java.lang.Object
io.helidon.security.jwt.Jwt

public class Jwt extends Object
JWT token.

Representation of a JSON web token (a generic one).

  • Method Details

    • defaultTimeValidators

      @Deprecated(since="4.0.10", forRemoval=true) public static List<Validator<Jwt>> defaultTimeValidators()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Return a list of validators to validate expiration time, issue time and not-before time. By default the time skew allowed is 5 seconds and all fields are optional.
      Returns:
      list of validators
    • defaultTimeValidators

      @Deprecated(since="4.0.10", forRemoval=true) public static List<Validator<Jwt>> defaultTimeValidators(Instant now, int timeSkewAmount, ChronoUnit timeSkewUnit, boolean mandatory)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Return a list of validators to validate expiration time, issue time and not-before time.
      Parameters:
      now - Time that acts as the "now" instant (this allows us to validate if a token was valid at an instant in the past
      timeSkewAmount - time skew allowed when validating (amount - such as 5)
      timeSkewUnit - time skew allowed when validating (unit - such as ChronoUnit.SECONDS)
      mandatory - whether the field is mandatory. True for mandatory, false for optional (for all default time validators)
      Returns:
      list of validators
    • addIssuerValidator

      @Deprecated(since="4.0.10", forRemoval=true) public static void addIssuerValidator(Collection<Validator<Jwt>> validators, String issuer, boolean mandatory)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Add validator of issuer to the collection of validators.
      Parameters:
      validators - collection of validators
      issuer - issuer expected to be in the token
      mandatory - whether issuer field is mandatory in the token (true - mandatory, false - optional)
    • addAudienceValidator

      @Deprecated(since="4.0.10", forRemoval=true) public static void addAudienceValidator(Collection<Validator<Jwt>> validators, String audience, boolean mandatory)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Add validator of audience to the collection of validators.
      Parameters:
      validators - collection of validators
      audience - audience expected to be in the token, never null
      mandatory - whether the audience field is mandatory in the token
    • addAudienceValidator

      @Deprecated(since="4.0.10", forRemoval=true) public static void addAudienceValidator(Collection<Validator<Jwt>> validators, Set<String> audience, boolean mandatory)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Add validator of audience to the collection of validators.
      Parameters:
      validators - collection of validators
      audience - audience expected to be in the token
      mandatory - whether the audience field is mandatory in the token
    • addMaxTokenAgeValidator

      @Deprecated(since="4.0.10", forRemoval=true) public static void addMaxTokenAgeValidator(Collection<Validator<Jwt>> validators, Duration expectedMaxTokenAge, Duration clockSkew, boolean iatRequired)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Add validator of max token age to the collection of validators.
      Parameters:
      validators - collection of validators
      expectedMaxTokenAge - max token age since issue time
      clockSkew - clock skew
      iatRequired - whether to fail if iat clam is present
    • builder

      public static Jwt.Builder builder()
      Get a builder to create a JWT.
      Returns:
      new builder
    • scopes

      public Optional<List<String>> scopes()
      Scopes of this token.
      Returns:
      list of scopes or empty if claim is not defined
    • headerClaim

      public Optional<JsonValue> headerClaim(String claim)
      Get a claim by its name from header.
      Parameters:
      claim - name of a claim
      Returns:
      claim value if present
    • payloadClaim

      public Optional<JsonValue> payloadClaim(String claim)
      Get a claim by its name from payload.
      Parameters:
      claim - name of a claim
      Returns:
      claim value if present
    • headers

      public JwtHeaders headers()
      Headers.
      Returns:
      JWT headers information
    • payloadClaims

      public Map<String,JsonValue> payloadClaims()
      All payload claims in raw json form.
      Returns:
      map of payload names to claims
    • algorithm

      public Optional<String> algorithm()
      Algorithm claim.
      Returns:
      algorithm or empty if claim is not defined
    • keyId

      public Optional<String> keyId()
      Key id claim.
      Returns:
      key id or empty if claim is not defined
    • type

      public Optional<String> type()
      Type claim.
      Returns:
      type or empty if claim is not defined
    • contentType

      public Optional<String> contentType()
      Content type claim.
      Returns:
      content type or empty if claim is not defined
    • issuer

      public Optional<String> issuer()
      Issuer claim.
      Returns:
      Issuer or empty if claim is not defined
    • expirationTime

      public Optional<Instant> expirationTime()
      Expiration time claim.
      Returns:
      expiration time or empty if claim is not defined
    • issueTime

      public Optional<Instant> issueTime()
      Issue time claim.
      Returns:
      issue time or empty if claim is not defined
    • notBefore

      public Optional<Instant> notBefore()
      Not before claim.
      Returns:
      not before or empty if claim is not defined
    • subject

      public Optional<String> subject()
      Subject claim.
      Returns:
      subject or empty if claim is not defined
    • userPrincipal

      public Optional<String> userPrincipal()
      User principal claim ("upn" from microprofile specification).
      Returns:
      user principal or empty if claim is not defined
    • userGroups

      public Optional<List<String>> userGroups()
      User groups claim ("groups" from microprofile specification).
      Returns:
      groups or empty if claim is not defined
    • audience

      public Optional<List<String>> audience()
      Audience claim.
      Returns:
      audience or empty if claim is not defined
    • jwtId

      public Optional<String> jwtId()
      Jwt id claim.
      Returns:
      jwt id or empty if claim is not defined
    • email

