Package org.keycloak

Class TokenVerifier<T extends JsonWebToken>

    • Constructor Detail

      • TokenVerifier

        protected TokenVerifier​(String tokenString,
                                Class<T> clazz)
      • TokenVerifier

        protected TokenVerifier​(T token)
    • Method Detail

      • create

        public static <T extends JsonWebTokenTokenVerifier<T> create​(String tokenString,
                                                                       Class<T> clazz)
        Creates an instance of TokenVerifier from the given string on a JWT of the given class. The token verifier has no checks defined. Note that the checks are only tested when verify() method is invoked.
        Type Parameters:
        T - Type of the token
        Parameters:
        tokenString - String representation of JWT
        clazz - Class of the token
        Returns:
      • createWithoutSignature

        public static <T extends JsonWebTokenTokenVerifier<T> createWithoutSignature​(T token)
        Creates an instance of TokenVerifier for the given token. The token verifier has no checks defined. Note that the checks are only tested when verify() method is invoked.

        NOTE: The returned token verifier cannot verify token signature since that is not part of the JsonWebToken object.

        Returns:
      • withDefaultChecks

        public TokenVerifier<T> withDefaultChecks()
        Adds default checks to the token verification:
        • Realm URL (JWT issuer field: iss) has to be defined and match realm set via realmUrl(java.lang.String) method
        • Subject (JWT subject field: sub) has to be defined
        • Token type (JWT type field: typ) has to be Bearer. The type can be set via tokenType(java.lang.String) method
        • Token has to be active, ie. both not expired and not used before its validity (JWT issuer fields: exp and nbf)
        Returns:
        This token verifier.
      • publicKey

        public TokenVerifier<T> publicKey​(PublicKey publicKey)
        Sets the key for verification of RSA-based signature.
        Parameters:
        publicKey -
        Returns:
      • secretKey

        public TokenVerifier<T> secretKey​(SecretKey secretKey)
        Sets the key for verification of HMAC-based signature.
        Parameters:
        secretKey -
        Returns:
      • realmUrl

        public TokenVerifier<T> realmUrl​(String realmUrl)
        Deprecated.
        This method is here only for backward compatibility with previous version of TokenVerifier.
        Returns:
        This token verifier
      • checkTokenType

        public TokenVerifier<T> checkTokenType​(boolean checkTokenType)
        Deprecated.
        This method is here only for backward compatibility with previous version of TokenVerifier.
        Returns:
        This token verifier
      • checkActive

        public TokenVerifier<T> checkActive​(boolean checkActive)
        Deprecated.
        This method is here only for backward compatibility with previous version of TokenVerifier.
        Returns:
        This token verifier
      • checkRealmUrl

        public TokenVerifier<T> checkRealmUrl​(boolean checkRealmUrl)
        Deprecated.
        This method is here only for backward compatibility with previous version of TokenVerifier.
        Returns:
        This token verifier
      • audience

        public TokenVerifier<T> audience​(String... expectedAudiences)
        Add check for verifying that token contains the expectedAudience
        Parameters:
        expectedAudiences - Audiences, which needs to be in the target token. Can be null.
        Returns:
        This token verifier
      • issuedFor

        public TokenVerifier<T> issuedFor​(String expectedIssuedFor)
        Add check for verifying that token issuedFor (azp claim) is the expected value
        Parameters:
        expectedIssuedFor - issuedFor, which needs to be in the target token. Can't be null
        Returns:
        This token verifier
      • optional

        public static <T extends JsonWebTokenTokenVerifier.Predicate<T> optional​(TokenVerifier.Predicate<T> mandatoryPredicate)
        Creates an optional predicate from a predicate that will proceed with check but always pass.
        Type Parameters:
        T -
        Parameters:
        mandatoryPredicate -
        Returns:
      • alternative

        @SafeVarargs
        public static <T extends JsonWebTokenTokenVerifier.Predicate<T> alternative​(TokenVerifier.Predicate<? super T>... predicates)
        Creates a predicate that will proceed with checks of the given predicates and will pass if and only if at least one of the given predicates passes.
        Type Parameters:
        T -
        Parameters:
        predicates -
        Returns: