Package com.auth0.jwt

Class JWTVerifier.BaseVerification

  • All Implemented Interfaces:
    Verification
    Enclosing class:
    JWTVerifier

    public static class JWTVerifier.BaseVerification
    extends java.lang.Object
    implements Verification
    Verification implementation that accepts all the expected Claim values for verification, and builds a JWTVerifier used to verify a JWT's signature and expected claims. Note that this class is not thread-safe. Calling build() returns an instance of JWTVerifier which can be reused.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      Verification acceptExpiresAt​(long leeway)
      Set a specific leeway window in seconds in which the Expires At ("exp") Claim will still be valid.
      Verification acceptIssuedAt​(long leeway)
      Set a specific leeway window in seconds in which the Issued At ("iat") Claim will still be valid.
      Verification acceptLeeway​(long leeway)
      Define the default window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.
      Verification acceptNotBefore​(long leeway)
      Set a specific leeway window in seconds in which the Not Before ("nbf") Claim will still be valid.
      JWTVerifier build()
      Creates a new and reusable instance of the JWTVerifier with the configuration already provided.
      JWTVerifier build​(java.time.Clock clock)
      Creates a new and reusable instance of the JWTVerifier with the configuration already provided.
      long getLeewayFor​(java.lang.String name)
      Fetches the Leeway set for claim or returns the defaultLeeway.
      Verification ignoreIssuedAt()
      Skip the Issued At ("iat") claim verification.
      Verification withAnyOfAudience​(java.lang.String... audience)
      Verifies whether the JWT contains an Audience ("aud") claim contain at least one of the specified audiences.
      Verification withArrayClaim​(java.lang.String name, java.lang.Integer... items)
      Verifies whether the claim contain at least the given Integer items.
      Verification withArrayClaim​(java.lang.String name, java.lang.Long... items)
      Verifies whether the claim contain at least the given Long items.
      Verification withArrayClaim​(java.lang.String name, java.lang.String... items)
      Verifies whether the claim contain at least the given String items.
      Verification withAudience​(java.lang.String... audience)
      Verifies whether the JWT contains an Audience ("aud") claim that contains all the values provided.
      Verification withClaim​(java.lang.String name, java.lang.Boolean value)
      Verifies whether the claim is equal to the given Boolean value.
      Verification withClaim​(java.lang.String name, java.lang.Double value)
      Verifies whether the claim is equal to the given Integer value.
      Verification withClaim​(java.lang.String name, java.lang.Integer value)
      Verifies whether the claim is equal to the given Integer value.
      Verification withClaim​(java.lang.String name, java.lang.Long value)
      Verifies whether the claim is equal to the given Long value.
      Verification withClaim​(java.lang.String name, java.lang.String value)
      Verifies whether the claim is equal to the given String value.
      Verification withClaim​(java.lang.String name, java.time.Instant value)
      Verifies whether the claim is equal to the given Instant value.
      Verification withClaim​(java.lang.String name, java.util.Date value)
      Verifies whether the claim is equal to the given Date value.
      Verification withClaim​(java.lang.String name, java.util.function.BiPredicate<Claim,​DecodedJWT> predicate)
      Executes the predicate provided and the validates the JWT if the predicate returns true.
      Verification withClaimPresence​(java.lang.String name)
      Verifies whether the claim is present in the JWT, with any value including null.
      Verification withIssuer​(java.lang.String... issuer)
      Verifies whether the JWT contains an Issuer ("iss") claim that contains all the values provided.
      Verification withJWTId​(java.lang.String jwtId)
      Verifies whether the JWT contains a JWT ID ("jti") claim that equals to the value provided.
      Verification withNullClaim​(java.lang.String name)
      Verifies whether the claim is present with a null value.
      Verification withSubject​(java.lang.String subject)
      Verifies whether the JWT contains a Subject ("sub") claim that equals to the value provided.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • withIssuer

        public Verification withIssuer​(java.lang.String... issuer)
        Description copied from interface: Verification
        Verifies whether the JWT contains an Issuer ("iss") claim that contains all the values provided. This check is case-sensitive. An empty array is considered as a null.
        Specified by:
        withIssuer in interface Verification
        Parameters:
        issuer - the required Issuer value. If multiple values are given, the claim must at least match one of them
        Returns:
        this same Verification instance.
      • withSubject

        public Verification withSubject​(java.lang.String subject)
        Description copied from interface: Verification
        Verifies whether the JWT contains a Subject ("sub") claim that equals to the value provided. This check is case-sensitive.
        Specified by:
        withSubject in interface Verification
        Parameters:
        subject - the required Subject value
        Returns:
        this same Verification instance.
      • withAudience

