Package io.helidon.security.jwt
Class Jwt
- java.lang.Object
-
- io.helidon.security.jwt.Jwt
-
public class Jwt extends Object
JWT token.Representation of a JSON web token (a generic one).
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
Jwt.Builder
Builder of aJwt
.static class
Jwt.ExpirationValidator
Validator of expiration claim.static class
Jwt.FieldValidator
Validator of a string field obtained from a JWT.static class
Jwt.IssueTimeValidator
Validator of issue time claim.static class
Jwt.NotBeforeValidator
Validator of not before claim.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static void
addAudienceValidator(Collection<Validator<Jwt>> validators, String audience, boolean mandatory)
Add validator of audience to the collection of validators.static void
addIssuerValidator(Collection<Validator<Jwt>> validators, String issuer, boolean mandatory)
Add validator of issuer to the collection of validators.Optional<JwtUtil.Address>
address()
Address claim.Optional<String>
algorithm()
Algorithm claim.Optional<byte[]>
atHash()
AtHash claim.Optional<List<String>>
audience()
Audience claim.Optional<LocalDate>
birthday()
Birthday claim.static Jwt.Builder
builder()
Get a builder to create a JWT.Optional<byte[]>
cHash()
CHash claim.Optional<String>
contentType()
Content type claim.static List<Validator<Jwt>>
defaultTimeValidators()
Return a list of validators to validate expiration time, issue time and not-before time.static List<Validator<Jwt>>
defaultTimeValidators(Instant now, int timeSkewAmount, ChronoUnit timeSkewUnit, boolean mandatory)
Return a list of validators to validate expiration time, issue time and not-before time.Optional<String>
email()
Email claim.Optional<Boolean>
emailVerified()
Email verified claim.Optional<Instant>
expirationTime()
Expiration time claim.Optional<String>
familyName()
Family name claim.Optional<String>
fullName()
Full name claim.Optional<String>
gender()
Gender claim.Optional<String>
givenName()
Given name claim.Optional<JsonValue>
headerClaim(String claim)
Get a claim by its name from header.JsonObject
headerJson()
Create a JSON header object.Optional<String>
issuer()
Issuer claim.Optional<Instant>
issueTime()
Issue time claim.Optional<String>
jwtId()
Jwt id claim.Optional<String>
keyId()
Key id claim.Optional<Locale>
locale()
Locale claim.Optional<String>
middleName()
Middle name claim.Optional<String>
nickname()
Nickname claim.Optional<String>
nonce()
Nonce claim.Optional<Instant>
notBefore()
Not before claim.Optional<JsonValue>
payloadClaim(String claim)
Get a claim by its name from payload.Map<String,JsonValue>
payloadClaims()
All payload claims in raw json form.JsonObject
payloadJson()
Create a JSON payload object.Optional<String>
phoneNumber()
Phone number claim.Optional<Boolean>
phoneNumberVerified()
Phone number verified claim.Optional<URI>
picture()
Picture URI claim.Optional<String>
preferredUsername()
Preferred username claim.Optional<URI>
profile()
Profile URI claim.Optional<List<String>>
scopes()
Scopes of this token.Optional<String>
subject()
Subject claim.Optional<ZoneId>
timeZone()
Time Zone claim.Optional<String>
type()
Type claim.Optional<Instant>
updatedAt()
Updated at claim.Optional<List<String>>
userGroups()
User groups claim ("groups" from microprofile specification).Optional<String>
userPrincipal()
User principal claim ("upn" from microprofile specification).Errors
validate(String issuer, String audience)
Validates all default values.Errors
validate(List<Validator<Jwt>> validators)
Validate this JWT against provided validators.Optional<URI>
website()
Website URI claim.
-
-
-
Method Detail
-
defaultTimeValidators
public static List<Validator<Jwt>> defaultTimeValidators()
Return a list of validators to validate expiration time, issue time and not-before time. By default the time skew allowed is 5 seconds and all fields are optional.- Returns:
- list of validators
-
defaultTimeValidators
public static List<Validator<Jwt>> defaultTimeValidators(Instant now, int timeSkewAmount, ChronoUnit timeSkewUnit, boolean mandatory)
Return a list of validators to validate expiration time, issue time and not-before time.- Parameters:
now
- Time that acts as the "now" instant (this allows us to validate if a token was valid at an instant in the pasttimeSkewAmount
- time skew allowed when validating (amount - such as 5)timeSkewUnit
- time skew allowed when validating (unit - such asChronoUnit.SECONDS
)mandatory
- whether the field is mandatory. True for mandatory, false for optional (for all default time validators)- Returns:
- list of validators
-
addIssuerValidator
public static void addIssuerValidator(Collection<Validator<Jwt>> validators, String issuer, boolean mandatory)
Add validator of issuer to the collection of validators.- Parameters:
validators
- collection of validatorsissuer
- issuer expected to be in the tokenmandatory
- whether issuer field is mandatory in the token (true - mandatory, false - optional)
-
addAudienceValidator
public static void addAudienceValidator(Collection<Validator<Jwt>> validators, String audience, boolean mandatory)
Add validator of audience to the collection of validators.- Parameters:
validators
- collection of validatorsaudience
- audience expected to be in the tokenmandatory
- whether the audience field is mandatory in the token
-
builder
public static Jwt.Builder builder()
Get a builder to create a JWT.- Returns:
- new builder
-
scopes
public Optional<List<String>> scopes()
Scopes of this token.- Returns:
- list of scopes or empty if claim is not defined
-
headerClaim
