Package io.helidon.security.jwt

Class Jwt.Builder

java.lang.Object

io.helidon.security.jwt.Jwt.Builder

All Implemented Interfaces:

Builder<Jwt>, Supplier<Jwt>

Enclosing class:

Jwt

public static final class Jwt.Builder
extends Object
implements Builder<Jwt>

Builder of a Jwt.

Method Summary

Modifier and Type	Method and Description
Jwt.Builder	addHeaderClaim(String claim, Object value) Add a generic header claim.
Jwt.Builder	addPayloadClaim(String claim, Object value) Add a generic payload claim.
Jwt.Builder	address(JwtUtil.Address address) Address of the subject.
Jwt.Builder	addScope(String scope) OAuth2 scope claim to add.
Jwt.Builder	addUserGroup(String group) A user group claim to add.
Jwt.Builder	algorithm(String algorithm) The "alg" claim is used to define the signature algorithm.
Jwt.Builder	atHash(byte[] atHash) Access Token hash value.
Jwt.Builder	audience(String audience) Audience identifies the expected recipients of this JWT (optional).
Jwt.Builder	birthday(LocalDate birthday) Birthday of the subject.
Jwt	build() Build and instance of the Jwt.
Jwt.Builder	cHash(byte[] cHash) Code hash value.
Jwt.Builder	contentType(String contentType) This header claim should only be used when nesting or encrypting JWT.
Jwt.Builder	email(String email) Email claim.
Jwt.Builder	emailVerified(Boolean emailVerified) Claim defining whether e-mail is verified or not.
Jwt.Builder	expirationTime(Instant expirationTime) The expiration time defines the time that this JWT loses validity.
Jwt.Builder	familyName(String familyName) Family name of subject (surname).
Jwt.Builder	fullName(String fullName) Full name of subject.
Jwt.Builder	gender(String gender) Gender of the subject.
Jwt.Builder	givenName(String givenName) Given name of subject (first name).
Jwt.Builder	issuer(String issuer) The issuer claim identifies the principal that issued the JWT.
Jwt.Builder	issueTime(Instant issueTime) The issue time defines the time that this JWT was issued.
Jwt.Builder	jwtId(String jwtId) A unique identifier of this JWT (optional) - must be unique across issuers.
Jwt.Builder	keyId(String keyId) Key id to be used to sign/verify this JWT.
Jwt.Builder	locale(Locale locale) Locale of the subject.
Jwt.Builder	middleName(String middleName) Middle name of subject.
Jwt.Builder	nickname(String nickname) Nickname of the subject.
Jwt.Builder	nonce(String nonce) Nonce value is used to prevent replay attacks and must be returned if it was sent in authentication request.
Jwt.Builder	notBefore(Instant notBefore) The not before time defines the time that this JWT starts being valid.
Jwt.Builder	phoneNumber(String phoneNumber) Phone number of the subject.
Jwt.Builder	phoneNumberVerified(Boolean phoneNumberVerified) Whether the phone number is verified or not.
Jwt.Builder	picture(URI picture) Profile picture URI of the subject.
Jwt.Builder	preferredUsername(String preferredUsername) Preferred username of the subject.
Jwt.Builder	profile(URI profile) Profile URI of the subject.
Jwt.Builder	removePayloadClaim(String name) Remove a payload claim by its name.
Jwt.Builder	scopes(List<String> scopes) OAuth2 scope claims to set.
Jwt.Builder	subject(String subject) Subject defines the principal this JWT was issued for (e.g.
Jwt.Builder	timeZone(ZoneId timeZone) Time zone of the subject.
Jwt.Builder	type(String type) Type of this JWT.
Jwt.Builder	updatedAt(Instant updatedAt) Last time the subject's record was updated.
Jwt.Builder	userPrincipal(String principal) User principal claim as defined by Microprofile JWT Auth spec.
Jwt.Builder	website(URI website) Website URI of the subject.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.common.Builder

get

Method Detail

keyId

public Jwt.Builder keyId(String keyId)

Key id to be used to sign/verify this JWT.

Parameters:

keyId - key id (pointing to a JWK)

Returns:

updated builder instance

type

public Jwt.Builder type(String type)

Type of this JWT.

