Package io.smallrye.jwt.build

Class Jwt

  • public final class Jwt
extends Object
    Factory class for creating JwtClaimsBuilder which produces signed, encrypted or signed first and then encrypted JWT tokens.

    The following example shows how to initialize a JwtClaimsBuilder from an existing resource containing the claims in a JSON format and produce a signed JWT token with a configured signing key: 

     
 String = Jwt.claims("/tokenClaims.json").sign();

    The next example shows how to use JwtClaimsBuilder to add the claims and encrypt a JSON representation of these claims with a configured encrypting key: 

     
 String = Jwt.claims().issuer("https://issuer.org").claim("custom-claim", "custom-value").encrypt();

    The final example shows how to initialize a JwtClaimsBuilder from an existing resource containing the claims in a JSON format, produce an inner signed JWT token with a configured signing key and encrypt it with a configured encrypting key. 

     
 String = Jwt.claims("/tokenClaims.json").innerSign().encrypt();

    • Constructor Detail

      • Jwt

        public Jwt()

    • Method Detail

      • claim

        public static JwtClaimsBuilder claim​(org.eclipse.microprofile.jwt.Claims name,
                                     Object value)
        Creates a new instance of JwtClaimsBuilder with a specified claim. Simple claim value are converted to String unless it is an instance of Boolean, Number, Instant or PublicKey.

        Instant values have their number of seconds from the epoch converted to long.

        PublicKey values are converted to JSON Web Key (JWK) representations.

        Array claims can be set as Collection or JsonArray, complex claims can be set as Map or JsonObject. The members of the array claims can be complex claims.

        Types of the claims directly supported by this builder are enforced. The 'iss' (issuer), 'sub' (subject), 'upn', 'preferred_username' and 'jti' (token identifier) claims must be of String type. The 'aud' (audience) and 'groups' claims must be either of String or Collection of String type. The 'iat' (issued at) and 'exp' (expires at) claims must be either of long or Instant type.

        Parameters:
        name - the claim name
        value - the claim value
        Returns:
        JwtClaimsBuilder
        Throws:
        IllegalArgumentException - - if the type of the claim directly supported by JwtClaimsBuilder is wrong

      • claim

        public static JwtClaimsBuilder claim​(String name,
                                     Object value)
        Creates a new instance of JwtClaimsBuilder with a specified claim. Simple claim value are converted to String unless it is an instance of Boolean, Number, Instant or PublicKey.

        Instant values have their number of seconds from the epoch converted to long.

        PublicKey values are converted to JSON Web Key (JWK) representations.

        Array claims can be set as Collection or JsonArray, complex claims can be set as Map or JsonObject. The members of the array claims can be complex claims.

        Types of the claims directly supported by this builder are enforced. The 'iss' (issuer), 'sub' (subject), 'upn', 'preferred_username' and 'jti' (token identifier) claims must be of String type. The 'aud' (audience) and 'groups' claims must be either of String or Collection of String type. The 'iat' (issued at) and 'exp' (expires at) claims must be either of long or Instant type.

        Parameters:
        name - the claim name
        value - the claim value
        Returns:
        JwtClaimsBuilder
        Throws:
        IllegalArgumentException - - if the type of the claim directly supported by JwtClaimsBuilder is wrong

      • preferredUserName

        public static JwtClaimsBuilder preferredUserName​(String preferredUserName)
        Creates a new instance of JwtClaimsBuilder with a specified 'preferred_username' claim.
        Parameters:
        preferredUserName - the preferred user name
        Returns:
        JwtClaimsBuilder

      • sign

        public static String sign​(String jsonLocation)
        Sign the claims loaded from a JSON resource using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location". Private RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        jsonLocation - JSON resource location
        Returns:
        signed JWT token
        Throws:
        JwtSignatureException - the exception if the signing operation has failed

      • sign

        public static String sign​(Map<String,​Object> claims)
        Sign the claims using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location". Private RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        claims - the map with the claim name and value pairs. Claim value is converted to String unless it is an instance of Boolean, Number, Collection, Map, JsonObject or JsonArray
        Returns:
        signed JWT token
        Throws:
        JwtSignatureException - the exception if the signing operation has failed

      • sign

        public static String sign​(jakarta.json.JsonObject jsonObject)
        Sign the claims loaded from JsonObject using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location". Private RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        jsonObject - JsonObject containing the claims.
        Returns:
        signed JWT token
        Throws:
        JwtSignatureException - the exception if the signing operation has failed

      • signJson

        public static String signJson​(String json)
        Sign the claims from a JSON string using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location". Private RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        json - JSON string
        Returns:
        signed JWT token
        Throws:
        JwtSignatureException - the exception if the signing operation has failed

      • encrypt

        public static String encrypt​(String jsonLocation)
        Encrypt the claims loaded from a JSON resource using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        jsonLocation - JSON resource location
        Returns:
        encrypted JWT token
        Throws:
        JwtEncryptionException - the exception if the encryption operation has failed

      • encrypt

        public static String encrypt​(Map<String,​Object> claims)
        Encrypt the claims using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        claims - the map with the claim name and value pairs. Claim value is converted to String unless it is an instance of Boolean, Number, Collection, Map, JsonObject or JsonArray
        Returns:
        encrypted JWT token
        Throws:
        JwtEncryptionException - the exception if the encryption operation has failed

      • encrypt

        public static String encrypt​(jakarta.json.JsonObject jsonObject)
        Encrypt the claims loaded from JsonObject using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        jsonObject - JsonObject containing the claims.
        Returns:
        encrypted JWT token
        Throws:
        JwtEncryptionException - the exception if the encryption operation has failed

      • encryptJson

        public static String encryptJson​(String json)
        Encrypt the claims from a JSON string using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        json - JSON string
        Returns:
        encrypted JWT token
        Throws:
        JwtEncryptionException - the exception if the encryption operation has failed

      • innerSignAndEncrypt

        public static String innerSignAndEncrypt​(String jsonLocation)
        Sign the claims loaded from a JSON resource using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        jsonLocation - JSON resource location
        Returns:
        encrypted JWT token
        Throws:
        JwtEncryptionException - the exception if the encryption operation has failed

      • innerSignAndEncrypt

        public static String innerSignAndEncrypt​(Map<String,​Object> claims)
        Sign the claims using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        claims - the map with the claim name and value pairs. Claim value is converted to String unless it is an instance of Boolean, Number, Collection, Map, JsonObject or JsonArray
        Returns:
        encrypted JWT token
        Throws:
        JwtEncryptionException - the exception if the encryption operation has failed

      • innerSignAndEncrypt

        public static String innerSignAndEncrypt​(jakarta.json.JsonObject jsonObject)
        Sign the claims loaded from JsonObject using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        jsonObject - JsonObject containing the claims.
        Returns:
        encrypted JWT token
        Throws:
        JwtEncryptionException - the exception if the encryption operation has failed

      • innerSignAndEncryptJson

        public static String innerSignAndEncryptJson​(String json)
        Sign the claims from a JSON string using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
        Parameters:
        json - JSON string
        Returns:
        encrypted JWT token
        Throws:
        JwtEncryptionException - the exception if the encryption operation has failed