public final class IdTokenVerifier
extends java.lang.Object
This class is not thread-safe:
It makes use of Date
and Calendar
classes to verify time sensitive claims.
Modifier and Type | Class and Description |
---|---|
static class |
IdTokenVerifier.Builder
Builder class to construct a IdTokenVerifier
|
Modifier and Type | Method and Description |
---|---|
static IdTokenVerifier.Builder |
init(java.lang.String issuer,
java.lang.String audience,
SignatureVerifier signatureVerifier)
Initialize an instance of
IdTokenVerifier . |
void |
verify(java.lang.String token)
Verifies a provided ID Token follows the OIDC specification.
|
void |
verify(java.lang.String token,
java.lang.String nonce)
Verifies a provided ID Token follows the OIDC specification.
|
void |
verify(java.lang.String token,
java.lang.String nonce,
java.lang.Integer maxAuthenticationAge)
Verifies a provided ID Token follows the OIDC specification.
|
public static IdTokenVerifier.Builder init(java.lang.String issuer, java.lang.String audience, SignatureVerifier signatureVerifier)
IdTokenVerifier
.issuer
- the expected issuer of the token. Must not be null.audience
- the expected audience of the token. Must not be null.signatureVerifier
- the SignatureVerifier
to use when verifying the token. Must not be null.public void verify(java.lang.String token) throws IdTokenValidationException
token
- the ID Token to verify. Must not be null or empty.IdTokenValidationException
- if:
verify(String, String)
,
verify(String, String, Integer)
public void verify(java.lang.String token, java.lang.String nonce) throws IdTokenValidationException
token
- the ID Token to verify.nonce
- the nonce expected on the ID token, which must match the nonce specified on the authorization request.
If null, no validation of the nonce will occur.IdTokenValidationException
- if:
verify(String)
,
verify(String, String, Integer)
public void verify(java.lang.String token, java.lang.String nonce, java.lang.Integer maxAuthenticationAge) throws IdTokenValidationException
token
- the ID Token to verify. Must not be null or empty.nonce
- the nonce expected on the ID token, which must match the nonce specified on the authorization request.
If null, no validation of the nonce will occur.maxAuthenticationAge
- The maximum authentication age allowed, which specifies the allowable elapsed time in seconds
since the last time the end-user was actively authenticated. This must match the specified
max_age
parameter specified on the authorization request. If null, no validation
of the auth_time
claim will occur.IdTokenValidationException
- if:
verify(String)
,
verify(String, String)