com.google.crypto.tink.jwt

Class VerifiedJwt

java.lang.Object

com.google.crypto.tink.jwt.VerifiedJwt

@Immutable
public final class VerifiedJwt
extends Object

A decoded and verified JSON Web Token (JWT).

A new instance of this class is returned as the result of a sucessfully verification of a MACed or signed compact JWT.

It gives read-only access all payload claims and a subset of the headers. It does not contain any headers that depend on the key, such as "alg" or "kid". These headers are checked when the signature is verified and should not be read by the user. This ensures that the key can be changed without any changes to the user code.

Method Summary

Modifier and Type	Method and Description
Set<String>	customClaimNames() Returns all non-registered claim names.
List<String>	getAudiences() Returns the aud claim identifying the principals that are the audience of the JWT.
Boolean	getBooleanClaim(String name) Returns the non-registered claim of name name and type Boolean.
Instant	getExpiration() Returns the expiration time claim exp that identifies the instant on or after which the token MUST NOT be accepted for processing.
Instant	getIssuedAt() Returns the issued at time claim iat that identifies the instant at which the JWT was issued.
String	getIssuer() Returns the iss claim that identifies the principal that issued the JWT.
String	getJsonArrayClaim(String name) Returns the non-registered claim of name name and type JSON Array encoded in a string.
String	getJsonObjectClaim(String name) Returns the non-registered claim of name name and type JSON Object encoded in a string.
String	getJwtId() Returns the jti claim that provides a unique identifier for the JWT.
Instant	getNotBefore() Returns the not before claim nbf that identifies the instant before which the token MUST NOT be accepted for processing.
Double	getNumberClaim(String name) Returns the non-registered claim of name name and type Number.
String	getStringClaim(String name) Returns the non-registered claim of name name and type String.
String	getSubject() Returns the sub claim identifying the principal that is the subject of the JWT.
String	getTypeHeader() Returns the typ header value.
boolean	hasAudiences() Returns true iff the aud claim is present.
boolean	hasBooleanClaim(String name) Returns true iff a non-registered claim of name name and type boolean is present.
boolean	hasExpiration() Returns true iff the exp claim is present.
boolean	hasIssuedAt() Returns true iff the iat claim is present.
boolean	hasIssuer() Returns true iff the iss claim is present.
boolean	hasJsonArrayClaim(String name) Returns true iff a non-registered claim of name name and type JsonArray is present.
boolean	hasJsonObjectClaim(String name) Returns true iff a non-registered claim of name name and type JsonObject is present.
boolean	hasJwtId() Returns true iff the jti claim is present.
boolean	hasNotBefore() Returns true iff the nbf claim is present.
boolean	hasNumberClaim(String name) Returns true iff a non-registered claim of name name and type number is present.
boolean	hasStringClaim(String name) Returns true iff a non-registered claim of name name and type string is present.
boolean	hasSubject() Returns true iff the sub claim is present.
boolean	hasTypeHeader() Returns true iff the typ header is present.
boolean	isNullClaim(String name) Returns true iff there is a non-registered claim of name name and type NULL.
String	toString() Returns a brief description of a VerifiedJwt object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Detail

getTypeHeader

public String getTypeHeader()
                     throws JwtInvalidException

Returns the typ header value. Throws a JwtInvalidException if header is not present.

Throws:

JwtInvalidException

hasTypeHeader

public boolean hasTypeHeader()

Returns true iff the typ header is present.

getIssuer

public String getIssuer()
                 throws JwtInvalidException

Returns the iss claim that identifies the principal that issued the JWT. Throws a JwtInvalidException if no such claim is present.

Throws:

JwtInvalidException

hasIssuer

public boolean hasIssuer()

Returns true iff the iss claim is present.

getSubject

public String getSubject()
                  throws JwtInvalidException

Returns the sub claim identifying the principal that is the subject of the JWT. Throws a JwtInvalidException if no such claim is present.

Throws:

JwtInvalidException

hasSubject

public boolean hasSubject()

Returns true iff the sub claim is present.

getAudiences

public List<String> getAudiences()
                          throws JwtInvalidException

Returns the aud claim identifying the principals that are the audience of the JWT. Throws a JwtInvalidException if no such claim is present.

