Package io.helidon.security.jwt

Class Jwt

java.lang.Object

io.helidon.security.jwt.Jwt

public class Jwt
extends Object

JWT token.

Representation of a JSON web token (a generic one).

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Jwt.Builder Builder of a Jwt.
static class	Jwt.ExpirationValidator Validator of expiration claim.
static class	Jwt.FieldValidator Validator of a string field obtained from a JWT.
static class	Jwt.IssueTimeValidator Validator of issue time claim.
static class	Jwt.NotBeforeValidator Validator of not before claim.

Method Summary

Modifier and Type	Method and Description
static void	addAudienceValidator(Collection<Validator<Jwt>> validators, String audience, boolean mandatory) Add validator of audience to the collection of validators.
static void	addIssuerValidator(Collection<Validator<Jwt>> validators, String issuer, boolean mandatory) Add validator of issuer to the collection of validators.
Optional<JwtUtil.Address>	address() Address claim.
Optional<String>	algorithm() Algorithm claim.
Optional<byte[]>	atHash() AtHash claim.
Optional<List<String>>	audience() Audience claim.
Optional<LocalDate>	birthday() Birthday claim.
static Jwt.Builder	builder() Get a builder to create a JWT.
Optional<byte[]>	cHash() CHash claim.
Optional<String>	contentType() Content type claim.
static List<Validator<Jwt>>	defaultTimeValidators() Return a list of validators to validate expiration time, issue time and not-before time.
static List<Validator<Jwt>>	defaultTimeValidators(Instant now, int timeSkewAmount, ChronoUnit timeSkewUnit, boolean mandatory) Return a list of validators to validate expiration time, issue time and not-before time.
Optional<String>	email() Email claim.
Optional<Boolean>	emailVerified() Email verified claim.
Optional<Instant>	expirationTime() Expiration time claim.
Optional<String>	familyName() Family name claim.
Optional<String>	fullName() Full name claim.
Optional<String>	gender() Gender claim.
Optional<String>	givenName() Given name claim.
Optional<JsonValue>	headerClaim(String claim) Get a claim by its name from header.
JsonObject	headerJson() Create a JSON header object.
Optional<String>	issuer() Issuer claim.
Optional<Instant>	issueTime() Issue time claim.
Optional<String>	jwtId() Jwt id claim.
Optional<String>	keyId() Key id claim.
Optional<Locale>	locale() Locale claim.
Optional<String>	middleName() Middle name claim.
Optional<String>	nickname() Nickname claim.
Optional<String>	nonce() Nonce claim.
Optional<Instant>	notBefore() Not before claim.
Optional<JsonValue>	payloadClaim(String claim) Get a claim by its name from payload.
Map<String,JsonValue>	payloadClaims() All payload claims in raw json form.
JsonObject	payloadJson() Create a JSON payload object.
Optional<String>	phoneNumber() Phone number claim.
Optional<Boolean>	phoneNumberVerified() Phone number verified claim.
Optional<URI>	picture() Picture URI claim.
Optional<String>	preferredUsername() Preferred username claim.
Optional<URI>	profile() Profile URI claim.
Optional<List<String>>	scopes() Scopes of this token.
Optional<String>	subject() Subject claim.
Optional<ZoneId>	timeZone() Time Zone claim.
Optional<String>	type() Type claim.
Optional<Instant>	updatedAt() Updated at claim.
Optional<List<String>>	userGroups() User groups claim ("groups" from microprofile specification).
Optional<String>	userPrincipal() User principal claim ("upn" from microprofile specification).
Errors	validate(List<Validator<Jwt>> validators) Validate this JWT against provided validators.
Errors	validate(String issuer, String audience) Validates all default values.
Optional<URI>	website() Website URI claim.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

defaultTimeValidators

public static List<Validator<Jwt>> defaultTimeValidators()

Return a list of validators to validate expiration time, issue time and not-before time. By default the time skew allowed is 5 seconds and all fields are optional.

Returns:

list of validators

defaultTimeValidators

public static List<Validator<Jwt>> defaultTimeValidators(Instant now,
                                                         int timeSkewAmount,
                                                         ChronoUnit timeSkewUnit,
                                                         boolean mandatory)

Return a list of validators to validate expiration time, issue time and not-before time.

Parameters:

now - Time that acts as the "now" instant (this allows us to validate if a token was valid at an instant in the past

timeSkewAmount - time skew allowed when validating (amount - such as 5)

timeSkewUnit - time skew allowed when validating (unit - such as ChronoUnit.SECONDS)

mandatory - whether the field is mandatory. True for mandatory, false for optional (for all default time validators)

Returns:

list of validators

addIssuerValidator

public static void addIssuerValidator(Collection<Validator<Jwt>> validators,
                                      String issuer,
                                      boolean mandatory)

Add validator of issuer to the collection of validators.

Parameters:

validators - collection of validators

issuer - issuer expected to be in the token

mandatory - whether issuer field is mandatory in the token (true - mandatory, false - optional)

addAudienceValidator

public static void addAudienceValidator(Collection<Validator<Jwt>> validators,
                                        String audience,
                                        boolean mandatory)

Add validator of audience to the collection of validators.

Parameters:

validators - collection of validators

audience - audience expected to be in the token

mandatory - whether the audience field is mandatory in the token

builder

public static Jwt.Builder builder()

Get a builder to create a JWT.

Returns:

new builder

scopes

public Optional<List<String>> scopes()

Scopes of this token.

