public class FirebaseJwtTokenDecoder extends Object implements org.springframework.security.oauth2.jwt.JwtDecoder
Jwt token.
This decoder downloads public keys from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com.
Keys are rotated often, and expiration date is returned as part of a Cache-Control max-age header.
The keys are cached locally and only refreshed when the expiration time is past.
Besides using the RSA keys to validate the token signature, this decoder also uses a pre=configured DelegatingOAuth2TokenValidator
to validate all the claims.
The following validators are used by this class:
JwtTimestampValidator - Validates the expiration date of the Token
JwtIssuerValidator - Validates the iss claim header
FirebaseTokenValidator - Validates all other headers according to definition at https://firebase.google.com/docs/auth/admin/verify-id-tokens| Constructor and Description |
|---|
FirebaseJwtTokenDecoder(org.springframework.web.client.RestOperations restClient,
String googlePublicKeysEndpoint,
org.springframework.security.oauth2.core.OAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt> tokenValidator) |
| Modifier and Type | Method and Description |
|---|---|
org.springframework.security.oauth2.jwt.Jwt |
decode(String token) |
public FirebaseJwtTokenDecoder(org.springframework.web.client.RestOperations restClient,
String googlePublicKeysEndpoint,
org.springframework.security.oauth2.core.OAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt> tokenValidator)
public org.springframework.security.oauth2.jwt.Jwt decode(String token) throws org.springframework.security.oauth2.jwt.JwtException
decode in interface org.springframework.security.oauth2.jwt.JwtDecoderorg.springframework.security.oauth2.jwt.JwtExceptionCopyright © 2020 Pivotal Software, Inc.. All rights reserved.