Throws:

JwtInvalidException

hasAudiences

public boolean hasAudiences()

Returns true iff the aud claim is present.

getJwtId

public String getJwtId()
                throws JwtInvalidException

Returns the jti claim that provides a unique identifier for the JWT. Throws a JwtInvalidException if no such claim is present.

Throws:

JwtInvalidException

hasJwtId

public boolean hasJwtId()

Returns true iff the jti claim is present.

getExpiration

public Instant getExpiration()
                      throws JwtInvalidException

Returns the expiration time claim exp that identifies the instant on or after which the token MUST NOT be accepted for processing. Throws a JwtInvalidException if no such claim is present.

This API requires Instant which is unavailable on Android until API level 26. To use it on older Android devices, enable API desugaring as shown in https://developer.android.com/studio/write/java8-support#library-desugaring.

Throws:

JwtInvalidException

hasExpiration

public boolean hasExpiration()

Returns true iff the exp claim is present.

getNotBefore

public Instant getNotBefore()
                     throws JwtInvalidException

Returns the not before claim nbf that identifies the instant before which the token MUST NOT be accepted for processing. Throws a JwtInvalidException if no such claim is present.

This API requires Instant which is unavailable on Android until API level 26. To use it on older Android devices, enable API desugaring as shown in https://developer.android.com/studio/write/java8-support#library-desugaring.

Throws:

JwtInvalidException

hasNotBefore

public boolean hasNotBefore()

Returns true iff the nbf claim is present.

getIssuedAt

public Instant getIssuedAt()
                    throws JwtInvalidException

Returns the issued at time claim iat that identifies the instant at which the JWT was issued. Throws a JwtInvalidException if no such claim is present.

This API requires Instant which is unavailable on Android until API level 26. To use it on older Android devices, enable API desugaring as shown in https://developer.android.com/studio/write/java8-support#library-desugaring.

Throws:

JwtInvalidException

hasIssuedAt

public boolean hasIssuedAt()

Returns true iff the iat claim is present.

getBooleanClaim

public Boolean getBooleanClaim(String name)
                        throws JwtInvalidException

Returns the non-registered claim of name name and type Boolean. Throws a JwtInvalidException if no such claim is present or the claim has another type.

Throws:

JwtInvalidException

getNumberClaim

public Double getNumberClaim(String name)
                      throws JwtInvalidException

Returns the non-registered claim of name name and type Number. Throws a JwtInvalidException if no such claim is present or the claim has another type.

Throws:

JwtInvalidException

getStringClaim

public String getStringClaim(String name)
                      throws JwtInvalidException

Returns the non-registered claim of name name and type String. Throws a JwtInvalidException if no such claim is present or the claim has another type.

Throws:

JwtInvalidException

isNullClaim

public boolean isNullClaim(String name)

Returns true iff there is a non-registered claim of name name and type NULL.

getJsonObjectClaim

public String getJsonObjectClaim(String name)
                          throws JwtInvalidException

Returns the non-registered claim of name name and type JSON Object encoded in a string. Throws a JwtInvalidException if no such claim is present or the claim has another type.

Throws:

JwtInvalidException

getJsonArrayClaim

public String getJsonArrayClaim(String name)
                         throws JwtInvalidException

Returns the non-registered claim of name name and type JSON Array encoded in a string. Throws a JwtInvalidException if no such claim is present or the claim has another type.

Throws:

JwtInvalidException

hasBooleanClaim

public boolean hasBooleanClaim(String name)

Returns true iff a non-registered claim of name name and type boolean is present.

hasNumberClaim

public boolean hasNumberClaim(String name)

Returns true iff a non-registered claim of name name and type number is present.

hasStringClaim

public boolean hasStringClaim(String name)

Returns true iff a non-registered claim of name name and type string is present.

hasJsonObjectClaim

public boolean hasJsonObjectClaim(String name)

Returns true iff a non-registered claim of name name and type JsonObject is present.

hasJsonArrayClaim

public boolean hasJsonArrayClaim(String name)

Returns true iff a non-registered claim of name name and type JsonArray is present.

customClaimNames

public Set<String> customClaimNames()

Returns all non-registered claim names.

toString

public String toString()

Returns a brief description of a VerifiedJwt object. The exact details of the representation are unspecified and subject to change.

Overrides:

toString in class Object