| Modifier and Type | Method and Description |
|---|---|
boolean |
isSigned(CharSequence compact)
Returns
true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false
otherwise. |
Jwt<?,?> |
parse(CharSequence jwt)
Parses the specified compact serialized JWT string based on the builder's current configuration state and
returns the resulting JWT, JWS, or JWE instance.
|
<T> T |
parse(CharSequence jwt,
JwtHandler<T> handler)
Deprecated.
since 0.12.0 in favor of
|
Jws<Claims> |
parseClaimsJws(CharSequence jws)
Deprecated.
since 0.12.0 in favor of
parseSignedClaims(CharSequence). |
Jwt<Header,Claims> |
parseClaimsJwt(CharSequence jwt)
Deprecated.
since 0.12.0 in favor of
parseUnsecuredClaims(CharSequence). |
Jws<byte[]> |
parseContentJws(CharSequence jws)
Deprecated.
since 0.12.0 in favor of
parseSignedContent(CharSequence). |
Jwt<Header,byte[]> |
parseContentJwt(CharSequence jwt)
Deprecated.
since 0.12.0 in favor of
parseUnsecuredContent(CharSequence). |
Jwe<Claims> |
parseEncryptedClaims(CharSequence jwe)
Parses the
jwe argument, expected to be an encrypted Claims JWE. |
Jwe<byte[]> |
parseEncryptedContent(CharSequence jwe)
Parses the
jwe argument, expected to be an encrypted content JWE. |
Jws<Claims> |
parseSignedClaims(CharSequence jws)
Parses the
jws argument, expected to be a cryptographically-signed Claims JWS. |
Jws<Claims> |
parseSignedClaims(CharSequence jws,
byte[] unencodedPayload)
Parses a JWS known to use the
RFC 7797: JSON Web Signature (JWS) Unencoded Payload
Option, using the specified
unencodedPayload for signature verification. |
Jws<Claims> |
parseSignedClaims(CharSequence jws,
InputStream unencodedPayload)
Parses a JWS known to use the
RFC 7797: JSON Web Signature (JWS) Unencoded Payload
Option, using the bytes from the specified
unencodedPayload stream for signature verification and
Claims creation. |
Jws<byte[]> |
parseSignedContent(CharSequence jws)
Parses the
jws argument, expected to be a cryptographically-signed content JWS. |
Jws<byte[]> |
parseSignedContent(CharSequence jws,
byte[] unencodedPayload)
Parses a JWS known to use the
RFC 7797: JSON Web Signature (JWS) Unencoded Payload
Option, using the specified
unencodedPayload for signature verification. |
Jws<byte[]> |
parseSignedContent(CharSequence jws,
InputStream unencodedPayload)
Parses a JWS known to use the
RFC 7797: JSON Web Signature (JWS) Unencoded Payload
Option, using the bytes from the specified
unencodedPayload stream for signature verification. |
Jwt<Header,Claims> |
parseUnsecuredClaims(CharSequence jwt)
Parses the
jwt argument, expected to be an unsecured Claims JWT. |
Jwt<Header,byte[]> |
parseUnsecuredContent(CharSequence jwt)
Parses the
jwt argument, expected to be an unsecured content JWT. |
boolean isSigned(CharSequence compact)
true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false
otherwise.
Note that if you are reasonably sure that the token is signed, it is more efficient to attempt to parse the token (and catching exceptions if necessary) instead of calling this method first before parsing.
compact - the compact serialized JWT to checktrue if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false
otherwise.Jwt<?,?> parse(CharSequence jwt) throws ExpiredJwtException, MalformedJwtException, SignatureException, SecurityException, IllegalArgumentException
Because it is often cumbersome to determine if the result is a JWT, JWS or JWE, or if the payload is a Claims
or byte[] array with instanceof checks, it may be useful to call the result's
accept(JwtVisitor) method for a type-safe callback approach instead of using if-then-else
instanceof conditionals. For example, instead of:
// NOT RECOMMENDED:
Jwt<?,?> jwt = parser.parse(input);
if (jwt instanceof Jwe<?>) {
Jwe<?> jwe = (Jwe<?>)jwt;
if (jwe.getPayload() instanceof Claims) {
Jwe<Claims> claimsJwe = (Jwe<Claims>)jwe;
// do something with claimsJwe
}
}the following alternative is usually preferred:
Jwe<Claims> jwe = parser.parse(input).accept(Jwe.CLAIMS);
parse in interface Parser<Jwt<?,?>>jwt - the compact serialized JWT to parseMalformedJwtException - if the specified JWT was incorrectly constructed (and therefore invalid).
