Package com.google.crypto.tink.jwt

Class VerifiedJwt

  • @Immutable
public final class VerifiedJwt
extends java.lang.Object
    A decoded and verified JSON Web Token (JWT).

    A new instance of this class is returned as the result of a sucessfully verification of a MACed or signed compact JWT.

    It gives read-only access all payload claims and a subset of the headers. It does not contain any headers that depend on the key, such as "alg" or "kid". These headers are checked when the signature is verified and should not be read by the user. This ensures that the key can be changed without any changes to the user code.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.util.Set<java.lang.String> customClaimNames()
      Returns all non-registered claim names.
      java.util.List<java.lang.String> getAudiences()
      Returns the aud claim identifying the principals that are the audience of the JWT.
      java.lang.Boolean getBooleanClaim​(java.lang.String name)
      Returns the non-registered claim of name name and type Boolean.
      java.time.Instant getExpiration()
      Returns the expiration time claim exp that identifies the instant on or after which the token MUST NOT be accepted for processing.
      java.time.Instant getIssuedAt()
      Returns the issued at time claim iat that identifies the instant at which the JWT was issued.
      java.lang.String getIssuer()
      Returns the iss claim that identifies the principal that issued the JWT.
      java.lang.String getJsonArrayClaim​(java.lang.String name)
      Returns the non-registered claim of name name and type JSON Array encoded in a string.
      java.lang.String getJsonObjectClaim​(java.lang.String name)
      Returns the non-registered claim of name name and type JSON Object encoded in a string.
      java.lang.String getJwtId()
      Returns the jti claim that provides a unique identifier for the JWT.
      java.time.Instant getNotBefore()
      Returns the not before claim nbf that identifies the instant before which the token MUST NOT be accepted for processing.
      java.lang.Double getNumberClaim​(java.lang.String name)
      Returns the non-registered claim of name name and type Number.
      java.lang.String getStringClaim​(java.lang.String name)
      Returns the non-registered claim of name name and type String.
      java.lang.String getSubject()
      Returns the sub claim identifying the principal that is the subject of the JWT.
      java.lang.String getTypeHeader()
      Returns the typ header value.
      boolean hasAudiences()
      Returns true iff the aud claim is present.
      boolean hasBooleanClaim​(java.lang.String name)
      Returns true iff a non-registered claim of name name and type boolean is present.
      boolean hasExpiration()
      Returns true iff the exp claim is present.
      boolean hasIssuedAt()
      Returns true iff the iat claim is present.
      boolean hasIssuer()
      Returns true iff the iss claim is present.
      boolean hasJsonArrayClaim​(java.lang.String name)
      Returns true iff a non-registered claim of name name and type JsonArray is present.
      boolean hasJsonObjectClaim​(java.lang.String name)
      Returns true iff a non-registered claim of name name and type JsonObject is present.
      boolean hasJwtId()
      Returns true iff the jti claim is present.
      boolean hasNotBefore()
      Returns true iff the nbf claim is present.
      boolean hasNumberClaim​(java.lang.String name)
      Returns true iff a non-registered claim of name name and type number is present.
      boolean hasStringClaim​(java.lang.String name)
      Returns true iff a non-registered claim of name name and type string is present.
      boolean hasSubject()
      Returns true iff the sub claim is present.
      boolean hasTypeHeader()
      Returns true iff the typ header is present.
      boolean isNullClaim​(java.lang.String name)
      Returns true iff there is a non-registered claim of name name and type NULL.
      java.lang.String toString()
      Returns a brief description of a VerifiedJwt object.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    • Method Detail

      • getTypeHeader

        public java.lang.String getTypeHeader()
                               throws JwtInvalidException
        Returns the typ header value. Throws a JwtInvalidException if header is not present.
        Throws:
        JwtInvalidException

      • hasTypeHeader

        public boolean hasTypeHeader()
        Returns true iff the typ header is present.

      • getIssuer

        public java.lang.String getIssuer()
                           throws JwtInvalidException
        Returns the iss claim that identifies the principal that issued the JWT. Throws a JwtInvalidException if no such claim is present.
        Throws:
        JwtInvalidException

      • hasIssuer

        public boolean hasIssuer()
        Returns true iff the iss claim is present.

      • getSubject

        public java.lang.String getSubject()
                            throws JwtInvalidException
        Returns the sub claim identifying the principal that is the subject of the JWT. Throws a JwtInvalidException if no such claim is present.
        Throws:
        JwtInvalidException

      • hasSubject

        public boolean hasSubject()
        Returns true iff the sub claim is present.

      • getAudiences

        public java.util.List<java.lang.String> getAudiences()
                                              throws JwtInvalidException
        Returns the aud claim identifying the principals that are the audience of the JWT. Throws a JwtInvalidException if no such claim is present.
        Throws:
        JwtInvalidException

      • hasAudiences

        public boolean hasAudiences()
        Returns true iff the aud claim is present.

