java.lang.Object
io.helidon.security.jwt.Jwt
JWT token.
Representation of a JSON web token (a generic one).
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
Builder of aJwt
.static final class
Validator of expiration claim.static final class
Validator of a string field obtained from a JWT.static final class
Validator of issue time claim.static final class
Validator of not before claim. -
Method Summary
Modifier and TypeMethodDescriptionstatic void
addAudienceValidator
(Collection<Validator<Jwt>> validators, String audience, boolean mandatory) Add validator of audience to the collection of validators.static void
addAudienceValidator
(Collection<Validator<Jwt>> validators, Set<String> audience, boolean mandatory) Add validator of audience to the collection of validators.static void
addIssuerValidator
(Collection<Validator<Jwt>> validators, String issuer, boolean mandatory) Add validator of issuer to the collection of validators.address()
Address claim.static void
addUserPrincipalValidator
(Collection<Validator<Jwt>> validators) Adds a validator that makes sure theuserPrincipal()
is present.Algorithm claim.Optional<byte[]>
atHash()
AtHash claim.audience()
Audience claim.birthday()
Birthday claim.static Jwt.Builder
builder()
Get a builder to create a JWT.Optional<byte[]>
cHash()
CHash claim.Content type claim.Return a list of validators to validate expiration time, issue time and not-before time.defaultTimeValidators
(Instant now, int timeSkewAmount, ChronoUnit timeSkewUnit, boolean mandatory) Return a list of validators to validate expiration time, issue time and not-before time.email()
Email claim.Email verified claim.Expiration time claim.Family name claim.fullName()
Full name claim.gender()
Gender claim.Given name claim.headerClaim
(String claim) Get a claim by its name from header.Create a JSON header object.headers()
Headers.issuer()
Issuer claim.issuers()
All the issuer claim values.Issue time claim.jwtId()
Jwt id claim.keyId()
Key id claim.locale()
Locale claim.Middle name claim.nickname()
Nickname claim.nonce()
Nonce claim.Not before claim.payloadClaim
(String claim) Get a claim by its name from payload.All payload claims in raw json form.Create a JSON payload object.Phone number claim.Phone number verified claim.picture()
Picture URI claim.Preferred username claim.profile()
Profile URI claim.scopes()
Scopes of this token.subject()
Subject claim.timeZone()
Time Zone claim.type()
Type claim.Updated at claim.User groups claim ("groups" from microprofile specification).User principal claim ("upn" from microprofile specification).Validates all default values.Validates all default values.Validate this JWT against provided validators.website()
Website URI claim.
-
Method Details
-
defaultTimeValidators
Return a list of validators to validate expiration time, issue time and not-before time. By default the time skew allowed is 5 seconds and all fields are optional.- Returns:
- list of validators
-
defaultTimeValidators
public static List<Validator<Jwt>> defaultTimeValidators(Instant now, int timeSkewAmount, ChronoUnit timeSkewUnit, boolean mandatory) Return a list of validators to validate expiration time, issue time and not-before time.- Parameters:
now
- Time that acts as the "now" instant (this allows us to validate if a token was valid at an instant in the pasttimeSkewAmount
- time skew allowed when validating (amount - such as 5)timeSkewUnit
- time skew allowed when validating (unit - such asChronoUnit.SECONDS
)mandatory
- whether the field is mandatory. True for mandatory, false for optional (for all default time validators)- Returns:
- list of validators
-
addIssuerValidator
public static void addIssuerValidator(Collection<Validator<Jwt>> validators, String issuer, boolean mandatory) Add validator of issuer to the collection of validators.- Parameters:
validators
- collection of validatorsissuer
- issuer expected to be in the tokenmandatory
- whether issuer field is mandatory in the token (true - mandatory, false - optional)
-
addAudienceValidator
public static void addAudienceValidator(Collection<Validator<Jwt>> validators, String audience, boolean mandatory) Add validator of audience to the collection of validators.- Parameters:
validators
- collection of validatorsaudience
- audience expected to be in the token, never nullmandatory
- whether the audience field is mandatory in the token
-
addAudienceValidator
public static void addAudienceValidator(Collection<Validator<Jwt>> validators, Set<String> audience, boolean mandatory) Add validator of audience to the collection of validators.- Parameters:
validators
- collection of validatorsaudience
- audience expected to be in the tokenmandatory
- whether the audience field is mandatory in the token
-
builder
Get a builder to create a JWT.- Returns:
- new builder
-
scopes
Scopes of this token.- Returns:
- list of scopes or empty if claim is not defined
-
headerClaim
Get a claim by its name from header.- Parameters:
claim
- name of a claim- Returns:
- claim value if present