Invalid JWTs should not be trusted and should be discarded.SignatureException - if a JWS signature was discovered, but could not be verified. JWTs that fail
signature validation should not be trusted and should be discarded.SecurityException - if the specified JWT string is a JWE and decryption failsExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time
before the time this method is invoked.IllegalArgumentException - if the specified string is null or empty or only whitespace.SignatureExceptionJwt.accept(JwtVisitor)@Deprecated <T> T parse(CharSequence jwt, JwtHandler<T> handler) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, SecurityException, IllegalArgumentException
parse(CharSequence).accept(visitor);parse* method immediately
followed by invoking the parsed JWT's accept method with your preferred visitor. For
example:
parse(jwt).accept(visitor);
This method will be removed before the 1.0 release.
T - the type of object returned from the handlerjwt - the compact serialized JWT to parsehandler - the handler to invoke when encountering a specific type of JWTJwtHandlerMalformedJwtException - if the specified JWT was incorrectly constructed (and therefore invalid).
Invalid JWTs should not be trusted and should be discarded.SignatureException - if a JWS signature was discovered, but could not be verified. JWTs that fail
signature validation should not be trusted and should be discarded.SecurityException - if the specified JWT string is a JWE and decryption failsExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time
before the time this method is invoked.IllegalArgumentException - if the specified string is null or empty or only whitespace, or if the
handler is null.UnsupportedJwtExceptionSignatureExceptionJwt.accept(JwtVisitor)@Deprecated Jwt<Header,byte[]> parseContentJwt(CharSequence jwt) throws UnsupportedJwtException, MalformedJwtException, SignatureException, SecurityException, IllegalArgumentException
parseUnsecuredContent(CharSequence).parseUnsecuredContent(CharSequence).
This method will be removed before the 1.0 release.
jwt - a compact serialized unsecured content JWT string.Jwt instance that reflects the specified compact JWT string.UnsupportedJwtException - if the jwt argument does not represent an unsecured content JWTMalformedJwtException - if the jwt string is not a valid JWTSignatureException - if the jwt string is actually a JWS and signature validation failsSecurityException - if the jwt string is actually a JWE and decryption failsIllegalArgumentException - if the jwt string is null or empty or only whitespaceSignatureExceptionparseUnsecuredContent(CharSequence),
Jwt.accept(JwtVisitor)@Deprecated Jwt<Header,Claims> parseClaimsJwt(CharSequence jwt) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, SecurityException, IllegalArgumentException
parseUnsecuredClaims(CharSequence).parseUnsecuredClaims(CharSequence).
This method will be removed before the 1.0 release.
jwt - a compact serialized unsecured Claims JWT string.Jwt instance that reflects the specified compact JWT string.UnsupportedJwtException - if the jwt argument does not represent an unsecured Claims JWTMalformedJwtException - if the jwt string is not a valid JWTSignatureException - if the jwt string is actually a JWS and signature validation failsSecurityException - if the jwt string is actually a JWE and decryption failsIllegalArgumentException - if the jwt string is null or empty or only whitespaceExpiredJwtExceptionSignatureExceptionparseUnsecuredClaims(CharSequence),
Jwt.accept(JwtVisitor)@Deprecated Jws<byte[]> parseContentJws(CharSequence jws) throws UnsupportedJwtException, MalformedJwtException, SignatureException, SecurityException, IllegalArgumentException
parseSignedContent(CharSequence).parseSignedContent(CharSequence).
