Module io.helidon.security.jwt
Package io.helidon.security.jwt

Class Jwt

  • public class Jwt
extends Object
    JWT token.

    Representation of a JSON web token (a generic one).

    • Method Detail

      • defaultTimeValidators

        public static List<Validator<Jwt>> defaultTimeValidators()
        Return a list of validators to validate expiration time, issue time and not-before time. By default the time skew allowed is 5 seconds and all fields are optional.
        Returns:
        list of validators

      • defaultTimeValidators

        public static List<Validator<Jwt>> defaultTimeValidators​(Instant now,
                                                         int timeSkewAmount,
                                                         ChronoUnit timeSkewUnit,
                                                         boolean mandatory)
        Return a list of validators to validate expiration time, issue time and not-before time.
        Parameters:
        now - Time that acts as the "now" instant (this allows us to validate if a token was valid at an instant in the past
        timeSkewAmount - time skew allowed when validating (amount - such as 5)
        timeSkewUnit - time skew allowed when validating (unit - such as ChronoUnit.SECONDS)
        mandatory - whether the field is mandatory. True for mandatory, false for optional (for all default time validators)
        Returns:
        list of validators

      • addIssuerValidator

        public static void addIssuerValidator​(Collection<Validator<Jwt>> validators,
                                      String issuer,
                                      boolean mandatory)
        Add validator of issuer to the collection of validators.
        Parameters:
        validators - collection of validators
        issuer - issuer expected to be in the token
        mandatory - whether issuer field is mandatory in the token (true - mandatory, false - optional)

      • addAudienceValidator

        public static void addAudienceValidator​(Collection<Validator<Jwt>> validators,
                                        String audience,
                                        boolean mandatory)
        Add validator of audience to the collection of validators.
        Parameters:
        validators - collection of validators
        audience - audience expected to be in the token, never null
        mandatory - whether the audience field is mandatory in the token

      • addAudienceValidator

        public static void addAudienceValidator​(Collection<Validator<Jwt>> validators,
                                        Set<String> audience,
                                        boolean mandatory)
        Add validator of audience to the collection of validators.
        Parameters:
        validators - collection of validators
        audience - audience expected to be in the token
        mandatory - whether the audience field is mandatory in the token

      • builder

        public static Jwt.Builder builder()
        Get a builder to create a JWT.
        Returns:
        new builder

      • scopes

        public Optional<List<String>> scopes()
        Scopes of this token.
        Returns:
        list of scopes or empty if claim is not defined

      • headerClaim

        public Optional<JsonValue> headerClaim​(String claim)
        Get a claim by its name from header.
        Parameters:
        claim - name of a claim
        Returns:
        claim value if present

      • payloadClaim

        public Optional<JsonValue> payloadClaim​(String claim)
        Get a claim by its name from payload.
        Parameters:
        claim - name of a claim
        Returns:
        claim value if present

      • headers

        public JwtHeaders headers()
        Headers.
        Returns:
        JWT headers information

      • payloadClaims

        public Map<String,​JsonValue> payloadClaims()
        All payload claims in raw json form.
        Returns:
        map of payload names to claims

      • algorithm

        public Optional<String> algorithm()
        Algorithm claim.
        Returns:
        algorithm or empty if claim is not defined

      • keyId

        public Optional<String> keyId()
        Key id claim.
        Returns:
        key id or empty if claim is not defined

      • type

        public Optional<String> type()
        Type claim.
        Returns:
        type or empty if claim is not defined

      • contentType

        public Optional<String> contentType()
        Content type claim.
        Returns:
        content type or empty if claim is not defined

      • issuer

        public Optional<String> issuer()
        Issuer claim.
        Returns:
        Issuer or empty if claim is not defined

      • expirationTime

        public Optional<Instant> expirationTime()
        Expiration time claim.
        Returns:
        expiration time or empty if claim is not defined

      • issueTime

        public Optional<Instant> issueTime()
        Issue time claim.
        Returns:
        issue time or empty if claim is not defined

      • notBefore

        public Optional<Instant> notBefore()
        Not before claim.
        Returns:
        not before or empty if claim is not defined

      • subject

        public Optional<String> subject()
        Subject claim.
        Returns:
        subject or empty if claim is not defined

      • userPrincipal

        public Optional<String> userPrincipal()
        User principal claim ("upn" from microprofile specification).
        Returns:
        user principal or empty if claim is not defined

