Package com.auth0.utils.tokens
Class IdTokenVerifier
java.lang.Object
com.auth0.utils.tokens.IdTokenVerifier
Provides utility methods for validating an OIDC-compliant ID token.
See the OIDC Specification for more information.
This class is not thread-safe:
It makes use of Date
and Calendar
classes to verify time sensitive claims.
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic IdTokenVerifier.Builder
init(String issuer, String audience, SignatureVerifier signatureVerifier)
Initialize an instance ofIdTokenVerifier
.void
Verifies a provided ID Token follows the OIDC specification.void
Verifies a provided ID Token follows the OIDC specification.void
Verifies a provided ID Token follows the OIDC specification.
-
Method Details
-
init
public static IdTokenVerifier.Builder init(String issuer, String audience, SignatureVerifier signatureVerifier)Initialize an instance ofIdTokenVerifier
.- Parameters:
issuer
- the expected issuer of the token. Must not be null.audience
- the expected audience of the token. Must not be null.signatureVerifier
- theSignatureVerifier
to use when verifying the token. Must not be null.- Returns:
- a IdTokenVerifier.Builder for further configuration.
-
verify
Verifies a provided ID Token follows the OIDC specification.- Parameters:
token
- the ID Token to verify. Must not be null or empty.- Throws:
IdTokenValidationException
- if:- The ID token is null
- The ID token's signing algorithm is not supported
- The ID token's signature is invalid
- Any of the ID token's claims are invalid
- See Also:
verify(String, String)
,verify(String, String, Integer)
-
verify
Verifies a provided ID Token follows the OIDC specification.- Parameters:
token
- the ID Token to verify.nonce
- the nonce expected on the ID token, which must match the nonce specified on the authorization request. If null, no validation of the nonce will occur.- Throws:
IdTokenValidationException
- if:- The ID token is null
- The ID token's signing algorithm is not supported
- The ID token's signature is invalid
- Any of the ID token's claims are invalid
- See Also:
verify(String)
,verify(String, String, Integer)
-
verify
public void verify(String token, String nonce, Integer maxAuthenticationAge) throws IdTokenValidationExceptionVerifies a provided ID Token follows the OIDC specification.- Parameters:
token
- the ID Token to verify. Must not be null or empty.nonce
- the nonce expected on the ID token, which must match the nonce specified on the authorization request. If null, no validation of the nonce will occur.maxAuthenticationAge
- The maximum authentication age allowed, which specifies the allowable elapsed time in seconds since the last time the end-user was actively authenticated. This must match the specifiedmax_age
parameter specified on the authorization request. If null, no validation of theauth_time
claim will occur.- Throws:
IdTokenValidationException
- if:- The ID token is null
- The ID token's signing algorithm is not supported
- The ID token's signature is invalid
- Any of the ID token's claims are invalid
- See Also:
verify(String)
,verify(String, String)
-