Package com.auth0.jwt.interfaces
Interface Verification
- All Known Implementing Classes:
JWTVerifier.BaseVerification
public interface Verification
Constructs and holds the checks required for a JWT to be considered valid. Note that implementations are
not thread-safe. Once built by calling
build()
, the resulting
JWTVerifier
is thread-safe.-
Method Summary
Modifier and TypeMethodDescriptionacceptExpiresAt
(long leeway) Set a specific leeway window in seconds in which the Expires At ("exp") Claim will still be valid.acceptIssuedAt
(long leeway) Set a specific leeway window in seconds in which the Issued At ("iat") Claim will still be valid.acceptLeeway
(long leeway) Define the default window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.acceptNotBefore
(long leeway) Set a specific leeway window in seconds in which the Not Before ("nbf") Claim will still be valid.build()
Creates a new and reusable instance of the JWTVerifier with the configuration already provided.Skip the Issued At ("iat") claim verification.withAnyOfAudience
(String... audience) Verifies whether the JWT contains an Audience ("aud") claim contain at least one of the specified audiences.withArrayClaim
(String name, Integer... items) Verifies whether the claim contain at least the given Integer items.withArrayClaim
(String name, Long... items) Verifies whether the claim contain at least the given Long items.withArrayClaim
(String name, String... items) Verifies whether the claim contain at least the given String items.withAudience
(String... audience) Verifies whether the JWT contains an Audience ("aud") claim that contains all the values provided.Verifies whether the claim is equal to the given Boolean value.Verifies whether the claim is equal to the given Integer value.Verifies whether the claim is equal to the given Integer value.Verifies whether the claim is equal to the given Long value.Verifies whether the claim is equal to the given String value.default Verification
Verifies whether the claim is equal to the given Instant value.Verifies whether the claim is equal to the given Date value.withClaim
(String name, BiPredicate<Claim, DecodedJWT> predicate) Executes the predicate provided and the validates the JWT if the predicate returns true.withClaimPresence
(String name) Verifies whether the claim is present in the JWT, with any value includingnull
.default Verification
withIssuer
(String issuer) Verifies whether the JWT contains an Issuer ("iss") claim that equals to the value provided.withIssuer
(String... issuer) Verifies whether the JWT contains an Issuer ("iss") claim that contains all the values provided.Verifies whether the JWT contains a JWT ID ("jti") claim that equals to the value provided.withNullClaim
(String name) Verifies whether the claim is present with anull
value.withSubject
(String subject) Verifies whether the JWT contains a Subject ("sub") claim that equals to the value provided.
-
Method Details
-
withIssuer
Verifies whether the JWT contains an Issuer ("iss") claim that equals to the value provided. This check is case-sensitive.- Parameters:
issuer
- the required Issuer value.- Returns:
- this same Verification instance.
-
withIssuer
Verifies whether the JWT contains an Issuer ("iss") claim that contains all the values provided. This check is case-sensitive. An empty array is considered as anull
.- Parameters:
issuer
- the required Issuer value. If multiple values are given, the claim must at least match one of them- Returns:
- this same Verification instance.
-
withSubject
Verifies whether the JWT contains a Subject ("sub") claim that equals to the value provided. This check is case-sensitive.- Parameters:
subject
- the required Subject value- Returns:
- this same Verification instance.
-
withAudience
Verifies whether the JWT contains an Audience ("aud") claim that contains all the values provided. This check is case-sensitive. An empty array is considered as anull
.- Parameters:
audience
- the required Audience value- Returns:
- this same Verification instance.
-
withAnyOfAudience
Verifies whether the JWT contains an Audience ("aud") claim contain at least one of the specified audiences. This check is case-sensitive. An empty array is considered as anull
.- Parameters:
audience
- the required Audience value for which the "aud" claim must contain at least one value.- Returns:
- this same Verification instance.
-
acceptLeeway
Define the default window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid. Setting a specific leeway value on a given Claim will override this value for that Claim.- Parameters:
leeway
- the window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if leeway is negative.
-
acceptExpiresAt
Set a specific leeway window in seconds in which the Expires At ("exp") Claim will still be valid. Expiration Date is always verified when the value is present. This method overrides the value set with acceptLeeway- Parameters:
leeway
- the window in seconds in which the Expires At Claim will still be valid.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if leeway is negative.
-
acceptNotBefore
Set a specific leeway window in seconds in which the Not Before ("nbf") Claim will still be valid. Not Before Date is always verified when the value is present. This method overrides the value set with acceptLeeway- Parameters:
leeway
- the window in seconds in which the Not Before Claim will still be valid.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if leeway is negative.
-
acceptIssuedAt
Set a specific leeway window in seconds in which the Issued At ("iat") Claim will still be valid. This method overrides the value set withacceptLeeway(long)
. By default, the Issued At claim is always verified when the value is present, unless disabled withignoreIssuedAt()
. If Issued At verification has been disabled, no verification of the Issued At claim will be performed, and this method has no effect.- Parameters:
leeway
- the window in seconds in which the Issued At Claim will still be valid.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if leeway is negative.
-
withJWTId
Verifies whether the JWT contains a JWT ID ("jti") claim that equals to the value provided. This check is case-sensitive.- Parameters:
jwtId
- the required ID value- Returns:
- this same Verification instance.
-
withClaimPresence
Verifies whether the claim is present in the JWT, with any value includingnull
.- Parameters:
name
- the Claim's name.- Returns:
- this same Verification instance
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withNullClaim
Verifies whether the claim is present with anull
value.- Parameters:
name
- the Claim's name.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withClaim
Verifies whether the claim is equal to the given Boolean value.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withClaim
Verifies whether the claim is equal to the given Integer value.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withClaim
Verifies whether the claim is equal to the given Long value.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withClaim
Verifies whether the claim is equal to the given Integer value.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withClaim
Verifies whether the claim is equal to the given String value. This check is case-sensitive.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withClaim
Verifies whether the claim is equal to the given Date value. Note that date-time claims are serialized as seconds since the epoch; when verifying date-time claim value, any time units more granular than seconds will not be considered.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withClaim
Verifies whether the claim is equal to the given Instant value. Note that date-time claims are serialized as seconds since the epoch; when verifying a date-time claim value, any time units more granular than seconds will not be considered.- Parameters:
name
- the Claim's name.value
- the Claim's value.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withClaim
Verification withClaim(String name, BiPredicate<Claim, DecodedJWT> predicate) throws IllegalArgumentExceptionExecutes the predicate provided and the validates the JWT if the predicate returns true.- Parameters:
name
- the Claim's namepredicate
- the predicate check to be done.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withArrayClaim
Verifies whether the claim contain at least the given String items.- Parameters:
name
- the Claim's name.items
- the items the Claim must contain.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withArrayClaim
Verifies whether the claim contain at least the given Integer items.- Parameters:
name
- the Claim's name.items
- the items the Claim must contain.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
withArrayClaim
Verifies whether the claim contain at least the given Long items.- Parameters:
name
- the Claim's name.items
- the items the Claim must contain.- Returns:
- this same Verification instance.
- Throws:
IllegalArgumentException
- if the name isnull
.
-
ignoreIssuedAt
Verification ignoreIssuedAt()Skip the Issued At ("iat") claim verification. By default, the verification is performed.- Returns:
- this same Verification instance.
-
build
JWTVerifier build()Creates a new and reusable instance of the JWTVerifier with the configuration already provided.- Returns:
- a new
JWTVerifier
instance.
-