Package com.auth0.utils.tokens

Class IdTokenVerifier

java.lang.Object
com.auth0.utils.tokens.IdTokenVerifier
public final class IdTokenVerifier extends Object
Provides utility methods for validating an OIDC-compliant ID token. See the OIDC Specification for more information.

This class is not thread-safe: It makes use of Date and Calendar classes to verify time sensitive claims.

  • Method Details

    • init

      public static IdTokenVerifier.Builder init(String issuer, String audience, SignatureVerifier signatureVerifier)
      Initialize an instance of IdTokenVerifier.
      Parameters:
      issuer - the expected issuer of the token. Must not be null.
      audience - the expected audience of the token. Must not be null.
      signatureVerifier - the SignatureVerifier to use when verifying the token. Must not be null.
      Returns:
      a IdTokenVerifier.Builder for further configuration.

    • verify

      public void verify(String token) throws IdTokenValidationException
      Verifies a provided ID Token follows the OIDC specification.
      Parameters:
      token - the ID Token to verify. Must not be null or empty.
      Throws:
      IdTokenValidationException - if:
      • The ID token is null
      • The ID token's signing algorithm is not supported
      • The ID token's signature is invalid
      • Any of the ID token's claims are invalid
      See Also:
      verify(String, String), verify(String, String, Integer)

    • verify

      public void verify(String token, String nonce) throws IdTokenValidationException
      Verifies a provided ID Token follows the OIDC specification.
      Parameters:
      token - the ID Token to verify.
      nonce - the nonce expected on the ID token, which must match the nonce specified on the authorization request. If null, no validation of the nonce will occur.
      Throws:
      IdTokenValidationException - if:
      • The ID token is null
      • The ID token's signing algorithm is not supported
      • The ID token's signature is invalid
      • Any of the ID token's claims are invalid
      See Also:
      verify(String), verify(String, String, Integer)

    • verify

      public void verify(String token, String nonce, Integer maxAuthenticationAge) throws IdTokenValidationException
      Verifies a provided ID Token follows the OIDC specification.
      Parameters:
      token - the ID Token to verify. Must not be null or empty.
      nonce - the nonce expected on the ID token, which must match the nonce specified on the authorization request. If null, no validation of the nonce will occur.
      maxAuthenticationAge - The maximum authentication age allowed, which specifies the allowable elapsed time in seconds since the last time the end-user was actively authenticated. This must match the specified max_age parameter specified on the authorization request. If null, no validation of the auth_time claim will occur.
      Throws:
      IdTokenValidationException - if:
      • The ID token is null
      • The ID token's signing algorithm is not supported
      • The ID token's signature is invalid
      • Any of the ID token's claims are invalid
      See Also:
      verify(String), verify(String, String)