Jwt.Builder
jwtId(String jwtId)
A unique identifier of this JWT (optional) - must be unique across issuers.Jwt.Builder
keyId(String keyId)
Key id to be used to sign/verify this JWT.Jwt.Builder
locale(Locale locale)
Locale of the subject.Jwt.Builder
middleName(String middleName)
Middle name of subject.Jwt.Builder
nickname(String nickname)
Nickname of the subject.Jwt.Builder
nonce(String nonce)
Nonce value is used to prevent replay attacks and must be returned if it was sent in authentication request.Jwt.Builder
notBefore(Instant notBefore)
The not before time defines the time that this JWT starts being valid.Jwt.Builder
phoneNumber(String phoneNumber)
Phone number of the subject.Jwt.Builder
phoneNumberVerified(Boolean phoneNumberVerified)
Whether the phone number is verified or not.Jwt.Builder
picture(URI picture)
Profile picture URI of the subject.Jwt.Builder
preferredUsername(String preferredUsername)
Preferred username of the subject.Jwt.Builder
profile(URI profile)
Profile URI of the subject.Jwt.Builder
removePayloadClaim(String name)
Remove a payload claim by its name.Jwt.Builder
scopes(List<String> scopes)
OAuth2 scope claims to set.Jwt.Builder
subject(String subject)
Subject defines the principal this JWT was issued for (e.g.Jwt.Builder
timeZone(ZoneId timeZone)
Time zone of the subject.Jwt.Builder
type(String type)
Type of this JWT.Jwt.Builder
updatedAt(Instant updatedAt)
Last time the subject's record was updated.Jwt.Builder
userPrincipal(String principal)
User principal claim as defined by Microprofile JWT Auth spec.Jwt.Builder
website(URI website)
Website URI of the subject.
-
-
-
Method Detail
-
keyId
public Jwt.Builder keyId(String keyId)
Key id to be used to sign/verify this JWT.- Parameters:
keyId
- key id (pointing to a JWK)- Returns:
- updated builder instance
-
type
public Jwt.Builder type(String type)
Type of this JWT.- Parameters:
type
- type definition (JWT, JWE)- Returns:
- updated builder instance
-
scopes
public Jwt.Builder scopes(List<String> scopes)
OAuth2 scope claims to set.- Parameters:
scopes
- scope claims to add to a JWT- Returns:
- update builder instance
-
addScope
public Jwt.Builder addScope(String scope)
OAuth2 scope claim to add.- Parameters:
scope
- scope claim to add to a JWT- Returns:
- updated builder instance
-
addUserGroup
public Jwt.Builder addUserGroup(String group)
A user group claim to add. Based on Microprofile JWT Auth specification, uses claim "groups".- Parameters:
group
- group name to add to the list of groups- Returns:
- updated builder instance
-
contentType
public Jwt.Builder contentType(String contentType)
This header claim should only be used when nesting or encrypting JWT. See RFC 7519, section 5.2.- Parameters:
contentType
- content type to use, use "JWT" if nested- Returns:
- updated builder instance
-
addHeaderClaim
public Jwt.Builder addHeaderClaim(String claim, Object value)
Add a generic header claim.- Parameters:
claim
- claim to addvalue
- value of the header claim- Returns:
- updated builder instance
-
addPayloadClaim
public Jwt.Builder addPayloadClaim(String claim, Object value)
Add a generic payload claim.- Parameters:
claim
- claim to addvalue
- value of the payload claim- Returns:
- updated builder instance
-
algorithm
public Jwt.Builder algorithm(String algorithm)
The "alg" claim is used to define the signature algorithm. Note that this algorithm should be the same as is supported by the JWK used to sign (or verify) the JWT.- Parameters:
algorithm
- algorithm to use,Jwk.ALG_NONE
for none- Returns:
- updated builder instance
-
issuer
public Jwt.Builder issuer(String issuer)
The issuer claim identifies the principal that issued the JWT. See RFC 7519, section 4.1.1.- Parameters:
issuer
- issuer name or URL- Returns:
- updated builder instance
-
expirationTime
public Jwt.Builder expirationTime(Instant expirationTime)
The expiration time defines the time that this JWT loses validity. See RFC 7519, section 4.1.4.- Parameters:
expirationTime
- when this JWT expires- Returns:
- updated builder instance
-
issueTime
public Jwt.Builder issueTime(Instant issueTime)
The issue time defines the time that this JWT was issued. See RFC 7519, section 4.1.6.- Parameters:
issueTime
- when this JWT was created- Returns:
- updated builder instance
-
notBefore
public Jwt.Builder notBefore(Instant notBefore)
The not before time defines the time that this JWT starts being valid. See RFC 7519, section 4.1.5.- Parameters:
notBefore
- JWT is not valid before this time- Returns:
- updated builder instance
-
subject
public Jwt.Builder subject(String subject)
Subject defines the principal this JWT was issued for (e.g. user id). See RFC 7519, section 4.1.2.- Parameters:
subject
- subject of this JWt- Returns:
- updated builder instance
-
userPrincipal
public Jwt.Builder userPrincipal(String principal)
User principal claim as defined by Microprofile JWT Auth spec. Uses "upn" claim.- Parameters:
principal
- name of the principal, falls back topreferredUsername(String)
and then tosubject(String)
- Returns:
- updated builder instance
-
audience
public Jwt.Builder audience(String audience)
Audience identifies the expected recipients of this JWT (optional). Multiple audience may be added See RFC 7519, section 4.1.3.- Parameters:
audience
