@Beta public class IdToken extends JsonWebSignature
Beta
Use parse(JsonFactory, String)
to parse an ID token from a string. Then, use the
verify
methods to verify the ID token as required by the specification.
Implementation is not thread-safe.
Modifier and Type | Class and Description |
---|---|
static class |
IdToken.Payload
Beta ID token payload. |
JsonWebSignature.Header, JsonWebSignature.Parser
Constructor and Description |
---|
IdToken(JsonWebSignature.Header header,
IdToken.Payload payload,
byte[] signatureBytes,
byte[] signedContentBytes) |
Modifier and Type | Method and Description |
---|---|
IdToken.Payload |
getPayload() |
static IdToken |
parse(JsonFactory jsonFactory,
String idTokenString)
Parses the given ID token string and returns the parsed ID token.
|
boolean |
verifyAudience(Collection<String> trustedClientIds)
Returns whether the audience in the payload contains only client IDs that are trusted as
specified in step 2 of ID Token
Validation.
|
boolean |
verifyExpirationTime(long currentTimeMillis,
long acceptableTimeSkewSeconds)
Returns whether the
JsonWebToken.Payload.getExpirationTimeSeconds() is valid relative to the current
time, allowing for a clock skew as specified in step 5 of ID Token
Validation. |
boolean |
verifyIssuedAtTime(long currentTimeMillis,
long acceptableTimeSkewSeconds)
Returns whether the
JsonWebToken.Payload.getIssuedAtTimeSeconds() is valid relative to the current
time, allowing for a clock skew as specified in step 6 of ID Token
Validation. |
boolean |
verifyIssuer(Collection<String> expectedIssuer)
Returns whether the issuer in the payload matches the given expected issuer as specified in
step 1 of ID Token
Validation.
|
boolean |
verifyIssuer(String expectedIssuer)
Returns whether the issuer in the payload matches the given expected issuer as specified in
step 1 of ID Token
Validation.
|
boolean |
verifyTime(long currentTimeMillis,
long acceptableTimeSkewSeconds)
Returns whether the
JsonWebToken.Payload.getExpirationTimeSeconds() and JsonWebToken.Payload.getIssuedAtTimeSeconds() are valid relative to the current time, allowing for a clock
skew as specified in steps 5 and 6 of ID Token
Validation. |
getHeader, getSignatureBytes, getSignedContentBytes, parser, signUsingRsaSha256, verifySignature, verifySignature, verifySignature
toString
public IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
header
- headerpayload
- payloadsignatureBytes
- bytes of the signaturesignedContentBytes
- bytes of the signature contentpublic IdToken.Payload getPayload()
getPayload
in class JsonWebToken
public final boolean verifyIssuer(String expectedIssuer)
expectedIssuer
- expected issuerpublic final boolean verifyIssuer(Collection<String> expectedIssuer)
public final boolean verifyAudience(Collection<String> trustedClientIds)
trustedClientIds
- list of trusted client IDspublic final boolean verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
JsonWebToken.Payload.getExpirationTimeSeconds()
and JsonWebToken.Payload.getIssuedAtTimeSeconds()
are valid relative to the current time, allowing for a clock
skew as specified in steps 5 and 6 of ID Token
Validation.currentTimeMillis
- current time in milliseconds (typically System.currentTimeMillis()
)acceptableTimeSkewSeconds
- seconds of acceptable clock skewpublic final boolean verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
JsonWebToken.Payload.getExpirationTimeSeconds()
is valid relative to the current
time, allowing for a clock skew as specified in step 5 of ID Token
Validation.currentTimeMillis
- current time in milliseconds (typically System.currentTimeMillis()
)acceptableTimeSkewSeconds
- seconds of acceptable clock skewpublic final boolean verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
JsonWebToken.Payload.getIssuedAtTimeSeconds()
is valid relative to the current
time, allowing for a clock skew as specified in step 6 of ID Token
Validation.currentTimeMillis
- current time in milliseconds (typically System.currentTimeMillis()
)acceptableTimeSkewSeconds
- seconds of acceptable clock skewpublic static IdToken parse(JsonFactory jsonFactory, String idTokenString) throws IOException
jsonFactory
- JSON factoryidTokenString
- ID token stringIOException
Copyright © 2011–2021 Google. All rights reserved.