Package io.helidon.security.jwt

Class Jwt

java.lang.Object

io.helidon.security.jwt.Jwt

public class Jwt
extends Object

JWT token.

Representation of a JSON web token (a generic one).

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	Jwt.Builder	Builder of a Jwt.
static class	Jwt.ExpirationValidator	Validator of expiration claim.
static class	Jwt.FieldValidator	Validator of a string field obtained from a JWT.
static class	Jwt.IssueTimeValidator	Validator of issue time claim.
static class	Jwt.NotBeforeValidator	Validator of not before claim.

Constructor Summary

Constructors

Constructor	Description
Jwt(javax.json.JsonObject headerJson, javax.json.JsonObject payloadJson)	Create a token based on json.

Method Summary

Modifier and Type	Method	Description
static void	addAudienceValidator(Collection<Validator<Jwt>> validators, String audience, boolean mandatory)	Add validator of audience to the collection of validators.
static void	addIssuerValidator(Collection<Validator<Jwt>> validators, String issuer, boolean mandatory)	Add validator of issuer to the collection of validators.
static Jwt.Builder	builder()	Get a builder to create a JWT.
static List<Validator<Jwt>>	defaultTimeValidators()	Return a list of validators to validate expiration time, issue time and not-before time.
static List<Validator<Jwt>>	defaultTimeValidators(Instant now, int timeSkewAmount, ChronoUnit timeSkewUnit, boolean mandatory)	Return a list of validators to validate expiration time, issue time and not-before time.
Optional<JwtUtil.Address>	getAddress()
Optional<String>	getAlgorithm()
Optional<byte[]>	getAtHash()
Optional<List<String>>	getAudience()
Optional<LocalDate>	getBirthday()
Optional<byte[]>	getCHash()
Optional<String>	getContentType()
Optional<String>	getEmail()
Optional<Boolean>	getEmailVerified()
Optional<Instant>	getExpirationTime()
Optional<String>	getFamilyName()
Optional<String>	getFullName()
Optional<String>	getGender()
Optional<String>	getGivenName()
Optional<javax.json.JsonValue>	getHeaderClaim(String claim)	Get a claim by its name from header.
javax.json.JsonObject	getHeaderJson()	Create a JSON header object.
Optional<String>	getIssuer()
Optional<Instant>	getIssueTime()
Optional<String>	getJwtId()
Optional<String>	getKeyId()
Optional<Locale>	getLocale()
Optional<String>	getMiddleName()
Optional<String>	getNickname()
Optional<String>	getNonce()
Optional<Instant>	getNotBefore()
Optional<javax.json.JsonValue>	getPayloadClaim(String claim)	Get a claim by its name from payload.
Map<String,javax.json.JsonValue>	getPayloadClaims()
javax.json.JsonObject	getPayloadJson()	Create a JSON payload object.
Optional<String>	getPhoneNumber()
Optional<Boolean>	getPhoneNumberVerified()
Optional<URI>	getPicture()
Optional<String>	getPreferredUsername()
Optional<URI>	getProfile()
Optional<List<String>>	getScopes()
Optional<String>	getSubject()
Optional<ZoneId>	getTimeZone()
Optional<String>	getType()
Optional<Instant>	getUpdatedAt()
Optional<URI>	getWebsite()
Errors	validate(String issuer, String audience)	Validates all default values.
Errors	validate(List<Validator<Jwt>> validators)	Validate this JWT against provided validators.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Jwt

public Jwt(javax.json.JsonObject headerJson,
           javax.json.JsonObject payloadJson)

Create a token based on json.

Parameters:

headerJson - headers

payloadJson - payload

Method Detail

defaultTimeValidators

public static List<Validator<Jwt>> defaultTimeValidators()

Return a list of validators to validate expiration time, issue time and not-before time. By default the time skew allowed is 5 seconds and all fields are optional.

Returns:

list of validators

defaultTimeValidators

public static List<Validator<Jwt>> defaultTimeValidators(Instant now,
                                                         int timeSkewAmount,
                                                         ChronoUnit timeSkewUnit,
                                                         boolean mandatory)

Return a list of validators to validate expiration time, issue time and not-before time.