- audience of this JWT- Returns:
- updated builder instance
-
jwtId
public Jwt.Builder jwtId(String jwtId)
A unique identifier of this JWT (optional) - must be unique across issuers. See RFC 7519, section 4.1.7.- Parameters:
jwtId
- unique identifier- Returns:
- updated builder instance
-
email
public Jwt.Builder email(String email)
Email claim.- Parameters:
email
- email claim for this JWT's subject- Returns:
- updated builder instance
-
emailVerified
public Jwt.Builder emailVerified(Boolean emailVerified)
Claim defining whether e-mail is verified or not.- Parameters:
emailVerified
- true if verified- Returns:
- updated builder instance
-
fullName
public Jwt.Builder fullName(String fullName)
Full name of subject.- Parameters:
fullName
- full name of the subject- Returns:
- updated builder instance
-
givenName
public Jwt.Builder givenName(String givenName)
Given name of subject (first name).- Parameters:
givenName
- given name of the subject- Returns:
- updated builder instance
-
middleName
public Jwt.Builder middleName(String middleName)
Middle name of subject.- Parameters:
middleName
- middle name of the subject- Returns:
- updated builder instance
-
familyName
public Jwt.Builder familyName(String familyName)
Family name of subject (surname).- Parameters:
familyName
- family name of the subject- Returns:
- updated builder instance
-
locale
public Jwt.Builder locale(Locale locale)
Locale of the subject.- Parameters:
locale
- locale to use- Returns:
- updated builder instance
-
nickname
public Jwt.Builder nickname(String nickname)
Nickname of the subject.- Parameters:
nickname
- nickname- Returns:
- updated builder instance
-
preferredUsername
public Jwt.Builder preferredUsername(String preferredUsername)
Preferred username of the subject.- Parameters:
preferredUsername
- username to view- Returns:
- updated builder instance
-
profile
public Jwt.Builder profile(URI profile)
Profile URI of the subject.- Parameters:
profile
- link to profile of subject- Returns:
- updated builder instance
-
picture
public Jwt.Builder picture(URI picture)
Profile picture URI of the subject.- Parameters:
picture
- link to picture of subject- Returns:
- updated builder instance
-
website
public Jwt.Builder website(URI website)
Website URI of the subject.- Parameters:
website
- link to website of subject- Returns:
- updated builder instance
-
gender
public Jwt.Builder gender(String gender)
Gender of the subject. As this is an extension (e.g. a custom claim) used by some of the issuers, the content may be arbitrary, though base values are male and female.- Parameters:
gender
- gender to use- Returns:
- updated builder instance
-
birthday
public Jwt.Builder birthday(LocalDate birthday)
Birthday of the subject.- Parameters:
birthday
- birthday- Returns:
- updated builder instance
-
timeZone
public Jwt.Builder timeZone(ZoneId timeZone)
Time zone of the subject.- Parameters:
timeZone
- time zone- Returns:
- updated builder instance
-
phoneNumber
public Jwt.Builder phoneNumber(String phoneNumber)
Phone number of the subject.- Parameters:
phoneNumber
- phone number- Returns:
- updated builder instance
-
phoneNumberVerified
public Jwt.Builder phoneNumberVerified(Boolean phoneNumberVerified)
Whether the phone number is verified or not.- Parameters:
phoneNumberVerified
- true if number is verified- Returns:
- updated builder instance
-
updatedAt
public Jwt.Builder updatedAt(Instant updatedAt)
Last time the subject's record was updated.- Parameters:
updatedAt
- instant of update- Returns:
- updated builder instance
-
address
public Jwt.Builder address(JwtUtil.Address address)
Address of the subject.- Parameters:
address
- address to use- Returns:
- updated builder instance
-
atHash
public Jwt.Builder atHash(byte[] atHash)
Access Token hash value. Its value is the bytes of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and set them here. If the ID Token is issued from the Authorization Endpoint with an access_token value, which is the case for the response_type value code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL. See OIDC 1.0 section 3.1.3.6.- Parameters:
atHash
- hash to use (explicit). If not defined, it will be computed if needed.- Returns:
- updated builder instance
-
cHash
public Jwt.Builder cHash(byte[] cHash)
Code hash value. Its value is the bytes of the left-most half of the hash of the octets of the ASCII representation of the code value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is HS512, hash the code value with SHA-512, then take the left-most 256 bits. If the ID Token is issued from the Authorization Endpoint with a code, which is the case for the response_type values code id_token and code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL.- Parameters:
cHash
- hash bytes (explicit). If not defined, it will be computed if needed.- Returns:
- updated builder instance
-
nonce
public Jwt.Builder nonce(String nonce)
Nonce value is used to prevent replay attacks and must be returned if it was sent in authentication request.- Parameters:
nonce
- nonce value- Returns:
- updated builder instance
-
removePayloadClaim
public Jwt.Builder removePayloadClaim(String name)
Remove a payload claim by its name.- Parameters:
name
- name of the claim to remove- Returns:
- updated builder instance
-
-