com.google.crypto.tink.jwt

Interface JwtMac

@Immutable
public interface JwtMac

Interface for authenticating and verifying JWT with JWS MAC, as described in RFC 7519 and RFC 7515.

Security guarantees: similar to Mac.

Method Summary

Modifier and Type	Method and Description
String	computeMacAndEncode(RawJwt token) Computes a MAC, and encodes the JWT and the MAC in the JWS compact serialization format.
VerifiedJwt	verifyMacAndDecode(String compact, JwtValidator validator) Decodes and verifies a JWT in the JWS compact serialization format.

Method Detail

computeMacAndEncode

String computeMacAndEncode(RawJwt token)
                    throws GeneralSecurityException

Computes a MAC, and encodes the JWT and the MAC in the JWS compact serialization format.

Throws:

GeneralSecurityException

verifyMacAndDecode

VerifiedJwt verifyMacAndDecode(String compact,
                               JwtValidator validator)
                        throws GeneralSecurityException

Decodes and verifies a JWT in the JWS compact serialization format.

The JWT is validated against the rules in validator. That is, every claim in validator must also be present in the JWT. For example, if validator contains an iss claim, the JWT must contain an identical claim. The JWT can contain claims that are NOT in the validator. However, if the JWT contains a list of audiences, the validator must also contain an audience in the list.

If the JWT contains timestamp claims such as exp, iat or nbf, they will also be validated. validator allows to set a clock skew, to deal with small clock differences among different machines.

Throws:

GeneralSecurityException - when the signature of the token could not be verified, the token contains an invalid claim or header, the token has been expired or can't be used yet