@Beta
public class GoogleIdTokenVerifier
extends com.google.api.client.auth.openidconnect.IdTokenVerifier
Beta
Call IdTokenVerifier.verify(IdToken)
to verify a ID token. Use the constructor
GoogleIdTokenVerifier(HttpTransport, JsonFactory)
for the typical simpler case if your
application has only a single instance of GoogleIdTokenVerifier
. Otherwise, ideally you
should use GoogleIdTokenVerifier(GooglePublicKeysManager)
with a shared global instance
of the GooglePublicKeysManager
since that way the Google public keys are cached. Sample
usage:
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory) .setAudience(Arrays.asList("myClientId")) .build(); ... if (!verifier.verify(googleIdToken)) {...}
Modifier and Type | Class and Description |
---|---|
static class |
GoogleIdTokenVerifier.Builder
|
Modifier | Constructor and Description |
---|---|
protected |
GoogleIdTokenVerifier(GoogleIdTokenVerifier.Builder builder) |
|
GoogleIdTokenVerifier(GooglePublicKeysManager publicKeys) |
|
GoogleIdTokenVerifier(com.google.api.client.http.HttpTransport transport,
com.google.api.client.json.JsonFactory jsonFactory) |
Modifier and Type | Method and Description |
---|---|
long |
getExpirationTimeMilliseconds()
Deprecated.
(scheduled to be removed in 1.18) Use
getPublicKeysManager() and
GooglePublicKeysManager.getExpirationTimeMilliseconds() instead. |
com.google.api.client.json.JsonFactory |
getJsonFactory()
Returns the JSON factory.
|
String |
getPublicCertsEncodedUrl()
Deprecated.
(scheduled to be removed in 1.18) Use
getPublicKeysManager() and
GooglePublicKeysManager.getPublicCertsEncodedUrl() instead. |
List<PublicKey> |
getPublicKeys()
Deprecated.
(scheduled to be removed in 1.18) Use
getPublicKeysManager() and
GooglePublicKeysManager.getPublicKeys() instead. |
GooglePublicKeysManager |
getPublicKeysManager()
Returns the Google public keys manager.
|
com.google.api.client.http.HttpTransport |
getTransport()
Returns the HTTP transport.
|
GoogleIdTokenVerifier |
loadPublicCerts()
Deprecated.
(scheduled to be removed in 1.18) Use
getPublicKeysManager() and
GooglePublicKeysManager.refresh() instead. |
boolean |
verify(GoogleIdToken googleIdToken)
Verifies that the given ID token is valid using the cached public keys.
|
GoogleIdToken |
verify(String idTokenString)
Verifies that the given ID token is valid using
verify(GoogleIdToken) and returns the
ID token if succeeded. |
public GoogleIdTokenVerifier(com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory)
transport
- HTTP transportjsonFactory
- JSON factorypublic GoogleIdTokenVerifier(GooglePublicKeysManager publicKeys)
publicKeys
- Google public keys managerprotected GoogleIdTokenVerifier(GoogleIdTokenVerifier.Builder builder)
builder
- builderpublic final GooglePublicKeysManager getPublicKeysManager()
public final com.google.api.client.http.HttpTransport getTransport()
public final com.google.api.client.json.JsonFactory getJsonFactory()
@Deprecated public final String getPublicCertsEncodedUrl()
getPublicKeysManager()
and
GooglePublicKeysManager.getPublicCertsEncodedUrl()
instead.@Deprecated public final List<PublicKey> getPublicKeys() throws GeneralSecurityException, IOException
getPublicKeysManager()
and
GooglePublicKeysManager.getPublicKeys()
instead.
Upgrade warning: in prior version 1.16 it may return null
and not throw any exceptions,
but starting with version 1.17 it cannot return null
and may throw
GeneralSecurityException
or IOException
.
GeneralSecurityException
IOException
@Deprecated public final long getExpirationTimeMilliseconds()
getPublicKeysManager()
and
GooglePublicKeysManager.getExpirationTimeMilliseconds()
instead.Clock.currentTimeMillis()
or 0
for none.public boolean verify(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException
"accounts.google.com"
or "https://accounts.google.com"
.googleIdToken
- Google ID tokentrue
if verified successfully or false
if failedGeneralSecurityException
IOException
public GoogleIdToken verify(String idTokenString) throws GeneralSecurityException, IOException
verify(GoogleIdToken)
and returns the
ID token if succeeded.idTokenString
- Google ID token stringnull
if failedGeneralSecurityException
IOException
@Deprecated public GoogleIdTokenVerifier loadPublicCerts() throws GeneralSecurityException, IOException
getPublicKeysManager()
and
GooglePublicKeysManager.refresh()
instead.getPublicCertsEncodedUrl()
.
This method is automatically called if the public keys have not yet been initialized or if the expiration time is very close, so normally this doesn't need to be called. Only call this method explicitly to force the public keys to be updated.
GeneralSecurityException
IOException
Copyright © 2010–2019 Google. All rights reserved.