      public Optional<String> email()
      Email claim.
      Returns:
      email or empty if claim is not defined
    • emailVerified

      public Optional<Boolean> emailVerified()
      Email verified claim.
      Returns:
      email verified or empty if claim is not defined
    • fullName

      public Optional<String> fullName()
      Full name claim.
      Returns:
      full name or empty if claim is not defined
    • givenName

      public Optional<String> givenName()
      Given name claim.
      Returns:
      given name or empty if claim is not defined
    • middleName

      public Optional<String> middleName()
      Middle name claim.
      Returns:
      middle name or empty if claim is not defined
    • familyName

      public Optional<String> familyName()
      Family name claim.
      Returns:
      family name or empty if claim is not defined
    • locale

      public Optional<Locale> locale()
      Locale claim.
      Returns:
      locale or empty if claim is not defined
    • nickname

      public Optional<String> nickname()
      Nickname claim.
      Returns:
      nickname or empty if claim is not defined
    • preferredUsername

      public Optional<String> preferredUsername()
      Preferred username claim.
      Returns:
      preferred username or empty if claim is not defined
    • profile

      public Optional<URI> profile()
      Profile URI claim.
      Returns:
      profile URI or empty if claim is not defined
    • picture

      public Optional<URI> picture()
      Picture URI claim.
      Returns:
      picture URI or empty if claim is not defined
    • website

      public Optional<URI> website()
      Website URI claim.
      Returns:
      website URI or empty if claim is not defined
    • gender

      public Optional<String> gender()
      Gender claim.
      Returns:
      gender or empty if claim is not defined
    • birthday

      public Optional<LocalDate> birthday()
      Birthday claim.
      Returns:
      birthday or empty if claim is not defined
    • timeZone

      public Optional<ZoneId> timeZone()
      Time Zone claim.
      Returns:
      time zone or empty if claim is not defined
    • phoneNumber

      public Optional<String> phoneNumber()
      Phone number claim.
      Returns:
      phone number or empty if claim is not defined
    • phoneNumberVerified

      public Optional<Boolean> phoneNumberVerified()
      Phone number verified claim.
      Returns:
      phone number verified or empty if claim is not defined
    • updatedAt

      public Optional<Instant> updatedAt()
      Updated at claim.
      Returns:
      updated at or empty if claim is not defined
    • address

      public Optional<JwtUtil.Address> address()
      Address claim.
      Returns:
      address or empty if claim is not defined
    • atHash

      public Optional<byte[]> atHash()
      AtHash claim.
      Returns:
      atHash or empty if claim is not defined
    • cHash

      public Optional<byte[]> cHash()
      CHash claim.
      Returns:
      cHash or empty if claim is not defined
    • nonce

      public Optional<String> nonce()
      Nonce claim.
      Returns:
      nonce or empty if claim is not defined
    • headerJson

      public JsonObject headerJson()
      Create a JSON header object.
      Returns:
      JsonObject for header
    • payloadJson

      public JsonObject payloadJson()
      Create a JSON payload object.
      Returns:
      JsonObject for payload
    • validate

      @Deprecated(since="4.0.10", forRemoval=true) public Errors validate(List<Validator<Jwt>> validators)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Validate this JWT against provided validators.

      This method does not work properly upon validation of the crit JWT header.

      Parameters:
      validators - Validators to validate with. Obtain them through (e.g.) defaultTimeValidators() , addAudienceValidator(Collection, String, boolean) , addIssuerValidator(Collection, String, boolean)
      Returns:
      errors instance to check if valid and access error messages
    • validate

      @Deprecated(since="4.0.10", forRemoval=true) public Errors validate(String issuer, String audience)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Validates all default values. Values validated:
      Parameters:
      issuer - validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory
      audience - validates that this JWT was issued for this audience. Setting this to non-null value will make audience claim mandatory
      Returns:
      errors instance to check for validation result
    • validate

      @Deprecated(since="4.0.10", forRemoval=true) public Errors validate(String issuer, String audience, boolean checkAudience)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Validates all default values. Values validated: validate(String, Set, boolean)
      Parameters:
      issuer - validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory
      audience - validates that this JWT was issued for this audience. Setting this to non-null value will make audience claim mandatory
      checkAudience - whether audience claim validation should be executed
      Returns:
      errors instance to check for validation result
    • validate

      @Deprecated(since="4.0.10", forRemoval=true) public Errors validate(String issuer, Set<String> audience, boolean checkAudience)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Validates all default values. Values validated:
      Parameters:
      issuer - validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory
      audience - validates that this JWT was issued for this audience. Setting this to non-null value and with any non-null value in the Set will make audience claim mandatory
      checkAudience - whether audience claim validation should be executed
      Returns:
      errors instance to check for validation result
    • validate

      @Deprecated(since="4.0.10", forRemoval=true) public Errors validate(String issuer, Set<String> audience)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Validates all default values. Audience claim check is not mandatory. Values validated: validate(String, Set, boolean)
      Parameters:
      issuer - validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory
      audience - validates that this JWT was issued for this audience. Setting this to non-null value and with any non-null value in the Set will make audience claim mandatory
      Returns:
      errors instance to check for validation result
    • addUserPrincipalValidator

      @Deprecated(since="4.0.10", forRemoval=true) public static void addUserPrincipalValidator(Collection<Validator<Jwt>> validators)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Adds a validator that makes sure the userPrincipal() is present.
      Parameters:
      validators - validator collection to update