public Optional<JsonValue> headerClaim(String claim)
Get a claim by its name from header.- Parameters:
claim
- name of a claim- Returns:
- claim value if present
-
payloadClaim
public Optional<JsonValue> payloadClaim(String claim)
Get a claim by its name from payload.- Parameters:
claim
- name of a claim- Returns:
- claim value if present
-
payloadClaims
public Map<String,JsonValue> payloadClaims()
All payload claims in raw json form.- Returns:
- map of payload names to claims
-
algorithm
public Optional<String> algorithm()
Algorithm claim.- Returns:
- algorithm or empty if claim is not defined
-
keyId
public Optional<String> keyId()
Key id claim.- Returns:
- key id or empty if claim is not defined
-
contentType
public Optional<String> contentType()
Content type claim.- Returns:
- content type or empty if claim is not defined
-
issuer
public Optional<String> issuer()
Issuer claim.- Returns:
- Issuer or empty if claim is not defined
-
expirationTime
public Optional<Instant> expirationTime()
Expiration time claim.- Returns:
- expiration time or empty if claim is not defined
-
issueTime
public Optional<Instant> issueTime()
Issue time claim.- Returns:
- issue time or empty if claim is not defined
-
notBefore
public Optional<Instant> notBefore()
Not before claim.- Returns:
- not before or empty if claim is not defined
-
subject
public Optional<String> subject()
Subject claim.- Returns:
- subject or empty if claim is not defined
-
userPrincipal
public Optional<String> userPrincipal()
User principal claim ("upn" from microprofile specification).- Returns:
- user principal or empty if claim is not defined
-
userGroups
public Optional<List<String>> userGroups()
User groups claim ("groups" from microprofile specification).- Returns:
- groups or empty if claim is not defined
-
audience
public Optional<List<String>> audience()
Audience claim.- Returns:
- audience or empty if claim is not defined
-
jwtId
public Optional<String> jwtId()
Jwt id claim.- Returns:
- jwt id or empty if claim is not defined
-
emailVerified
public Optional<Boolean> emailVerified()
Email verified claim.- Returns:
- email verified or empty if claim is not defined
-
fullName
public Optional<String> fullName()
Full name claim.- Returns:
- full name or empty if claim is not defined
-
givenName
public Optional<String> givenName()
Given name claim.- Returns:
- given name or empty if claim is not defined
-
middleName
public Optional<String> middleName()
Middle name claim.- Returns:
- middle name or empty if claim is not defined
-
familyName
public Optional<String> familyName()
Family name claim.- Returns:
- family name or empty if claim is not defined
-
locale
public Optional<Locale> locale()
Locale claim.- Returns:
- locale or empty if claim is not defined
-
nickname
public Optional<String> nickname()
Nickname claim.- Returns:
- nickname or empty if claim is not defined
-
preferredUsername
public Optional<String> preferredUsername()
Preferred username claim.- Returns:
- preferred username or empty if claim is not defined
-
profile
public Optional<URI> profile()
Profile URI claim.- Returns:
- profile URI or empty if claim is not defined
-
picture
public Optional<URI> picture()
Picture URI claim.- Returns:
- picture URI or empty if claim is not defined
-
website
public Optional<URI> website()
Website URI claim.- Returns:
- website URI or empty if claim is not defined
-
gender
public Optional<String> gender()
Gender claim.- Returns:
- gender or empty if claim is not defined
-
birthday
public Optional<LocalDate> birthday()
Birthday claim.- Returns:
- birthday or empty if claim is not defined
-
timeZone
public Optional<ZoneId> timeZone()
Time Zone claim.- Returns:
- time zone or empty if claim is not defined
-
phoneNumber
public Optional<String> phoneNumber()
Phone number claim.- Returns:
- phone number or empty if claim is not defined
-
phoneNumberVerified
public Optional<Boolean> phoneNumberVerified()
Phone number verified claim.- Returns:
- phone number verified or empty if claim is not defined
-
updatedAt
public Optional<Instant> updatedAt()
Updated at claim.- Returns:
- updated at or empty if claim is not defined
-
address
public Optional<JwtUtil.Address> address()
Address claim.- Returns:
- address or empty if claim is not defined
-
atHash
public Optional<byte[]> atHash()
AtHash claim.- Returns:
- atHash or empty if claim is not defined
-
cHash
public Optional<byte[]> cHash()
CHash claim.- Returns:
- cHash or empty if claim is not defined
-
headerJson
public JsonObject headerJson()
Create a JSON header object.- Returns:
- JsonObject for header
-
payloadJson
public JsonObject payloadJson()
Create a JSON payload object.- Returns:
- JsonObject for payload
-
validate
public Errors validate(List<Validator<Jwt>> validators)
Validate this JWT against provided validators.- Parameters:
validators
- Validators to validate with. Obtain them through (e.g.)defaultTimeValidators()
,addAudienceValidator(Collection, String, boolean)
,addIssuerValidator(Collection, String, boolean)
- Returns:
- errors instance to check if valid and access error messages
-
validate
public Errors validate(String issuer, String audience)
Validates all default values. Values validated:Expiration time
if definedIssue time
if definedNot before time
if definedissuer()
Issuer} if definedAudience
if defined
- Parameters:
issuer
- validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatoryaudience
- validates that this JWT was issued for this audience. Setting this to non-null value will make audience claim mandatory- Returns:
- errors instance to check for validation result
-
-