Package com.auth0.jwt.interfaces
Interface Verification
- All Known Implementing Classes:
JWTVerifier.BaseVerification
public interface Verification
Holds the Claims and claim-based configurations required for a JWT to be considered valid.
-
Method Summary
Modifier and TypeMethodDescriptionacceptExpiresAt(long leeway)
Set a specific leeway window in seconds in which the Expires At ("exp") Claim will still be valid.acceptIssuedAt(long leeway)
Set a specific leeway window in seconds in which the Issued At ("iat") Claim will still be valid.acceptLeeway(long leeway)
Define the default window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.acceptNotBefore(long leeway)
Set a specific leeway window in seconds in which the Not Before ("nbf") Claim will still be valid.build()
Creates a new and reusable instance of the JWTVerifier with the configuration already provided.Skip the Issued At ("iat") date verification.default Verification
withAnyOfAudience(String... audience)
Require that the Audience ("aud") claim contain at least one of the specified audiences.withArrayClaim(String name, Integer... items)
Require a specific Array Claim to contain at least the given items.withArrayClaim(String name, Long... items)
Require a specific Array Claim to contain at least the given items.withArrayClaim(String name, String... items)
Require a specific Array Claim to contain at least the given items.withAudience(String... audience)
Require a specific Audience ("aud") claim.Require a specific Claim value.Require a specific Claim value.Require a specific Claim value.Require a specific Claim value.Require a specific Claim value.Require a specific Claim value.withClaimPresence(String name)
Require a claim to be present, with any value.withIssuer(String... issuer)
Require a specific Issuer ("iss") claim.Require a specific JWT Id ("jti") claim.withSubject(String subject)
Require a specific Subject ("sub") claim.
-
Method Details
-
withIssuer
Require a specific Issuer ("iss") claim.- Parameters:
issuer
- the required Issuer value. If multiple values are given, the claim must at least match one of them- Returns:
- this same Verification instance.
-
withSubject
Require a specific Subject ("sub") claim.- Parameters:
subject
- the required Subject value- Returns:
- this same Verification instance.
-
withAudience
Require a specific Audience ("aud") claim. If multiple audiences are specified, they must all be present in the "aud" claim. If this is used in conjunction withwithAnyOfAudience(String...)
, whichever one is configured last will determine the audience validation behavior.- Parameters:
audience
- the required Audience value- Returns:
- this same Verification instance.
-
withAnyOfAudience
Require that the Audience ("aud") claim contain at least one of the specified audiences. If this is used in conjunction withwithAudience(String...)
, whichever one is configured last will determine the audience validation behavior. Note: This method was added after the interface was released. It is defined as a default method for compatibility reasons. From version 4.0 on, the method will be abstract and all implementations of this interface will have to provide their own implementation. The default implementation throws an UnsupportedOperationException.- Parameters:
audience
- the required Audience value for which the "aud" claim must contain at least one value.- Returns:
- this same Verification instance.
-
acceptLeeway
Define the default window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid. Setting a specific leeway value on a given Claim will override this value for that Claim.- Parameters:
leeway
- the window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if leeway is negative.
-
acceptExpiresAt
Set a specific leeway window in seconds in which the Expires At ("exp") Claim will still be valid. Expiration Date is always verified when the value is present. This method overrides the value set with acceptLeeway- Parameters:
leeway
- the window in seconds in which the Expires At Claim will still be valid.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if leeway is negative.
-
acceptNotBefore
Set a specific leeway window in seconds in which the Not Before ("nbf") Claim will still be valid. Not Before Date is always verified when the value is present. This method overrides the value set with acceptLeeway- Parameters:
leeway
- the window in seconds in which the Not Before Claim will still be valid.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if leeway is negative.
-
acceptIssuedAt
Set a specific leeway window in seconds in which the Issued At ("iat") Claim will still be valid. This method overrides the value set withacceptLeeway(long)
. By default, the Issued At claim is always verified when the value is present, unless disabled withignoreIssuedAt()
. If Issued At verification has been disabled, no verification of the Issued At claim will be performed, and this method has no effect.- Parameters:
leeway
- the window in seconds in which the Issued At Claim will still be valid.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if leeway is negative.
-
withJWTId
Require a specific JWT Id ("jti") claim.- Parameters:
jwtId
- the required Id value- Returns:
- this same Verification instance.
-
withClaimPresence
Require a claim to be present, with any value.- Parameters:
name
- the Claim's name.- Returns:
- this same Verification instance
- Throws:
IllegalArgumentException
- if the name is null.
-
withClaim
Require a specific Claim value.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name is null.
-
withClaim
Require a specific Claim value.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name is null.
-
withClaim
Require a specific Claim value.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name is null.
-
withClaim
Require a specific Claim value.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name is null.
-
withClaim
Require a specific Claim value.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name is null.
-
withClaim
Require a specific Claim value.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name is null.
-
withArrayClaim
Require a specific Array Claim to contain at least the given items.- Parameters:
name
- the Claim's name.items
- the items the Claim must contain.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name is null.
-
withArrayClaim
Require a specific Array Claim to contain at least the given items.- Parameters:
name
- the Claim's name.items
- the items the Claim must contain.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name is null.
-
withArrayClaim
Require a specific Array Claim to contain at least the given items.- Parameters:
name
- the Claim's name.items
- the items the Claim must contain.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name is null.
-
ignoreIssuedAt
Verification ignoreIssuedAt()Skip the Issued At ("iat") date verification. By default, the verification is performed.- Returns:
- this same Verification instance.
-
build
JWTVerifier build()Creates a new and reusable instance of the JWTVerifier with the configuration already provided.- Returns:
- a new JWTVerifier instance.
-