java.lang.Object
io.helidon.security.jwt.Jwt.Builder
- All Implemented Interfaces:
Builder<Jwt.Builder,
,Jwt> Supplier<Jwt>
- Enclosing class:
- Jwt
Builder of a
Jwt
.-
Method Summary
Modifier and TypeMethodDescriptionaddAudience
(String audience) Audience identifies the expected recipients of this JWT (optional).addHeaderClaim
(String claim, Object value) Add a generic header claim.The issuer claim identifies the principal that issued the JWT.addPayloadClaim
(String claim, Object value) Add a generic payload claim.address
(JwtUtil.Address address) Address of the subject.OAuth2 scope claim to add.addUserGroup
(String group) A user group claim to add.The "alg" claim is used to define the signature algorithm.atHash
(byte[] atHash) Access Token hash value.Audience identifies the expected recipients of this JWT (optional).Birthday of the subject.build()
Build and instance of theJwt
.cHash
(byte[] cHash) Code hash value.contentType
(String contentType) This header claim should only be used when nesting or encrypting JWT.Email claim.emailVerified
(Boolean emailVerified) Claim defining whether e-mail is verified or not.expirationTime
(Instant expirationTime) The expiration time defines the time that this JWT loses validity.familyName
(String familyName) Family name of subject (surname).Full name of subject.Gender of the subject.Given name of subject (first name).The issuer claim identifies the principal that issued the JWT.The issuer claim identifies the principal that issued the JWT.The issue time defines the time that this JWT was issued.A unique identifier of this JWT (optional) - must be unique across issuers.Key id to be used to sign/verify this JWT.Locale of the subject.middleName
(String middleName) Middle name of subject.Nickname of the subject.Nonce value is used to prevent replay attacks and must be returned if it was sent in authentication request.The not before time defines the time that this JWT starts being valid.phoneNumber
(String phoneNumber) Phone number of the subject.phoneNumberVerified
(Boolean phoneNumberVerified) Whether the phone number is verified or not.Profile picture URI of the subject.preferredUsername
(String preferredUsername) Preferred username of the subject.Profile URI of the subject.removePayloadClaim
(String name) Remove a payload claim by its name.OAuth2 scope claims to set.Subject defines the principal this JWT was issued for (e.g.Time zone of the subject.Type of this JWT.Last time the subject's record was updated.userPrincipal
(String principal) User principal claim as defined by Microprofile JWT Auth spec.Website URI of the subject.
-
Method Details
-
keyId
Key id to be used to sign/verify this JWT.- Parameters:
keyId
- key id (pointing to a JWK)- Returns:
- updated builder instance
-
type
Type of this JWT.- Parameters:
type
- type definition (JWT, JWE)- Returns:
- updated builder instance
-
scopes
OAuth2 scope claims to set.- Parameters:
scopes
- scope claims to add to a JWT- Returns:
- update builder instance
-
addScope
OAuth2 scope claim to add.- Parameters:
scope
- scope claim to add to a JWT- Returns:
- updated builder instance
-
addUserGroup
A user group claim to add. Based on Microprofile JWT Auth specification, uses claim "groups".- Parameters:
group
- group name to add to the list of groups- Returns:
- updated builder instance
-
contentType
This header claim should only be used when nesting or encrypting JWT. See RFC 7519, section 5.2.- Parameters:
contentType
- content type to use, use "JWT" if nested- Returns:
- updated builder instance
-
addHeaderClaim
Add a generic header claim.- Parameters:
claim
- claim to addvalue
- value of the header claim- Returns:
- updated builder instance
-
addPayloadClaim
Add a generic payload claim.- Parameters:
claim
- claim to addvalue
- value of the payload claim- Returns:
- updated builder instance
-
algorithm
The "alg" claim is used to define the signature algorithm. Note that this algorithm should be the same as is supported by the JWK used to sign (or verify) the JWT.- Parameters:
algorithm
- algorithm to use,Jwk.ALG_NONE
for none- Returns:
- updated builder instance
-
issuer
The issuer claim identifies the principal that issued the JWT. Replaces all previously configured issuers. See RFC 7519, section 4.1.1.- Parameters:
issuer
- issuer name or URL- Returns:
- updated builder instance
-
addIssuer
The issuer claim identifies the principal that issued the JWT. See RFC 7519, section 4.1.1.- Parameters:
issuer
- issuer of this JWT- Returns:
- updated builder instance
-
issuers
The issuer claim identifies the principal that issued the JWT. Replaces existing configured issuers. See RFC 7519, section 4.1.1.- Parameters:
issuers
- issuers of this JWT- Returns:
- updated builder instance
-
expirationTime
The expiration time defines the time that this JWT loses validity. See RFC 7519, section 4.1.4.- Parameters:
expirationTime
- when this JWT expires- Returns:
- updated builder instance
-
issueTime
The issue time defines the time that this JWT was issued. See RFC 7519, section 4.1.6.- Parameters:
issueTime
- when this JWT was created- Returns:
- updated builder instance
-
notBefore
The not before time defines the time that this JWT starts being valid. See RFC 7519, section 4.1.5.- Parameters:
notBefore