      • getJwtId

        public java.lang.String getJwtId()
                          throws JwtInvalidException
        Returns the jti claim that provides a unique identifier for the JWT. Throws a JwtInvalidException if no such claim is present.
        Throws:
        JwtInvalidException

      • hasJwtId

        public boolean hasJwtId()
        Returns true iff the jti claim is present.

      • getExpiration

        public java.time.Instant getExpiration()
                                throws JwtInvalidException
        Returns the expiration time claim exp that identifies the instant on or after which the token MUST NOT be accepted for processing. Throws a JwtInvalidException if no such claim is present.

        This API requires Instant which is unavailable on Android until API level 26. To use it on older Android devices, enable API desugaring as shown in https://developer.android.com/studio/write/java8-support#library-desugaring.

        Throws:
        JwtInvalidException

      • hasExpiration

        public boolean hasExpiration()
        Returns true iff the exp claim is present.

      • getNotBefore

        public java.time.Instant getNotBefore()
                               throws JwtInvalidException
        Returns the not before claim nbf that identifies the instant before which the token MUST NOT be accepted for processing. Throws a JwtInvalidException if no such claim is present.

        This API requires Instant which is unavailable on Android until API level 26. To use it on older Android devices, enable API desugaring as shown in https://developer.android.com/studio/write/java8-support#library-desugaring.

        Throws:
        JwtInvalidException

      • hasNotBefore

        public boolean hasNotBefore()
        Returns true iff the nbf claim is present.

      • getIssuedAt

        public java.time.Instant getIssuedAt()
                              throws JwtInvalidException
        Returns the issued at time claim iat that identifies the instant at which the JWT was issued. Throws a JwtInvalidException if no such claim is present.

        This API requires Instant which is unavailable on Android until API level 26. To use it on older Android devices, enable API desugaring as shown in https://developer.android.com/studio/write/java8-support#library-desugaring.

        Throws:
        JwtInvalidException

      • hasIssuedAt

        public boolean hasIssuedAt()
        Returns true iff the iat claim is present.

      • getBooleanClaim

        public java.lang.Boolean getBooleanClaim​(java.lang.String name)
                                  throws JwtInvalidException
        Returns the non-registered claim of name name and type Boolean. Throws a JwtInvalidException if no such claim is present or the claim has another type.
        Throws:
        JwtInvalidException

      • getNumberClaim

        public java.lang.Double getNumberClaim​(java.lang.String name)
                                throws JwtInvalidException
        Returns the non-registered claim of name name and type Number. Throws a JwtInvalidException if no such claim is present or the claim has another type.
        Throws:
        JwtInvalidException

      • getStringClaim

        public java.lang.String getStringClaim​(java.lang.String name)
                                throws JwtInvalidException
        Returns the non-registered claim of name name and type String. Throws a JwtInvalidException if no such claim is present or the claim has another type.
        Throws:
        JwtInvalidException

      • isNullClaim

        public boolean isNullClaim​(java.lang.String name)
        Returns true iff there is a non-registered claim of name name and type NULL.

      • getJsonObjectClaim

        public java.lang.String getJsonObjectClaim​(java.lang.String name)
                                    throws JwtInvalidException
        Returns the non-registered claim of name name and type JSON Object encoded in a string. Throws a JwtInvalidException if no such claim is present or the claim has another type.
        Throws:
        JwtInvalidException

      • getJsonArrayClaim

        public java.lang.String getJsonArrayClaim​(java.lang.String name)
                                   throws JwtInvalidException
        Returns the non-registered claim of name name and type JSON Array encoded in a string. Throws a JwtInvalidException if no such claim is present or the claim has another type.
        Throws:
        JwtInvalidException

      • hasBooleanClaim

        public boolean hasBooleanClaim​(java.lang.String name)
        Returns true iff a non-registered claim of name name and type boolean is present.

      • hasNumberClaim

        public boolean hasNumberClaim​(java.lang.String name)
        Returns true iff a non-registered claim of name name and type number is present.

      • hasStringClaim

        public boolean hasStringClaim​(java.lang.String name)
        Returns true iff a non-registered claim of name name and type string is present.

      • hasJsonObjectClaim

        public boolean hasJsonObjectClaim​(java.lang.String name)
        Returns true iff a non-registered claim of name name and type JsonObject is present.

      • hasJsonArrayClaim

        public boolean hasJsonArrayClaim​(java.lang.String name)
        Returns true iff a non-registered claim of name name and type JsonArray is present.

      • customClaimNames

        public java.util.Set<java.lang.String> customClaimNames()
        Returns all non-registered claim names.

      • toString

        public java.lang.String toString()
        Returns a brief description of a VerifiedJwt object. The exact details of the representation are unspecified and subject to change.
        Overrides:
        toString in class java.lang.Object