Module io.helidon.security.jwt
Package io.helidon.security.jwt

Class Jwt.Builder

    • Method Detail

      • keyId

        public Jwt.Builder keyId​(String keyId)
        Key id to be used to sign/verify this JWT.
        Parameters:
        keyId - key id (pointing to a JWK)
        Returns:
        updated builder instance

      • type

        public Jwt.Builder type​(String type)
        Type of this JWT.
        Parameters:
        type - type definition (JWT, JWE)
        Returns:
        updated builder instance

      • scopes

        public Jwt.Builder scopes​(List<String> scopes)
        OAuth2 scope claims to set.
        Parameters:
        scopes - scope claims to add to a JWT
        Returns:
        update builder instance

      • addScope

        public Jwt.Builder addScope​(String scope)
        OAuth2 scope claim to add.
        Parameters:
        scope - scope claim to add to a JWT
        Returns:
        updated builder instance

      • addUserGroup

        public Jwt.Builder addUserGroup​(String group)
        A user group claim to add. Based on Microprofile JWT Auth specification, uses claim "groups".
        Parameters:
        group - group name to add to the list of groups
        Returns:
        updated builder instance

      • contentType

        public Jwt.Builder contentType​(String contentType)
        This header claim should only be used when nesting or encrypting JWT. See RFC 7519, section 5.2.
        Parameters:
        contentType - content type to use, use "JWT" if nested
        Returns:
        updated builder instance

      • addHeaderClaim

        public Jwt.Builder addHeaderClaim​(String claim,
                                  Object value)
        Add a generic header claim.
        Parameters:
        claim - claim to add
        value - value of the header claim
        Returns:
        updated builder instance

      • addPayloadClaim

        public Jwt.Builder addPayloadClaim​(String claim,
                                   Object value)
        Add a generic payload claim.
        Parameters:
        claim - claim to add
        value - value of the payload claim
        Returns:
        updated builder instance

      • algorithm

        public Jwt.Builder algorithm​(String algorithm)
        The "alg" claim is used to define the signature algorithm. Note that this algorithm should be the same as is supported by the JWK used to sign (or verify) the JWT.
        Parameters:
        algorithm - algorithm to use, Jwk.ALG_NONE for none
        Returns:
        updated builder instance

      • issuer

        public Jwt.Builder issuer​(String issuer)
        The issuer claim identifies the principal that issued the JWT. See RFC 7519, section 4.1.1.
        Parameters:
        issuer - issuer name or URL
        Returns:
        updated builder instance

      • expirationTime

        public Jwt.Builder expirationTime​(Instant expirationTime)
        The expiration time defines the time that this JWT loses validity. See RFC 7519, section 4.1.4.
        Parameters:
        expirationTime - when this JWT expires
        Returns:
        updated builder instance

      • issueTime

        public Jwt.Builder issueTime​(Instant issueTime)
        The issue time defines the time that this JWT was issued. See RFC 7519, section 4.1.6.
        Parameters:
        issueTime - when this JWT was created
        Returns:
        updated builder instance

      • notBefore

        public Jwt.Builder notBefore​(Instant notBefore)
        The not before time defines the time that this JWT starts being valid. See RFC 7519, section 4.1.5.
        Parameters:
        notBefore - JWT is not valid before this time
        Returns:
        updated builder instance

      • subject

        public Jwt.Builder subject​(String subject)
        Subject defines the principal this JWT was issued for (e.g. user id). See RFC 7519, section 4.1.2.
        Parameters:
        subject - subject of this JWt
        Returns:
        updated builder instance

      • userPrincipal

        public Jwt.Builder userPrincipal​(String principal)
        User principal claim as defined by Microprofile JWT Auth spec. Uses "upn" claim.
        Parameters:
        principal - name of the principal, falls back to preferredUsername(String) and then to subject(String)
        Returns:
        updated builder instance

      • addAudience

        public Jwt.Builder addAudience​(String audience)
        Audience identifies the expected recipients of this JWT (optional). Multiple audience may be added See RFC 7519, section 4.1.3.
        Parameters:
        audience - audience of this JWT
        Returns:
        updated builder instance

      • audience

        public Jwt.Builder audience​(List<String> audience)
        Audience identifies the expected recipients of this JWT (optional). Replaces existing configured audiences. This configures audience in header claims, usually this is defined in payload. See RFC 7519, section 4.1.3.
        Parameters:
        audience - audience of this JWT
        Returns:
        updated builder instance

      • jwtId

        public Jwt.Builder jwtId​(String jwtId)
        A unique identifier of this JWT (optional) - must be unique across issuers. See RFC 7519, section 4.1.7.
        Parameters:
        jwtId - unique identifier
        Returns:
        updated builder instance

      • email

        public Jwt.Builder email​(String email)
        Email claim.
        Parameters:
        email - email claim for this JWT's subject
        Returns:
        updated builder instance