Parameters:

now - Time that acts as the "now" instant (this allows us to validate if a token was valid at an instant in the past

timeSkewAmount - time skew allowed when validating (amount - such as 5)

timeSkewUnit - time skew allowed when validating (unit - such as ChronoUnit.SECONDS)

mandatory - whether the field is mandatory. True for mandatory, false for optional (for all default time validators)

Returns:

list of validators

addIssuerValidator

public static void addIssuerValidator(Collection<Validator<Jwt>> validators,
                                      String issuer,
                                      boolean mandatory)

Add validator of issuer to the collection of validators.

Parameters:

validators - collection of validators

issuer - issuer expected to be in the token

mandatory - whether issuer field is mandatory in the token (true - mandatory, false - optional)

addAudienceValidator

public static void addAudienceValidator(Collection<Validator<Jwt>> validators,
                                        String audience,
                                        boolean mandatory)

Add validator of audience to the collection of validators.

Parameters:

validators - collection of validators

audience - audience expected to be in the token

mandatory - whether the audience field is mandatory in the token

builder

public static Jwt.Builder builder()

Get a builder to create a JWT.

Returns:

new builder

getScopes

public Optional<List<String>> getScopes()

getHeaderClaim

public Optional<javax.json.JsonValue> getHeaderClaim(String claim)

Get a claim by its name from header.

Parameters:

claim - name of a claim

Returns:

claim value if present

getPayloadClaim

public Optional<javax.json.JsonValue> getPayloadClaim(String claim)

Get a claim by its name from payload.

Parameters:

claim - name of a claim

Returns:

claim value if present

getPayloadClaims

public Map<String,javax.json.JsonValue> getPayloadClaims()

getAlgorithm

public Optional<String> getAlgorithm()

getKeyId

public Optional<String> getKeyId()

getType

public Optional<String> getType()

getContentType

public Optional<String> getContentType()

getIssuer

public Optional<String> getIssuer()

getExpirationTime

public Optional<Instant> getExpirationTime()

getIssueTime

public Optional<Instant> getIssueTime()

getNotBefore

public Optional<Instant> getNotBefore()

getSubject

public Optional<String> getSubject()

getAudience

public Optional<List<String>> getAudience()

getJwtId

public Optional<String> getJwtId()

getEmail

public Optional<String> getEmail()

getEmailVerified

public Optional<Boolean> getEmailVerified()

getFullName

public Optional<String> getFullName()

getGivenName

public Optional<String> getGivenName()

getMiddleName

public Optional<String> getMiddleName()

getFamilyName

public Optional<String> getFamilyName()

getLocale

public Optional<Locale> getLocale()

getNickname

public Optional<String> getNickname()

getPreferredUsername

public Optional<String> getPreferredUsername()

getProfile

public Optional<URI> getProfile()

getPicture

public Optional<URI> getPicture()

getWebsite

public Optional<URI> getWebsite()

getGender

public Optional<String> getGender()

getBirthday

public Optional<LocalDate> getBirthday()

getTimeZone

public Optional<ZoneId> getTimeZone()

getPhoneNumber

public Optional<String> getPhoneNumber()

getPhoneNumberVerified

public Optional<Boolean> getPhoneNumberVerified()

getUpdatedAt

public Optional<Instant> getUpdatedAt()

getAddress

public Optional<JwtUtil.Address> getAddress()

getAtHash

public Optional<byte[]> getAtHash()

getCHash

public Optional<byte[]> getCHash()

getNonce

public Optional<String> getNonce()

getHeaderJson

public javax.json.JsonObject getHeaderJson()

Create a JSON header object.

Returns:

JsonObject for header

getPayloadJson

public javax.json.JsonObject getPayloadJson()

Create a JSON payload object.

Returns:

JsonObject for payload

validate

public Errors validate(List<Validator<Jwt>> validators)

Validate this JWT against provided validators.

Parameters:

validators - Validators to validate with. Obtain them through (e.g.) defaultTimeValidators() , addAudienceValidator(Collection, String, boolean) , addIssuerValidator(Collection, String, boolean)

Returns:

errors instance to check if valid and access error messages

validate

public Errors validate(String issuer,
                       String audience)

Validates all default values. Values validated:

• Expiration time if defined
• Issue time if defined
• Not before time if defined
• getIssuer() Issuer} if defined
• Audience if defined

Parameters:

issuer - validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory

audience - validates that this JWT was issued for this audience. Setting this to non-null value will make audience claim mandatory

Returns:

errors instance to check for validation result