Package com.auth0.jwt.interfaces

Interface Verification

All Known Implementing Classes:
JWTVerifier.BaseVerification
public interface Verification
Constructs and holds the checks required for a JWT to be considered valid. Note that implementations are not thread-safe. Once built by calling build(), the resulting JWTVerifier is thread-safe.

  • Method Details

    • withIssuer

      default Verification withIssuer(String issuer)
      Verifies whether the JWT contains an Issuer ("iss") claim that equals to the value provided. This check is case-sensitive.
      Parameters:
      issuer - the required Issuer value.
      Returns:
      this same Verification instance.

    • withIssuer

      Verification withIssuer(String... issuer)
      Verifies whether the JWT contains an Issuer ("iss") claim that contains all the values provided. This check is case-sensitive. An empty array is considered as a null.
      Parameters:
      issuer - the required Issuer value. If multiple values are given, the claim must at least match one of them
      Returns:
      this same Verification instance.

    • withSubject

      Verification withSubject(String subject)
      Verifies whether the JWT contains a Subject ("sub") claim that equals to the value provided. This check is case-sensitive.
      Parameters:
      subject - the required Subject value
      Returns:
      this same Verification instance.

    • withAudience

      Verification withAudience(String... audience)
      Verifies whether the JWT contains an Audience ("aud") claim that contains all the values provided. This check is case-sensitive. An empty array is considered as a null.
      Parameters:
      audience - the required Audience value
      Returns:
      this same Verification instance.

    • withAnyOfAudience

      Verification withAnyOfAudience(String... audience)
      Verifies whether the JWT contains an Audience ("aud") claim contain at least one of the specified audiences. This check is case-sensitive. An empty array is considered as a null.
      Parameters:
      audience - the required Audience value for which the "aud" claim must contain at least one value.
      Returns:
      this same Verification instance.

    • acceptLeeway

      Verification acceptLeeway(long leeway) throws IllegalArgumentException
      Define the default window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid. Setting a specific leeway value on a given Claim will override this value for that Claim.
      Parameters:
      leeway - the window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if leeway is negative.

    • acceptExpiresAt

      Verification acceptExpiresAt(long leeway) throws IllegalArgumentException
      Set a specific leeway window in seconds in which the Expires At ("exp") Claim will still be valid. Expiration Date is always verified when the value is present. This method overrides the value set with acceptLeeway
      Parameters:
      leeway - the window in seconds in which the Expires At Claim will still be valid.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if leeway is negative.

    • acceptNotBefore

      Verification acceptNotBefore(long leeway) throws IllegalArgumentException
      Set a specific leeway window in seconds in which the Not Before ("nbf") Claim will still be valid. Not Before Date is always verified when the value is present. This method overrides the value set with acceptLeeway
      Parameters:
      leeway - the window in seconds in which the Not Before Claim will still be valid.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if leeway is negative.

    • acceptIssuedAt

      Verification acceptIssuedAt(long leeway) throws IllegalArgumentException
      Set a specific leeway window in seconds in which the Issued At ("iat") Claim will still be valid. This method overrides the value set with acceptLeeway(long). By default, the Issued At claim is always verified when the value is present, unless disabled with ignoreIssuedAt(). If Issued At verification has been disabled, no verification of the Issued At claim will be performed, and this method has no effect.
      Parameters:
      leeway - the window in seconds in which the Issued At Claim will still be valid.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if leeway is negative.

    • withJWTId

      Verification withJWTId(String jwtId)
      Verifies whether the JWT contains a JWT ID ("jti") claim that equals to the value provided. This check is case-sensitive.
      Parameters:
      jwtId - the required ID value
      Returns:
      this same Verification instance.

    • withClaimPresence

      Verification withClaimPresence(String name) throws IllegalArgumentException
      Verifies whether the claim is present in the JWT, with any value including null.
      Parameters:
      name - the Claim's name.
      Returns:
      this same Verification instance
      Throws:
      IllegalArgumentException - if the name is null.

    • withNullClaim

      Verification withNullClaim(String name) throws IllegalArgumentException
      Verifies whether the claim is present with a null value.
      Parameters:
      name - the Claim's name.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withClaim

      Verification withClaim(String name, Boolean value) throws IllegalArgumentException
      Verifies whether the claim is equal to the given Boolean value.
      Parameters:
      name - the Claim's name.
      value - the Claim's value.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withClaim

      Verification withClaim(String name, Integer value) throws IllegalArgumentException
      Verifies whether the claim is equal to the given Integer value.
      Parameters:
      name - the Claim's name.
      value - the Claim's value.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withClaim

      Verification withClaim(String name, Long value) throws IllegalArgumentException
      Verifies whether the claim is equal to the given Long value.
      Parameters:
      name - the Claim's name.
      value - the Claim's value.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withClaim

      Verification withClaim(String name, Double value) throws IllegalArgumentException
      Verifies whether the claim is equal to the given Integer value.
      Parameters:
      name - the Claim's name.
      value - the Claim's value.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withClaim

      Verification withClaim(String name, String value) throws IllegalArgumentException
      Verifies whether the claim is equal to the given String value. This check is case-sensitive.
      Parameters:
      name - the Claim's name.
      value - the Claim's value.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withClaim

      Verification withClaim(String name, Date value) throws IllegalArgumentException
      Verifies whether the claim is equal to the given Date value. Note that date-time claims are serialized as seconds since the epoch; when verifying date-time claim value, any time units more granular than seconds will not be considered.
      Parameters:
      name - the Claim's name.
      value - the Claim's value.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withClaim

      default Verification withClaim(String name, Instant value) throws IllegalArgumentException
      Verifies whether the claim is equal to the given Instant value. Note that date-time claims are serialized as seconds since the epoch; when verifying a date-time claim value, any time units more granular than seconds will not be considered.
      Parameters:
      name - the Claim's name.
      value - the Claim's value.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withClaim

      Verification withClaim(String name, BiPredicate<Claim,DecodedJWT> predicate) throws IllegalArgumentException
      Executes the predicate provided and the validates the JWT if the predicate returns true.
      Parameters:
      name - the Claim's name
      predicate - the predicate check to be done.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withArrayClaim

      Verification withArrayClaim(String name, String... items) throws IllegalArgumentException
      Verifies whether the claim contain at least the given String items.
      Parameters:
      name - the Claim's name.
      items - the items the Claim must contain.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withArrayClaim

      Verification withArrayClaim(String name, Integer... items) throws IllegalArgumentException
      Verifies whether the claim contain at least the given Integer items.
      Parameters:
      name - the Claim's name.
      items - the items the Claim must contain.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • withArrayClaim

      Verification withArrayClaim(String name, Long... items) throws IllegalArgumentException
      Verifies whether the claim contain at least the given Long items.
      Parameters:
      name - the Claim's name.
      items - the items the Claim must contain.
      Returns:
      this same Verification instance.
      Throws:
      IllegalArgumentException - if the name is null.

    • ignoreIssuedAt

      Verification ignoreIssuedAt()
      Skip the Issued At ("iat") claim verification. By default, the verification is performed.
      Returns:
      this same Verification instance.

    • build

      JWTVerifier build()
      Creates a new and reusable instance of the JWTVerifier with the configuration already provided.
      Returns:
      a new JWTVerifier instance.