-
payloadClaim
Get a claim by its name from payload.- Parameters:
claim
- name of a claim- Returns:
- claim value if present
-
headers
Headers.- Returns:
- JWT headers information
-
payloadClaims
All payload claims in raw json form.- Returns:
- map of payload names to claims
-
algorithm
Algorithm claim.- Returns:
- algorithm or empty if claim is not defined
-
keyId
Key id claim.- Returns:
- key id or empty if claim is not defined
-
type
Type claim.- Returns:
- type or empty if claim is not defined
-
contentType
Content type claim.- Returns:
- content type or empty if claim is not defined
-
issuer
Issuer claim.- Returns:
- Issuer or empty if claim is not defined
-
issuers
All the issuer claim values.- Returns:
- Issuer values or empty if claim is not defined
-
expirationTime
Expiration time claim.- Returns:
- expiration time or empty if claim is not defined
-
issueTime
Issue time claim.- Returns:
- issue time or empty if claim is not defined
-
notBefore
Not before claim.- Returns:
- not before or empty if claim is not defined
-
subject
Subject claim.- Returns:
- subject or empty if claim is not defined
-
userPrincipal
User principal claim ("upn" from microprofile specification).- Returns:
- user principal or empty if claim is not defined
-
userGroups
User groups claim ("groups" from microprofile specification).- Returns:
- groups or empty if claim is not defined
-
audience
Audience claim.- Returns:
- audience or empty if claim is not defined
-
jwtId
Jwt id claim.- Returns:
- jwt id or empty if claim is not defined
-
email
Email claim.- Returns:
- email or empty if claim is not defined
-
emailVerified
Email verified claim.- Returns:
- email verified or empty if claim is not defined
-
fullName
Full name claim.- Returns:
- full name or empty if claim is not defined
-
givenName
Given name claim.- Returns:
- given name or empty if claim is not defined
-
middleName
Middle name claim.- Returns:
- middle name or empty if claim is not defined
-
familyName
Family name claim.- Returns:
- family name or empty if claim is not defined
-
locale
Locale claim.- Returns:
- locale or empty if claim is not defined
-
nickname
Nickname claim.- Returns:
- nickname or empty if claim is not defined
-
preferredUsername
Preferred username claim.- Returns:
- preferred username or empty if claim is not defined
-
profile
Profile URI claim.- Returns:
- profile URI or empty if claim is not defined
-
picture
Picture URI claim.- Returns:
- picture URI or empty if claim is not defined
-
website
Website URI claim.- Returns:
- website URI or empty if claim is not defined
-
gender
Gender claim.- Returns:
- gender or empty if claim is not defined
-
birthday
Birthday claim.- Returns:
- birthday or empty if claim is not defined
-
timeZone
Time Zone claim.- Returns:
- time zone or empty if claim is not defined
-
phoneNumber
Phone number claim.- Returns:
- phone number or empty if claim is not defined
-
phoneNumberVerified
Phone number verified claim.- Returns:
- phone number verified or empty if claim is not defined
-
updatedAt
Updated at claim.- Returns:
- updated at or empty if claim is not defined
-
address
Address claim.- Returns:
- address or empty if claim is not defined
-
atHash
AtHash claim.- Returns:
- atHash or empty if claim is not defined
-
cHash
CHash claim.- Returns:
- cHash or empty if claim is not defined
-
nonce
Nonce claim.- Returns:
- nonce or empty if claim is not defined
-
headerJson
Create a JSON header object.- Returns:
- JsonObject for header
-
payloadJson
Create a JSON payload object.- Returns:
- JsonObject for payload
-
validate
Validate this JWT against provided validators.- Parameters:
validators
- Validators to validate with. Obtain them through (e.g.)defaultTimeValidators()
,addAudienceValidator(Collection, String, boolean)
,addIssuerValidator(Collection, String, boolean)
- Returns:
- errors instance to check if valid and access error messages
-
validate
Validates all default values. Values validated:Expiration time
if definedIssue time
if definedNot before time
if definedissuer()
Issuer} if definedAudience
if defined
- Parameters:
issuer
- validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatoryaudience
- validates that this JWT was issued for this audience. Setting this to non-null value will make audience claim mandatory- Returns:
- errors instance to check for validation result
-
validate
Validates all default values. Values validated:Expiration time
if definedIssue time
if definedNot before time
if definedissuer()
Issuer} if definedAudience
if defined
- Parameters:
issuer
- validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatoryaudience
- validates that this JWT was issued for this audience. Setting this to non-null value and with any non-null value in the Set will make audience claim mandatory- Returns:
- errors instance to check for validation result
-
addUserPrincipalValidator
Adds a validator that makes sure theuserPrincipal()
is present.- Parameters:
validators
- validator collection to update
-