      • userGroups

        public Optional<List<String>> userGroups()
        User groups claim ("groups" from microprofile specification).
        Returns:
        groups or empty if claim is not defined

      • audience

        public Optional<List<String>> audience()
        Audience claim.
        Returns:
        audience or empty if claim is not defined

      • jwtId

        public Optional<String> jwtId()
        Jwt id claim.
        Returns:
        jwt id or empty if claim is not defined

      • email

        public Optional<String> email()
        Email claim.
        Returns:
        email or empty if claim is not defined

      • emailVerified

        public Optional<Boolean> emailVerified()
        Email verified claim.
        Returns:
        email verified or empty if claim is not defined

      • fullName

        public Optional<String> fullName()
        Full name claim.
        Returns:
        full name or empty if claim is not defined

      • givenName

        public Optional<String> givenName()
        Given name claim.
        Returns:
        given name or empty if claim is not defined

      • middleName

        public Optional<String> middleName()
        Middle name claim.
        Returns:
        middle name or empty if claim is not defined

      • familyName

        public Optional<String> familyName()
        Family name claim.
        Returns:
        family name or empty if claim is not defined

      • locale

        public Optional<Locale> locale()
        Locale claim.
        Returns:
        locale or empty if claim is not defined

      • nickname

        public Optional<String> nickname()
        Nickname claim.
        Returns:
        nickname or empty if claim is not defined

      • preferredUsername

        public Optional<String> preferredUsername()
        Preferred username claim.
        Returns:
        preferred username or empty if claim is not defined

      • profile

        public Optional<URI> profile()
        Profile URI claim.
        Returns:
        profile URI or empty if claim is not defined

      • picture

        public Optional<URI> picture()
        Picture URI claim.
        Returns:
        picture URI or empty if claim is not defined

      • website

        public Optional<URI> website()
        Website URI claim.
        Returns:
        website URI or empty if claim is not defined

      • gender

        public Optional<String> gender()
        Gender claim.
        Returns:
        gender or empty if claim is not defined

      • birthday

        public Optional<LocalDate> birthday()
        Birthday claim.
        Returns:
        birthday or empty if claim is not defined

      • timeZone

        public Optional<ZoneId> timeZone()
        Time Zone claim.
        Returns:
        time zone or empty if claim is not defined

      • phoneNumber

        public Optional<String> phoneNumber()
        Phone number claim.
        Returns:
        phone number or empty if claim is not defined

      • phoneNumberVerified

        public Optional<Boolean> phoneNumberVerified()
        Phone number verified claim.
        Returns:
        phone number verified or empty if claim is not defined

      • updatedAt

        public Optional<Instant> updatedAt()
        Updated at claim.
        Returns:
        updated at or empty if claim is not defined

      • address

        public Optional<JwtUtil.Address> address()
        Address claim.
        Returns:
        address or empty if claim is not defined

      • atHash

        public Optional<byte[]> atHash()
        AtHash claim.
        Returns:
        atHash or empty if claim is not defined

      • cHash

        public Optional<byte[]> cHash()
        CHash claim.
        Returns:
        cHash or empty if claim is not defined

      • nonce

        public Optional<String> nonce()
        Nonce claim.
        Returns:
        nonce or empty if claim is not defined

      • headerJson

        public JsonObject headerJson()
        Create a JSON header object.
        Returns:
        JsonObject for header

      • payloadJson

        public JsonObject payloadJson()
        Create a JSON payload object.
        Returns:
        JsonObject for payload

      • validate

        public Errors validate​(String issuer,
                       String audience)
        Validates all default values. Values validated:
        Parameters:
        issuer - validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory
        audience - validates that this JWT was issued for this audience. Setting this to non-null value will make audience claim mandatory
        Returns:
        errors instance to check for validation result

      • validate

        public Errors validate​(String issuer,
                       Set<String> audience)
        Validates all default values. Values validated:
        Parameters:
        issuer - validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory
        audience - validates that this JWT was issued for this audience. Setting this to non-null value and with any non-null value in the Set will make audience claim mandatory
        Returns:
        errors instance to check for validation result

      • addUserPrincipalValidator

        public static void addUserPrincipalValidator​(Collection<Validator<Jwt>> validators)
        Adds a validator that makes sure the userPrincipal() is present.
        Parameters:
        validators - validator collection to update