Class IdToken
- java.lang.Object
-
- com.google.api.client.json.webtoken.JsonWebToken
-
- com.google.api.client.json.webtoken.JsonWebSignature
-
- com.google.api.client.auth.openidconnect.IdToken
-
@Beta public class IdToken extends com.google.api.client.json.webtoken.JsonWebSignature
Beta
ID token as described in ID Token.Use
parse(JsonFactory, String)
to parse an ID token from a string. Then, use theverify
methods to verify the ID token as required by the specification.Implementation is not thread-safe.
- Since:
- 1.14
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
IdToken.Payload
Beta
ID token payload.
-
Constructor Summary
Constructors Constructor Description IdToken(com.google.api.client.json.webtoken.JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description IdToken.Payload
getPayload()
static IdToken
parse(com.google.api.client.json.JsonFactory jsonFactory, java.lang.String idTokenString)
Parses the given ID token string and returns the parsed ID token.boolean
verifyAudience(java.util.Collection<java.lang.String> trustedClientIds)
Returns whether the audience in the payload contains only client IDs that are trusted as specified in step 2 of ID Token Validation.boolean
verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
Returns whether theJsonWebToken.Payload.getExpirationTimeSeconds()
is valid relative to the current time, allowing for a clock skew as specified in step 5 of ID Token Validation.boolean
verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
Returns whether theJsonWebToken.Payload.getIssuedAtTimeSeconds()
is valid relative to the current time, allowing for a clock skew as specified in step 6 of ID Token Validation.boolean
verifyIssuer(java.lang.String expectedIssuer)
Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.boolean
verifyIssuer(java.util.Collection<java.lang.String> expectedIssuer)
Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.boolean
verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
Returns whether theJsonWebToken.Payload.getExpirationTimeSeconds()
andJsonWebToken.Payload.getIssuedAtTimeSeconds()
are valid relative to the current time, allowing for a clock skew as specified in steps 5 and 6 of ID Token Validation.
-
-
-
Constructor Detail
-
IdToken
public IdToken(com.google.api.client.json.webtoken.JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
- Parameters:
header
- headerpayload
- payloadsignatureBytes
- bytes of the signaturesignedContentBytes
- bytes of the signature content
-
-
Method Detail
-
getPayload
public IdToken.Payload getPayload()
- Overrides:
getPayload
in classcom.google.api.client.json.webtoken.JsonWebToken
-
verifyIssuer
public final boolean verifyIssuer(java.lang.String expectedIssuer)
Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.- Parameters:
expectedIssuer
- expected issuer
-
verifyIssuer
public final boolean verifyIssuer(java.util.Collection<java.lang.String> expectedIssuer)
Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation. When an issuer is migrating to a new issuer string the expected issuer has multiple aliases, so multiple are permitted here.- Since:
- 1.21.0
-
verifyAudience
public final boolean verifyAudience(java.util.Collection<java.lang.String> trustedClientIds)
Returns whether the audience in the payload contains only client IDs that are trusted as specified in step 2 of ID Token Validation.- Parameters:
trustedClientIds
- list of trusted client IDs
-
verifyTime
public final boolean verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
Returns whether theJsonWebToken.Payload.getExpirationTimeSeconds()
andJsonWebToken.Payload.getIssuedAtTimeSeconds()
are valid relative to the current time, allowing for a clock skew as specified in steps 5 and 6 of ID Token Validation.- Parameters:
currentTimeMillis
- current time in milliseconds (typicallySystem.currentTimeMillis()
)acceptableTimeSkewSeconds
- seconds of acceptable clock skew
-
verifyExpirationTime
public final boolean verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
Returns whether theJsonWebToken.Payload.getExpirationTimeSeconds()
is valid relative to the current time, allowing for a clock skew as specified in step 5 of ID Token Validation.- Parameters:
currentTimeMillis
- current time in milliseconds (typicallySystem.currentTimeMillis()
)acceptableTimeSkewSeconds
- seconds of acceptable clock skew
-
verifyIssuedAtTime
public final boolean verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
Returns whether theJsonWebToken.Payload.getIssuedAtTimeSeconds()
is valid relative to the current time, allowing for a clock skew as specified in step 6 of ID Token Validation.- Parameters:
currentTimeMillis
- current time in milliseconds (typicallySystem.currentTimeMillis()
)acceptableTimeSkewSeconds
- seconds of acceptable clock skew
-
parse
public static IdToken parse(com.google.api.client.json.JsonFactory jsonFactory, java.lang.String idTokenString) throws java.io.IOException
Parses the given ID token string and returns the parsed ID token.- Parameters:
jsonFactory
- JSON factoryidTokenString
- ID token string- Returns:
- parsed ID token
- Throws:
java.io.IOException
-
-