This method will be removed before the 1.0 release.
jws - a compact content JWS stringUnsupportedJwtException - if the jws argument does not represent a content JWSMalformedJwtException - if the jws string is not a valid JWSSignatureException - if the jws JWS signature validation failsSecurityException - if the jws string is actually a JWE and decryption failsIllegalArgumentException - if the jws string is null or empty or only whitespaceSignatureExceptionparseSignedContent(CharSequence),
parseEncryptedContent(CharSequence),
parse(CharSequence)@Deprecated Jws<Claims> parseClaimsJws(CharSequence jws) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, SecurityException, IllegalArgumentException
parseSignedClaims(CharSequence).parseSignedClaims(CharSequence).jws - a compact Claims JWS string.UnsupportedJwtException - if the claimsJws argument does not represent an Claims JWSMalformedJwtException - if the claimsJws string is not a valid JWSSignatureException - if the claimsJws JWS signature validation failsSecurityException - if the jws string is actually a JWE and decryption failsExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time
before the time this method is invoked.IllegalArgumentException - if the claimsJws string is null or empty or only whitespaceSignatureExceptionparseSignedClaims(CharSequence),
parseEncryptedClaims(CharSequence),
parse(CharSequence)Jwt<Header,byte[]> parseUnsecuredContent(CharSequence jwt) throws JwtException, IllegalArgumentException
jwt argument, expected to be an unsecured content JWT. If the JWT creator set
the (optional) contentType header value, the application may inspect that
value to determine how to convert the byte array to the final content type as desired.
This is a convenience method logically equivalent to the following:
parse(jwt).accept(Jwt.UNSECURED_CONTENT);
jwt - a compact unsecured content JWT.UnsupportedJwtException - if the jwt argument does not represent an unsecured content JWTJwtException - if the jwt string cannot be parsed or validated as required.IllegalArgumentException - if the jwt string is null or empty or only whitespaceparse(CharSequence),
Jwt.accept(JwtVisitor)Jwt<Header,Claims> parseUnsecuredClaims(CharSequence jwt) throws JwtException, IllegalArgumentException
jwt argument, expected to be an unsecured Claims JWT. This is a
convenience method logically equivalent to the following:
parse(jwt).accept(Jwt.UNSECURED_CLAIMS);
jwt - a compact unsecured Claims JWT.UnsupportedJwtException - if the jwt argument does not represent an unsecured Claims JWTJwtException - if the jwt string cannot be parsed or validated as required.IllegalArgumentException - if the jwt string is null or empty or only whitespaceparse(CharSequence),
Jwt.accept(JwtVisitor)Jws<byte[]> parseSignedContent(CharSequence jws) throws JwtException, IllegalArgumentException
jws argument, expected to be a cryptographically-signed content JWS. If the JWS
creator set the (optional) contentType header value, the application may
inspect that value to determine how to convert the byte array to the final content type as desired.
This is a convenience method logically equivalent to the following:
parse(jws).accept(Jws.CONTENT);
jws - a compact cryptographically-signed content JWS.UnsupportedJwtException - if the jws argument does not represent a signed content JWSJwtException - if the jws string cannot be parsed or validated as required.IllegalArgumentException - if the jws string is null or empty or only whitespaceparse(CharSequence),
Jwt.accept(JwtVisitor)Jws<byte[]> parseSignedContent(CharSequence jws, byte[] unencodedPayload)
unencodedPayload for signature verification.
Unencoded Non-Detached Payload
Note that if the JWS contains a valid unencoded Payload string (what RFC 7797 calls an
"unencoded non-detached
payload", the unencodedPayload method argument will be ignored, as the JWS already includes
the payload content necessary for signature verification.
jws - the Unencoded Payload JWS to parse.unencodedPayload - the JWS's associated required unencoded payload used for signature verification.Jws<byte[]> parseSignedContent(CharSequence jws, InputStream unencodedPayload)
unencodedPayload stream for signature verification.
Because it is not possible to know how large the unencodedPayload stream will be, the stream bytes
will not be buffered in memory, ensuring the resulting Jws return value's Jwt.getPayload()
is always empty. This is generally not a concern since the caller already has access to the stream bytes and
may obtain them independently before or after calling this method if they are needed otherwise.