Parameters:

type - type definition (JWT, JWE)

Returns:

updated builder instance

scopes

public Jwt.Builder scopes(List<String> scopes)

OAuth2 scope claims to set.

Parameters:

scopes - scope claims to add to a JWT

Returns:

update builder instance

addScope

public Jwt.Builder addScope(String scope)

OAuth2 scope claim to add.

Parameters:

scope - scope claim to add to a JWT

Returns:

updated builder instance

addUserGroup

public Jwt.Builder addUserGroup(String group)

A user group claim to add. Based on Microprofile JWT Auth specification, uses claim "groups".

Parameters:

group - group name to add to the list of groups

Returns:

updated builder instance

contentType

public Jwt.Builder contentType(String contentType)

This header claim should only be used when nesting or encrypting JWT. See RFC 7519, section 5.2.

Parameters:

contentType - content type to use, use "JWT" if nested

Returns:

updated builder instance

addHeaderClaim

public Jwt.Builder addHeaderClaim(String claim,
                                  Object value)

Add a generic header claim.

Parameters:

claim - claim to add

value - value of the header claim

Returns:

updated builder instance

addPayloadClaim

public Jwt.Builder addPayloadClaim(String claim,
                                   Object value)

Add a generic payload claim.

Parameters:

claim - claim to add

value - value of the payload claim

Returns:

updated builder instance

algorithm

public Jwt.Builder algorithm(String algorithm)

The "alg" claim is used to define the signature algorithm. Note that this algorithm should be the same as is supported by the JWK used to sign (or verify) the JWT.

Parameters:

algorithm - algorithm to use, Jwk.ALG_NONE for none

Returns:

updated builder instance

issuer

public Jwt.Builder issuer(String issuer)

The issuer claim identifies the principal that issued the JWT. See RFC 7519, section 4.1.1.

Parameters:

issuer - issuer name or URL

Returns:

updated builder instance

expirationTime

public Jwt.Builder expirationTime(Instant expirationTime)

The expiration time defines the time that this JWT loses validity. See RFC 7519, section 4.1.4.

Parameters:

expirationTime - when this JWT expires

Returns:

updated builder instance

issueTime

public Jwt.Builder issueTime(Instant issueTime)

The issue time defines the time that this JWT was issued. See RFC 7519, section 4.1.6.

Parameters:

issueTime - when this JWT was created

Returns:

updated builder instance

notBefore

public Jwt.Builder notBefore(Instant notBefore)

The not before time defines the time that this JWT starts being valid. See RFC 7519, section 4.1.5.

Parameters:

notBefore - JWT is not valid before this time

Returns:

updated builder instance

subject

public Jwt.Builder subject(String subject)

Subject defines the principal this JWT was issued for (e.g. user id). See RFC 7519, section 4.1.2.

Parameters:

subject - subject of this JWt

Returns:

updated builder instance

userPrincipal

public Jwt.Builder userPrincipal(String principal)

User principal claim as defined by Microprofile JWT Auth spec. Uses "upn" claim.

Parameters:

principal - name of the principal, falls back to preferredUsername(String) and then to subject(String)

Returns:

updated builder instance

audience

public Jwt.Builder audience(String audience)

Audience identifies the expected recipients of this JWT (optional). Multiple audience may be added See RFC 7519, section 4.1.3.

Parameters:

audience - audience of this JWT

Returns:

updated builder instance

jwtId

public Jwt.Builder jwtId(String jwtId)

A unique identifier of this JWT (optional) - must be unique across issuers. See RFC 7519, section 4.1.7.

Parameters:

jwtId - unique identifier

Returns:

updated builder instance

email

public Jwt.Builder email(String email)

Email claim.

Parameters:

email - email claim for this JWT's subject

Returns:

updated builder instance

emailVerified

public Jwt.Builder emailVerified(Boolean emailVerified)

Claim defining whether e-mail is verified or not.

Parameters:

emailVerified - true if verified

Returns:

updated builder instance

fullName

public Jwt.Builder fullName(String fullName)

Full name of subject.

