io.fusionauth.jwt

Class JWTDecoder

java.lang.Object

io.fusionauth.jwt.JWTDecoder

Direct Known Subclasses:

TimeMachineJWTDecoder

public class JWTDecoder
extends Object

Author:

Daniel DeGroff

Constructor Summary

Constructors

Constructor and Description
JWTDecoder()

Method Summary

Modifier and Type	Method and Description
JWT	decode(String encodedJWT, java.util.function.Function<String,Verifier> verifierFunction) Decode the JWT using one of they provided verifiers.
JWT	decode(String encodedJWT, java.util.function.Function<String,Verifier> verifierFunction, java.util.function.Function<Header,String> keyFunction) Decode the JWT using one of they provided verifiers.
JWT	decode(String encodedJWT, Map<String,Verifier> verifiers) Decode the JWT using one of they provided verifiers.
JWT	decode(String encodedJWT, Map<String,Verifier> verifiers, java.util.function.Function<Header,String> keyFunction) Decode the JWT using one of they provided verifiers.
JWT	decode(String encodedJWT, Verifier... verifiers) Decode the JWT using one of they provided verifiers.
protected java.time.ZonedDateTime	now()
JWTDecoder	withClockSkew(int clockSkew) Specify the number of seconds allowed for clock skew used for calculating the expiration and not before instants of a JWT.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JWTDecoder

public JWTDecoder()

Method Detail

decode

public JWT decode(String encodedJWT,
                  Verifier... verifiers)

Decode the JWT using one of they provided verifiers. One more verifiers may be provided, the first verifier found supporting the algorithm reported by the JWT header will be utilized.

A JWT that is expired or not yet valid will not be decoded, instead a JWTExpiredException or JWTUnavailableForProcessingException exception will be thrown respectively.

Parameters:

encodedJWT - The encoded JWT in string format.

verifiers - A map of verifiers.

Returns:

a decoded JWT.

withClockSkew

public JWTDecoder withClockSkew(int clockSkew)

Specify the number of seconds allowed for clock skew used for calculating the expiration and not before instants of a JWT.

The default value is 0.

Parameters:

clockSkew - the number of seconds allowed for clock skew.

Returns:

this

decode

public JWT decode(String encodedJWT,
                  Map<String,Verifier> verifiers)

Decode the JWT using one of they provided verifiers. A JWT header value named kid is expected to contain the key to look up the correct verifier.

A JWT that is expired or not yet valid will not be decoded, instead a JWTExpiredException or JWTUnavailableForProcessingException exception will be thrown respectively.

Parameters:

encodedJWT - The encoded JWT in string format.

verifiers - A map of verifiers.

Returns:

a decoded JWT.

decode

public JWT decode(String encodedJWT,
                  java.util.function.Function<String,Verifier> verifierFunction)

Decode the JWT using one of they provided verifiers. A JWT header value named kid is expected to contain the key to look up the correct verifier.

A JWT that is expired or not yet valid will not be decoded, instead a JWTExpiredException or JWTUnavailableForProcessingException exception will be thrown respectively.

Parameters:

encodedJWT - The encoded JWT in string format.

verifierFunction - A function that takes a key identifier and returns a verifier.

Returns:

a decoded JWT.

decode

public JWT decode(String encodedJWT,
                  java.util.function.Function<String,Verifier> verifierFunction,
                  java.util.function.Function<Header,String> keyFunction)

Decode the JWT using one of they provided verifiers. A JWT header value named kid is expected to contain the key to look up the correct verifier.

A JWT that is expired or not yet valid will not be decoded, instead a JWTExpiredException or JWTUnavailableForProcessingException exception will be thrown respectively.

Parameters:

encodedJWT - The encoded JWT in string format.

verifierFunction - A function that takes a key identifier returns a verifier.

keyFunction - A function used to look up the verifier key from the header.

Returns:

a decoded JWT.

decode

public JWT decode(String encodedJWT,
                  Map<String,Verifier> verifiers,
                  java.util.function.Function<Header,String> keyFunction)

Decode the JWT using one of they provided verifiers. The key used to look up the correct verifier is provided by the keyFunction. The key function is provided the JWT header and is expected to return a string key to look up the correct verifier.

A JWT that is expired or not yet valid will not be decoded, instead a JWTExpiredException or JWTUnavailableForProcessingException exception will be thrown respectively.

Parameters:

encodedJWT - The encoded JWT in string format.

verifiers - A map of verifiers.

keyFunction - A function used to look up the verifier key from the header.

Returns:

a decoded JWT.

now

protected java.time.ZonedDateTime now()

Returns:

the 'now' to be used to validate 'exp' and 'nbf' claims.