Unencoded Non-Detached Payload
Note that if the JWS contains a valid unencoded payload String (what RFC 7797 calls an
"unencoded non-detached
payload", the unencodedPayload method argument will be ignored, as the JWS already includes
the payload content necessary for signature verification. In this case the resulting Jws return
value's Jwt.getPayload() will contain the embedded payload String's UTF-8 bytes.
jws - the Unencoded Payload JWS to parse.unencodedPayload - the JWS's associated required unencoded payload used for signature verification.Jws<Claims> parseSignedClaims(CharSequence jws) throws JwtException, IllegalArgumentException
jws argument, expected to be a cryptographically-signed Claims JWS. This is a
convenience method logically equivalent to the following:
parse(jws).accept(Jws.CLAIMS);
jws - a compact cryptographically-signed Claims JWS.UnsupportedJwtException - if the jwt argument does not represent a signed Claims JWTJwtException - if the jwt string cannot be parsed or validated as required.IllegalArgumentException - if the jwt string is null or empty or only whitespaceparse(CharSequence),
Jwt.accept(JwtVisitor)Jws<Claims> parseSignedClaims(CharSequence jws, byte[] unencodedPayload) throws JwtException, IllegalArgumentException
unencodedPayload for signature verification.
Unencoded Non-Detached Payload
Note that if the JWS contains a valid unencoded payload String (what RFC 7797 calls an
"unencoded non-detached
payload", the unencodedPayload method argument will be ignored, as the JWS already includes
the payload content necessary for signature verification and claims creation.
jws - the Unencoded Payload JWS to parse.unencodedPayload - the JWS's associated required unencoded payload used for signature verification.JwtException - if parsing, signature verification, or JWT validation fails.IllegalArgumentException - if either the jws or unencodedPayload are null or empty.Jws<Claims> parseSignedClaims(CharSequence jws, InputStream unencodedPayload) throws JwtException, IllegalArgumentException
unencodedPayload stream for signature verification and
Claims creation.
NOTE: however, because calling this method indicates a completed
Claims instance is desired, the specified unencodedPayload JSON stream will be fully
read into a Claims instance. If this will be problematic for your application (perhaps if you expect extremely
large Claims), it is recommended to use the parseSignedContent(CharSequence, InputStream) method
instead.
Unencoded Non-Detached Payload
Note that if the JWS contains a valid unencoded Payload string (what RFC 7797 calls an
"unencoded non-detached
payload", the unencodedPayload method argument will be ignored, as the JWS already includes
the payload content necessary for signature verification and Claims creation.
jws - the Unencoded Payload JWS to parse.unencodedPayload - the JWS's associated required unencoded payload used for signature verification.JwtException - if parsing, signature verification, or JWT validation fails.IllegalArgumentException - if either the jws or unencodedPayload are null or empty.Jwe<byte[]> parseEncryptedContent(CharSequence jwe) throws JwtException, IllegalArgumentException
jwe argument, expected to be an encrypted content JWE. If the JWE
creator set the (optional) contentType header value, the application may
inspect that value to determine how to convert the byte array to the final content type as desired.
This is a convenience method logically equivalent to the following:
parse(jwe).accept(Jwe.CONTENT);
jwe - a compact encrypted content JWE.UnsupportedJwtException - if the jwe argument does not represent an encrypted content JWEJwtException - if the jwe string cannot be parsed or validated as required.IllegalArgumentException - if the jwe string is null or empty or only whitespaceparse(CharSequence),
Jwt.accept(JwtVisitor)Jwe<Claims> parseEncryptedClaims(CharSequence jwe) throws JwtException, IllegalArgumentException
jwe argument, expected to be an encrypted Claims JWE. This is a
convenience method logically equivalent to the following:
parse(jwe).accept(Jwe.CLAIMS);
jwe - a compact encrypted Claims JWE.UnsupportedJwtException - if the jwe argument does not represent an encrypted Claims JWE.JwtException - if the jwe string cannot be parsed or validated as required.IllegalArgumentException - if the jwe string is null or empty or only whitespaceparse(CharSequence),
Jwt.accept(JwtVisitor)Copyright © 2014–2025 jsonwebtoken.io. All rights reserved.