- JWT is not valid before this time- Returns:
- updated builder instance
-
subject
Subject defines the principal this JWT was issued for (e.g. user id). See RFC 7519, section 4.1.2.- Parameters:
subject
- subject of this JWt- Returns:
- updated builder instance
-
userPrincipal
User principal claim as defined by Microprofile JWT Auth spec. Uses "upn" claim.- Parameters:
principal
- name of the principal, falls back topreferredUsername(String)
and then tosubject(String)
- Returns:
- updated builder instance
-
addAudience
Audience identifies the expected recipients of this JWT (optional). Multiple audience may be added See RFC 7519, section 4.1.3.- Parameters:
audience
- audience of this JWT- Returns:
- updated builder instance
-
audience
Audience identifies the expected recipients of this JWT (optional). Replaces existing configured audiences. This configures audience in header claims, usually this is defined in payload. See RFC 7519, section 4.1.3.- Parameters:
audience
- audience of this JWT- Returns:
- updated builder instance
-
jwtId
A unique identifier of this JWT (optional) - must be unique across issuers. See RFC 7519, section 4.1.7.- Parameters:
jwtId
- unique identifier- Returns:
- updated builder instance
-
email
Email claim.- Parameters:
email
- email claim for this JWT's subject- Returns:
- updated builder instance
-
emailVerified
Claim defining whether e-mail is verified or not.- Parameters:
emailVerified
- true if verified- Returns:
- updated builder instance
-
fullName
Full name of subject.- Parameters:
fullName
- full name of the subject- Returns:
- updated builder instance
-
givenName
Given name of subject (first name).- Parameters:
givenName
- given name of the subject- Returns:
- updated builder instance
-
middleName
Middle name of subject.- Parameters:
middleName
- middle name of the subject- Returns:
- updated builder instance
-
familyName
Family name of subject (surname).- Parameters:
familyName
- family name of the subject- Returns:
- updated builder instance
-
locale
Locale of the subject.- Parameters:
locale
- locale to use- Returns:
- updated builder instance
-
nickname
Nickname of the subject.- Parameters:
nickname
- nickname- Returns:
- updated builder instance
-
preferredUsername
Preferred username of the subject.- Parameters:
preferredUsername
- username to view- Returns:
- updated builder instance
-
profile
Profile URI of the subject.- Parameters:
profile
- link to profile of subject- Returns:
- updated builder instance
-
picture
Profile picture URI of the subject.- Parameters:
picture
- link to picture of subject- Returns:
- updated builder instance
-
website
Website URI of the subject.- Parameters:
website
- link to website of subject- Returns:
- updated builder instance
-
gender
Gender of the subject. As this is an extension (e.g. a custom claim) used by some of the issuers, the content may be arbitrary, though base values are male and female.- Parameters:
gender
- gender to use- Returns:
- updated builder instance
-
birthday
Birthday of the subject.- Parameters:
birthday
- birthday- Returns:
- updated builder instance
-
timeZone
Time zone of the subject.- Parameters:
timeZone
- time zone- Returns:
- updated builder instance
-
phoneNumber
Phone number of the subject.- Parameters:
phoneNumber
- phone number- Returns:
- updated builder instance
-
phoneNumberVerified
Whether the phone number is verified or not.- Parameters:
phoneNumberVerified
- true if number is verified- Returns:
- updated builder instance
-
updatedAt
Last time the subject's record was updated.- Parameters:
updatedAt
- instant of update- Returns:
- updated builder instance
-
address
Address of the subject.- Parameters:
address
- address to use- Returns:
- updated builder instance
-
atHash
Access Token hash value. Its value is the bytes of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and set them here. If the ID Token is issued from the Authorization Endpoint with an access_token value, which is the case for the response_type value code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL. See OIDC 1.0 section 3.1.3.6.- Parameters:
atHash
- hash to use (explicit). If not defined, it will be computed if needed.- Returns:
- updated builder instance
-
cHash
Code hash value. Its value is the bytes of the left-most half of the hash of the octets of the ASCII representation of the code value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is HS512, hash the code value with SHA-512, then take the left-most 256 bits. If the ID Token is issued from the Authorization Endpoint with a code, which is the case for the response_type values code id_token and code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL.- Parameters:
cHash
- hash bytes (explicit). If not defined, it will be computed if needed.- Returns:
- updated builder instance
-
nonce
Nonce value is used to prevent replay attacks and must be returned if it was sent in authentication request.- Parameters:
nonce
- nonce value- Returns:
- updated builder instance
-
build
Build and instance of theJwt
.- Specified by:
build
in interfaceBuilder<Jwt.Builder,
Jwt> - Returns:
- a new token instance
-
removePayloadClaim
Remove a payload claim by its name.- Parameters:
name
- name of the claim to remove- Returns:
- updated builder instance
-