Package com.sap.cloud.security.token

Interface Token

All Superinterfaces:
Serializable
All Known Subinterfaces:
AccessToken
public interface Token extends Serializable
Represents a JSON Web Token (JWT).

  • Field Details

  • Method Details

    • create

      static Token create(String jwt)
      Creates a token instance based on TokenFactory implementation.
      Parameters:
      jwt - encoded JWT token
      Returns:
      token instance

    • getHeaderParameterAsString

      @Nullable String getHeaderParameterAsString(@Nonnull String headerName)
      Returns the header parameter value as string for the given header parameter name.
      Parameters:
      headerName - the name of the header parameter as defined here TokenHeader
      Returns:
      the value for the given header name or null, if the header is not provided.

    • hasHeaderParameter

      boolean hasHeaderParameter(@Nonnull String headerName)
      Checks whether the token contains a given header parameter.
      Parameters:
      headerName - the name of the header parameter as defined here TokenHeader
      Returns:
      true when the given header name is found.

    • hasClaim

      boolean hasClaim(@Nonnull String claimName)
      Checks whether the token contains a given claim.
      Parameters:
      claimName - the name of the claim as defined here TokenClaims.
      Returns:
      true when the claim with the given name is found.

    • getClaimAsString

      @Nullable String getClaimAsString(@Nonnull String claimName)
      Extracts the value as string for the given claim. If the claim is not found, it will return null. If the given claim is not a string, it will throw a JsonParsingException.
      Parameters:
      claimName - the name of the claim as defined here TokenClaims.
      Returns:
      the corresponding string value of the given claim or null.
      Throws:
      JsonParsingException - if the json object identified by the given claim is not a string.

    • getClaimAsStringList

      @Nonnull List<String> getClaimAsStringList(@Nonnull String claimName)
      Extracts the value as a list of strings for the given claim. If the claim is not found, it will return null. If the given claim is not a list of strings, it will throw a JsonParsingException.
      Parameters:
      claimName - the name of the claim as defined here TokenClaims.
      Returns:
      the data of the given claim as a list of strings or an empty list.

    • getClaimAsJsonObject

      @Nullable JsonObject getClaimAsJsonObject(@Nonnull String claimName)
      Extracts the value of the given as a JsonObject. Use this to extract nested objects. If the claim is not found, it will return null. If the vale for the given claim is not an object, it will throw a JsonParsingException.
      Parameters:
      claimName - the name of the claim for which the object should be extracted.
      Returns:
      the corresponding JsonObject for the given claim.

    • getExpiration

      @Nullable Instant getExpiration()
      Returns the moment in time when the token will be expired.
      Returns:
      the expiration point in time if present.

    • isExpired

      boolean isExpired()
      Returns true if the token is expired.
      Returns:
      true if the token is expired.

    • getNotBefore

      @Nullable Instant getNotBefore()
      Returns the moment in time before which the token must not be accepted.
      Returns:
      the not before point in time if present.

    • getTokenValue

      String getTokenValue()
      Get the encoded jwt token, e.g. for token forwarding to another app.

      Never expose this token via log or via HTTP.

      Returns:
      the encoded token.

    • getPrincipal

      Principal getPrincipal()
      Returns a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id.
      Returns:
      the principal or null if not yet implemented.

    • getService

      Service getService()
      Returns the identity service, the token is issued by.
      Returns:
      the service.

    • getAudiences

      default Set<String> getAudiences()
      Returns the (empty) list of audiences the token is issued for.
      Returns:
      the audiences.

    • getZoneId

      @Deprecated default String getZoneId()
      Deprecated.
      use getAppTid() instead

    • getAppTid

      default String getAppTid()
      Returns the app tenant identifier, which can be used as tenant discriminator (tenant guid).
      Returns:
      the unique application tenant identifier.

    • getClientId

      default String getClientId()
      Returns the OAuth2 client identifier of the authentication token if present. Following OpenID Connect 1.0 standard specifications, client identifier is obtained from "azp" claim if present or when "azp" is not present from "aud" claim, but only in case there is one audience.
      Returns:
      the OAuth client ID.
      See Also:

    • getIssuer

      default String getIssuer()
      Returns the identifier for the Issuer of the token. Its a URL that contains scheme, host, and optionally, port number and path components but no query or fragment components. This one is validated in the JwtIssuerValidator and used as base url to discover jwks_uri endpoint for downloading the token keys.
      Returns:
      the issuer.

    • getGrantType

      @Nullable default GrantType getGrantType()
      Returns the grant type of the jwt token.
      Returns:
      the grant type

    • getHeaders

      default Map<String,Object> getHeaders()
      Returns the header(s).
      Returns:
      a Map of the header(s)

    • getClaims

      default Map<String,Object> getClaims()
      Returns the jwt claim set.
      Returns:
      a Map of the jwt claim set

    • getAttributeFromClaimAsString

      @Nullable default String getAttributeFromClaimAsString(String claimName, String attributeName)
      Returns the String value of a claim attribute.
      "claimName": { "attributeName": "attributeValueAsString" },

      Example:
      import static com.sap.cloud.security.token.TokenClaims.XSUAA.*; token.getAttributeFromClaimAsString(EXTERNAL_ATTRIBUTE, EXTERNAL_ATTRIBUTE_SUBACCOUNTID);
      Returns:
      the String value of a claim attribute or null if claim or its attribute does not exist.

    • getAttributeFromClaimAsStringList

      default List<String> getAttributeFromClaimAsStringList(String claimName, String attributeName)
      Returns the String list of a claim attribute.
      "claimName": { "attributeName": ["attributeValueAsString", "attributeValue2AsString"] },

      Example:
      import static com.sap.cloud.security.token.TokenClaims.XSUAA.*; token.getAttributeFromClaimAsString(XS_USER_ATTRIBUTES, "custom_role");
      Returns:
      the list of String values of a claim attribute or empty List if claim or its attribute does not exist.