      • emailVerified

        public Jwt.Builder emailVerified​(Boolean emailVerified)
        Claim defining whether e-mail is verified or not.
        Parameters:
        emailVerified - true if verified
        Returns:
        updated builder instance

      • fullName

        public Jwt.Builder fullName​(String fullName)
        Full name of subject.
        Parameters:
        fullName - full name of the subject
        Returns:
        updated builder instance

      • givenName

        public Jwt.Builder givenName​(String givenName)
        Given name of subject (first name).
        Parameters:
        givenName - given name of the subject
        Returns:
        updated builder instance

      • middleName

        public Jwt.Builder middleName​(String middleName)
        Middle name of subject.
        Parameters:
        middleName - middle name of the subject
        Returns:
        updated builder instance

      • familyName

        public Jwt.Builder familyName​(String familyName)
        Family name of subject (surname).
        Parameters:
        familyName - family name of the subject
        Returns:
        updated builder instance

      • locale

        public Jwt.Builder locale​(Locale locale)
        Locale of the subject.
        Parameters:
        locale - locale to use
        Returns:
        updated builder instance

      • nickname

        public Jwt.Builder nickname​(String nickname)
        Nickname of the subject.
        Parameters:
        nickname - nickname
        Returns:
        updated builder instance

      • preferredUsername

        public Jwt.Builder preferredUsername​(String preferredUsername)
        Preferred username of the subject.
        Parameters:
        preferredUsername - username to view
        Returns:
        updated builder instance

      • profile

        public Jwt.Builder profile​(URI profile)
        Profile URI of the subject.
        Parameters:
        profile - link to profile of subject
        Returns:
        updated builder instance

      • picture

        public Jwt.Builder picture​(URI picture)
        Profile picture URI of the subject.
        Parameters:
        picture - link to picture of subject
        Returns:
        updated builder instance

      • website

        public Jwt.Builder website​(URI website)
        Website URI of the subject.
        Parameters:
        website - link to website of subject
        Returns:
        updated builder instance

      • gender

        public Jwt.Builder gender​(String gender)
        Gender of the subject. As this is an extension (e.g. a custom claim) used by some of the issuers, the content may be arbitrary, though base values are male and female.
        Parameters:
        gender - gender to use
        Returns:
        updated builder instance

      • birthday

        public Jwt.Builder birthday​(LocalDate birthday)
        Birthday of the subject.
        Parameters:
        birthday - birthday
        Returns:
        updated builder instance

      • timeZone

        public Jwt.Builder timeZone​(ZoneId timeZone)
        Time zone of the subject.
        Parameters:
        timeZone - time zone
        Returns:
        updated builder instance

      • phoneNumber

        public Jwt.Builder phoneNumber​(String phoneNumber)
        Phone number of the subject.
        Parameters:
        phoneNumber - phone number
        Returns:
        updated builder instance

      • phoneNumberVerified

        public Jwt.Builder phoneNumberVerified​(Boolean phoneNumberVerified)
        Whether the phone number is verified or not.
        Parameters:
        phoneNumberVerified - true if number is verified
        Returns:
        updated builder instance

      • updatedAt

        public Jwt.Builder updatedAt​(Instant updatedAt)
        Last time the subject's record was updated.
        Parameters:
        updatedAt - instant of update
        Returns:
        updated builder instance

      • address

        public Jwt.Builder address​(JwtUtil.Address address)
        Address of the subject.
        Parameters:
        address - address to use
        Returns:
        updated builder instance

      • atHash

        public Jwt.Builder atHash​(byte[] atHash)
        Access Token hash value. Its value is the bytes of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and set them here. If the ID Token is issued from the Authorization Endpoint with an access_token value, which is the case for the response_type value code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL. See OIDC 1.0 section 3.1.3.6.
        Parameters:
        atHash - hash to use (explicit). If not defined, it will be computed if needed.
        Returns:
        updated builder instance

      • cHash

        public Jwt.Builder cHash​(byte[] cHash)
        Code hash value. Its value is the bytes of the left-most half of the hash of the octets of the ASCII representation of the code value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is HS512, hash the code value with SHA-512, then take the left-most 256 bits. If the ID Token is issued from the Authorization Endpoint with a code, which is the case for the response_type values code id_token and code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL.
        Parameters:
        cHash - hash bytes (explicit). If not defined, it will be computed if needed.
        Returns:
        updated builder instance

      • nonce

        public Jwt.Builder nonce​(String nonce)
        Nonce value is used to prevent replay attacks and must be returned if it was sent in authentication request.
        Parameters:
        nonce - nonce value
        Returns:
        updated builder instance

      • build

        public Jwt build()
        Build and instance of the Jwt.
        Specified by:
        build in interface Builder<Jwt>
        Returns:
        a new token instance

      • removePayloadClaim

        public Jwt.Builder removePayloadClaim​(String name)
        Remove a payload claim by its name.
        Parameters:
        name - name of the claim to remove
        Returns:
        updated builder instance