Parameters:

fullName - full name of the subject

Returns:

updated builder instance

givenName

public Jwt.Builder givenName(String givenName)

Given name of subject (first name).

Parameters:

givenName - given name of the subject

Returns:

updated builder instance

middleName

public Jwt.Builder middleName(String middleName)

Middle name of subject.

Parameters:

middleName - middle name of the subject

Returns:

updated builder instance

familyName

public Jwt.Builder familyName(String familyName)

Family name of subject (surname).

Parameters:

familyName - family name of the subject

Returns:

updated builder instance

locale

public Jwt.Builder locale(Locale locale)

Locale of the subject.

Parameters:

locale - locale to use

Returns:

updated builder instance

nickname

public Jwt.Builder nickname(String nickname)

Nickname of the subject.

Parameters:

nickname - nickname

Returns:

updated builder instance

preferredUsername

public Jwt.Builder preferredUsername(String preferredUsername)

Preferred username of the subject.

Parameters:

preferredUsername - username to view

Returns:

updated builder instance

profile

public Jwt.Builder profile(URI profile)

Profile URI of the subject.

Parameters:

profile - link to profile of subject

Returns:

updated builder instance

picture

public Jwt.Builder picture(URI picture)

Profile picture URI of the subject.

Parameters:

picture - link to picture of subject

Returns:

updated builder instance

website

public Jwt.Builder website(URI website)

Website URI of the subject.

Parameters:

website - link to website of subject

Returns:

updated builder instance

gender

public Jwt.Builder gender(String gender)

Gender of the subject. As this is an extension (e.g. a custom claim) used by some of the issuers, the content may be arbitrary, though base values are male and female.

Parameters:

gender - gender to use

Returns:

updated builder instance

birthday

public Jwt.Builder birthday(LocalDate birthday)

Birthday of the subject.

Parameters:

birthday - birthday

Returns:

updated builder instance

timeZone

public Jwt.Builder timeZone(ZoneId timeZone)

Time zone of the subject.

Parameters:

timeZone - time zone

Returns:

updated builder instance

phoneNumber

public Jwt.Builder phoneNumber(String phoneNumber)

Phone number of the subject.

Parameters:

phoneNumber - phone number

Returns:

updated builder instance

phoneNumberVerified

public Jwt.Builder phoneNumberVerified(Boolean phoneNumberVerified)

Whether the phone number is verified or not.

Parameters:

phoneNumberVerified - true if number is verified

Returns:

updated builder instance

updatedAt

public Jwt.Builder updatedAt(Instant updatedAt)

Last time the subject's record was updated.

Parameters:

updatedAt - instant of update

Returns:

updated builder instance

address

public Jwt.Builder address(JwtUtil.Address address)

Address of the subject.

Parameters:

address - address to use

Returns:

updated builder instance

atHash

public Jwt.Builder atHash(byte[] atHash)

Access Token hash value. Its value is the bytes of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and set them here. If the ID Token is issued from the Authorization Endpoint with an access_token value, which is the case for the response_type value code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL. See OIDC 1.0 section 3.1.3.6.

Parameters:

atHash - hash to use (explicit). If not defined, it will be computed if needed.

Returns:

updated builder instance

cHash

public Jwt.Builder cHash(byte[] cHash)

Code hash value. Its value is the bytes of the left-most half of the hash of the octets of the ASCII representation of the code value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is HS512, hash the code value with SHA-512, then take the left-most 256 bits. If the ID Token is issued from the Authorization Endpoint with a code, which is the case for the response_type values code id_token and code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL.

Parameters:

cHash - hash bytes (explicit). If not defined, it will be computed if needed.

Returns:

updated builder instance

nonce

public Jwt.Builder nonce(String nonce)

Nonce value is used to prevent replay attacks and must be returned if it was sent in authentication request.

Parameters:

nonce - nonce value

Returns:

updated builder instance

build

public Jwt build()

Build and instance of the Jwt.

Specified by:

build in interface Builder<Jwt>

Returns:

a new token instance

removePayloadClaim

public Jwt.Builder removePayloadClaim(String name)

Remove a payload claim by its name.

Parameters:

name - name of the claim to remove

Returns:

updated builder instance