public class OAuth2Jwt extends Object
| Modifier and Type | Method and Description |
|---|---|
static OAuth2Jwt |
create(SignedJwt jws)
Creates an
OAuth2Jwt instance from the provided JWT string. |
static OAuth2Jwt |
create(String jwtString)
Creates an
OAuth2Jwt instance from the provided JWT string. |
String |
getIssuer()
Gets the JWT issuer.
|
SignedJwt |
getSignedJwt()
Gets the Signed JWT.
|
String |
getSubject()
Gets the JWT subject.
|
boolean |
isContentValid()
Verifies that the JWT is valid by:
ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims
ensuring the JWT expiry is not unreasonably far in the future
ensuring the JWT has not expired
ensuring the JWT is not being used before its 'not before time'
ensuring the JWT issued at time is not unreasonably far in the past
|
boolean |
isContentValid(boolean includeExpiryCheck)
Verifies that the JWT is valid by:
ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims
ensuring the JWT expiry is not unreasonably far in the future
ensuring the JWT has not expired
ensuring the JWT is not being used before its 'not before time'
ensuring the JWT issued at time is not unreasonably far in the past
|
boolean |
isExpired()
Checks that the JWT has not expired.
|
boolean |
isExpiryUnreasonable()
Checks that the JWT has an unreasonable expiration time.
|
boolean |
isIntendedForAudience(String audience)
Checks that the JWT is intended for the provided audience.
|
boolean |
isValid(SigningHandler signingHandler)
Verifies that the JWT is valid by:
verifying the signature
ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims
ensuring the JWT expiry is not unreasonably far in the future
ensuring the JWT has not expired
ensuring the JWT is not being used before its 'not before time'
ensuring the JWT issued at time is not unreasonably far in the past
|
boolean |
isValid(SigningHandler signingHandler,
boolean includeExpiryCheck)
Verifies that the JWT is valid by:
verifying the signature
ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims
ensuring the JWT expiry is not unreasonably far in the future
optionally ensuring the JWT has not expired
ensuring the JWT is not being used before its 'not before time'
ensuring the JWT issued at time is not unreasonably far in the past
|
public static OAuth2Jwt create(@Nonnull String jwtString)
OAuth2Jwt instance from the provided JWT string.jwtString - The JWT string.OAuth2Jwt instance.public static OAuth2Jwt create(SignedJwt jws)
OAuth2Jwt instance from the provided JWT string.jws - The JWS.OAuth2Jwt instance.public boolean isValid(SigningHandler signingHandler)
signingHandler - The SigningHandler instance to verify the JWT signature with.true if the JWT meets all the expectations.public boolean isValid(SigningHandler signingHandler, boolean includeExpiryCheck)
signingHandler - The SigningHandler instance to verify the JWT signature with.includeExpiryCheck - Whether to also verify that the JWT has not expired.true if the JWT meets all the expectations.public boolean isContentValid()
true if the JWT meets all the expectations.public boolean isContentValid(boolean includeExpiryCheck)
includeExpiryCheck - Whether to include the expiry check in the above.
If set to false, expired JWTs will pass validation.true if the JWT meets all the expectations.public boolean isExpiryUnreasonable()
true if the JWT has expired.public boolean isExpired()
true if the JWT has expired.public boolean isIntendedForAudience(String audience)
audience - The audience.true if the JWT 'audience' claim contains the provided audience.public String getSubject()
public String getIssuer()
public SignedJwt getSignedJwt()
Copyright © 2010-2018, ForgeRock All Rights Reserved.