Returns:

list of scopes or empty if claim is not defined

headerClaim

public Optional<JsonValue> headerClaim(String claim)

Get a claim by its name from header.

Parameters:

claim - name of a claim

Returns:

claim value if present

payloadClaim

public Optional<JsonValue> payloadClaim(String claim)

Get a claim by its name from payload.

Parameters:

claim - name of a claim

Returns:

claim value if present

payloadClaims

public Map<String,JsonValue> payloadClaims()

All payload claims in raw json form.

Returns:

map of payload names to claims

algorithm

public Optional<String> algorithm()

Algorithm claim.

Returns:

algorithm or empty if claim is not defined

keyId

public Optional<String> keyId()

Key id claim.

Returns:

key id or empty if claim is not defined

type

public Optional<String> type()

Type claim.

Returns:

type or empty if claim is not defined

contentType

public Optional<String> contentType()

Content type claim.

Returns:

content type or empty if claim is not defined

issuer

public Optional<String> issuer()

Issuer claim.

Returns:

Issuer or empty if claim is not defined

expirationTime

public Optional<Instant> expirationTime()

Expiration time claim.

Returns:

expiration time or empty if claim is not defined

issueTime

public Optional<Instant> issueTime()

Issue time claim.

Returns:

issue time or empty if claim is not defined

notBefore

public Optional<Instant> notBefore()

Not before claim.

Returns:

not before or empty if claim is not defined

subject

public Optional<String> subject()

Subject claim.

Returns:

subject or empty if claim is not defined

userPrincipal

public Optional<String> userPrincipal()

User principal claim ("upn" from microprofile specification).

Returns:

user principal or empty if claim is not defined

userGroups

public Optional<List<String>> userGroups()

User groups claim ("groups" from microprofile specification).

Returns:

groups or empty if claim is not defined

audience

public Optional<List<String>> audience()

Audience claim.

Returns:

audience or empty if claim is not defined

jwtId

public Optional<String> jwtId()

Jwt id claim.

Returns:

jwt id or empty if claim is not defined

email

public Optional<String> email()

Email claim.

Returns:

email or empty if claim is not defined

emailVerified

public Optional<Boolean> emailVerified()

Email verified claim.

Returns:

email verified or empty if claim is not defined

fullName

public Optional<String> fullName()

Full name claim.

Returns:

full name or empty if claim is not defined

givenName

public Optional<String> givenName()

Given name claim.

Returns:

given name or empty if claim is not defined

middleName

public Optional<String> middleName()

Middle name claim.

Returns:

middle name or empty if claim is not defined

familyName

public Optional<String> familyName()

Family name claim.

Returns:

family name or empty if claim is not defined

locale

public Optional<Locale> locale()

Locale claim.

Returns:

locale or empty if claim is not defined

nickname

public Optional<String> nickname()

Nickname claim.

Returns:

nickname or empty if claim is not defined

preferredUsername

public Optional<String> preferredUsername()

Preferred username claim.

Returns:

preferred username or empty if claim is not defined

profile

public Optional<URI> profile()

Profile URI claim.

Returns:

profile URI or empty if claim is not defined

picture

public Optional<URI> picture()

Picture URI claim.

Returns:

picture URI or empty if claim is not defined

website

public Optional<URI> website()

Website URI claim.

Returns:

website URI or empty if claim is not defined

gender

public Optional<String> gender()

Gender claim.

Returns:

gender or empty if claim is not defined

birthday

public Optional<LocalDate> birthday()

Birthday claim.

Returns:

birthday or empty if claim is not defined

timeZone

public Optional<ZoneId> timeZone()

Time Zone claim.

Returns:

time zone or empty if claim is not defined

phoneNumber

public Optional<String> phoneNumber()

Phone number claim.

Returns:

phone number or empty if claim is not defined

phoneNumberVerified

public Optional<Boolean> phoneNumberVerified()

Phone number verified claim.

Returns:

phone number verified or empty if claim is not defined

updatedAt

public Optional<Instant> updatedAt()

Updated at claim.

Returns:

updated at or empty if claim is not defined

address

public Optional<JwtUtil.Address> address()

Address claim.

Returns:

address or empty if claim is not defined

atHash

public Optional<byte[]> atHash()

AtHash claim.

Returns:

atHash or empty if claim is not defined

cHash

public Optional<byte[]> cHash()

CHash claim.

Returns:

cHash or empty if claim is not defined

nonce

public Optional<String> nonce()

Nonce claim.

Returns:

nonce or empty if claim is not defined

headerJson

public JsonObject headerJson()

Create a JSON header object.

Returns:

JsonObject for header

payloadJson

public JsonObject payloadJson()

Create a JSON payload object.

Returns:

JsonObject for payload

validate

public Errors validate(List<Validator<Jwt>> validators)

Validate this JWT against provided validators.

Parameters:

validators - Validators to validate with. Obtain them through (e.g.) defaultTimeValidators() , addAudienceValidator(Collection, String, boolean) , addIssuerValidator(Collection, String, boolean)

Returns:

errors instance to check if valid and access error messages

validate

public Errors validate(String issuer,
                       String audience)

Validates all default values. Values validated:

• Expiration time if defined
• Issue time if defined
• Not before time if defined
• issuer() Issuer} if defined
• Audience if defined

Parameters:

issuer - validates that this JWT was issued by this issuer. Setting this to non-null value will make issuer claim mandatory

audience - validates that this JWT was issued for this audience. Setting this to non-null value will make audience claim mandatory

Returns:

errors instance to check for validation result