Package org.keycloak
Class TokenVerifier<T extends JsonWebToken>
java.lang.Object
org.keycloak.TokenVerifier<T>
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
static class
static interface
TokenVerifier.Predicate<T extends JsonWebToken>
Functional interface of checks that verify some part of a JWT.static class
static class
-
Field Summary
Modifier and TypeFieldDescriptionstatic final TokenVerifier.Predicate<JsonWebToken>
Check for token being neither expired nor used before it gets valid.static final TokenVerifier.Predicate<JsonWebToken>
-
Constructor Summary
ModifierConstructorDescriptionprotected
TokenVerifier
(String tokenString, Class<T> clazz) protected
TokenVerifier
(T token) -
Method Summary
Modifier and TypeMethodDescriptionstatic <T extends JsonWebToken>
TokenVerifier.Predicate<T>alternative
(TokenVerifier.Predicate<? super T>... predicates) Creates a predicate that will proceed with checks of the given predicates and will pass if and only if at least one of the given predicates passes.Add check for verifying that token contains the expectedAudiencecheckActive
(boolean checkActive) Deprecated.checkRealmUrl
(boolean checkRealmUrl) Deprecated.This method is here only for backward compatibility with previous version ofTokenVerifier
.checkTokenType
(boolean checkTokenType) Deprecated.This method is here only for backward compatibility with previous version ofTokenVerifier
.static <T extends JsonWebToken>
TokenVerifier<T>Creates an instance ofTokenVerifier
from the given string on a JWT of the given class.static <T extends JsonWebToken>
TokenVerifier<T>createWithoutSignature
(T token) Creates an instance ofTokenVerifier
for the given token.getToken()
Add check for verifying that token issuedFor (azp claim) is the expected valuestatic <T extends JsonWebToken>
TokenVerifier.Predicate<T>optional
(TokenVerifier.Predicate<T> mandatoryPredicate) Creates an optional predicate from a predicate that will proceed with check but always pass.parse()
Sets the key for verification of RSA-based signature.Deprecated.This method is here only for backward compatibility with previous version ofTokenVerifier
.Sets the key for verification of HMAC-based signature.verifierContext
(SignatureVerifierContext verifier) verify()
void
final TokenVerifier<T>
withChecks
(TokenVerifier.Predicate<? super T>... checks) Will test the given checks inverify()
method in addition to already set checks.Adds default checks to the token verification: Realm URL (JWT issuer field:iss
) has to be defined and match realm set viarealmUrl(java.lang.String)
method Subject (JWT subject field:sub
) has to be defined Token type (JWT type field:typ
) has to beBearer
.
-
Field Details
-
SUBJECT_EXISTS_CHECK
-
IS_ACTIVE
Check for token being neither expired nor used before it gets valid.- See Also:
-
-
Constructor Details
-
TokenVerifier
-
TokenVerifier
-
-
Method Details
-
verifierContext
-
create
Creates an instance ofTokenVerifier
from the given string on a JWT of the given class. The token verifier has no checks defined. Note that the checks are only tested whenverify()
method is invoked.- Type Parameters:
T
- Type of the token- Parameters:
tokenString
- String representation of JWTclazz
- Class of the token- Returns:
-
createWithoutSignature
Creates an instance ofTokenVerifier
for the given token. The token verifier has no checks defined. Note that the checks are only tested whenverify()
method is invoked.NOTE: The returned token verifier cannot verify token signature since that is not part of the
JsonWebToken
object.- Returns:
-
withDefaultChecks
Adds default checks to the token verification:- Realm URL (JWT issuer field:
iss
) has to be defined and match realm set viarealmUrl(java.lang.String)
method - Subject (JWT subject field:
sub
) has to be defined - Token type (JWT type field:
typ
) has to beBearer
. The type can be set viatokenType(java.lang.String)
method - Token has to be active, ie. both not expired and not used before its validity (JWT issuer fields:
exp
andnbf
)
- Returns:
- This token verifier.
- Realm URL (JWT issuer field:
-
withChecks
Will test the given checks inverify()
method in addition to already set checks.- Parameters:
checks
-- Returns:
-
publicKey
Sets the key for verification of RSA-based signature.- Parameters:
publicKey
-- Returns:
-
secretKey
Sets the key for verification of HMAC-based signature.- Parameters:
secretKey
-- Returns:
-
realmUrl
Deprecated.This method is here only for backward compatibility with previous version ofTokenVerifier
.- Returns:
- This token verifier
-
checkTokenType
Deprecated.This method is here only for backward compatibility with previous version ofTokenVerifier
.- Returns:
- This token verifier
-
tokenType
- Returns:
- This token verifier
-
checkActive
Deprecated.This method is here only for backward compatibility with previous version ofTokenVerifier
.- Returns:
- This token verifier
-
checkRealmUrl
Deprecated.This method is here only for backward compatibility with previous version ofTokenVerifier
.- Returns:
- This token verifier
-
audience
Add check for verifying that token contains the expectedAudience- Parameters:
expectedAudiences
- Audiences, which needs to be in the target token. Can benull
.- Returns:
- This token verifier
-
issuedFor
Add check for verifying that token issuedFor (azp claim) is the expected value- Parameters:
expectedIssuedFor
- issuedFor, which needs to be in the target token. Can't be null- Returns:
- This token verifier
-
parse
- Throws:
VerificationException
-
getToken
- Throws:
VerificationException
-
getHeader
- Throws:
VerificationException
-
verifySignature
- Throws:
VerificationException
-
verify
- Throws:
VerificationException
-
optional
public static <T extends JsonWebToken> TokenVerifier.Predicate<T> optional(TokenVerifier.Predicate<T> mandatoryPredicate) Creates an optional predicate from a predicate that will proceed with check but always pass.- Type Parameters:
T
-- Parameters:
mandatoryPredicate
-- Returns:
-
alternative
@SafeVarargs public static <T extends JsonWebToken> TokenVerifier.Predicate<T> alternative(TokenVerifier.Predicate<? super T>... predicates) Creates a predicate that will proceed with checks of the given predicates and will pass if and only if at least one of the given predicates passes.- Type Parameters:
T
-- Parameters:
predicates
-- Returns:
-
TokenVerifier
.