        public Verification withAudience​(java.lang.String... audience)
        Description copied from interface: Verification
        Verifies whether the JWT contains an Audience ("aud") claim that contains all the values provided. This check is case-sensitive. An empty array is considered as a null.
        Specified by:
        withAudience in interface Verification
        Parameters:
        audience - the required Audience value
        Returns:
        this same Verification instance.
      • withAnyOfAudience

        public Verification withAnyOfAudience​(java.lang.String... audience)
        Description copied from interface: Verification
        Verifies whether the JWT contains an Audience ("aud") claim contain at least one of the specified audiences. This check is case-sensitive. An empty array is considered as a null.
        Specified by:
        withAnyOfAudience in interface Verification
        Parameters:
        audience - the required Audience value for which the "aud" claim must contain at least one value.
        Returns:
        this same Verification instance.
      • acceptLeeway

        public Verification acceptLeeway​(long leeway)
                                  throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Define the default window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid. Setting a specific leeway value on a given Claim will override this value for that Claim.
        Specified by:
        acceptLeeway in interface Verification
        Parameters:
        leeway - the window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if leeway is negative.
      • acceptExpiresAt

        public Verification acceptExpiresAt​(long leeway)
                                     throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Set a specific leeway window in seconds in which the Expires At ("exp") Claim will still be valid. Expiration Date is always verified when the value is present. This method overrides the value set with acceptLeeway
        Specified by:
        acceptExpiresAt in interface Verification
        Parameters:
        leeway - the window in seconds in which the Expires At Claim will still be valid.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if leeway is negative.
      • acceptNotBefore

        public Verification acceptNotBefore​(long leeway)
                                     throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Set a specific leeway window in seconds in which the Not Before ("nbf") Claim will still be valid. Not Before Date is always verified when the value is present. This method overrides the value set with acceptLeeway
        Specified by:
        acceptNotBefore in interface Verification
        Parameters:
        leeway - the window in seconds in which the Not Before Claim will still be valid.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if leeway is negative.
      • acceptIssuedAt

        public Verification acceptIssuedAt​(long leeway)
                                    throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Set a specific leeway window in seconds in which the Issued At ("iat") Claim will still be valid. This method overrides the value set with Verification.acceptLeeway(long). By default, the Issued At claim is always verified when the value is present, unless disabled with Verification.ignoreIssuedAt(). If Issued At verification has been disabled, no verification of the Issued At claim will be performed, and this method has no effect.
        Specified by:
        acceptIssuedAt in interface Verification
        Parameters:
        leeway - the window in seconds in which the Issued At Claim will still be valid.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if leeway is negative.
      • ignoreIssuedAt

        public Verification ignoreIssuedAt()
        Description copied from interface: Verification
        Skip the Issued At ("iat") claim verification. By default, the verification is performed.
        Specified by:
        ignoreIssuedAt in interface Verification
        Returns:
        this same Verification instance.
      • withJWTId

        public Verification withJWTId​(java.lang.String jwtId)
        Description copied from interface: Verification
        Verifies whether the JWT contains a JWT ID ("jti") claim that equals to the value provided. This check is case-sensitive.
        Specified by:
        withJWTId in interface Verification
        Parameters:
        jwtId - the required ID value
        Returns:
        this same Verification instance.
      • withClaimPresence

        public Verification withClaimPresence​(java.lang.String name)
                                       throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim is present in the JWT, with any value including null.
        Specified by:
        withClaimPresence in interface Verification
        Parameters:
        name - the Claim's name.
        Returns:
        this same Verification instance
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withNullClaim

        public Verification withNullClaim​(java.lang.String name)
                                   throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim is present with a null value.
        Specified by:
        withNullClaim in interface Verification
        Parameters:
        name - the Claim's name.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withClaim

        public Verification withClaim​(java.lang.String name,
                                      java.lang.Boolean value)
                               throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim is equal to the given Boolean value.
        Specified by:
        withClaim in interface Verification
        Parameters:
        name - the Claim's name.
        value - the Claim's value.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withClaim

        public Verification withClaim​(java.lang.String name,
                                      java.lang.Integer value)
                               throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim is equal to the given Integer value.
        Specified by:
        withClaim in interface Verification
        Parameters:
        name - the Claim's name.
        value - the Claim's value.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withClaim

        public Verification withClaim​(java.lang.String name,
                                      java.lang.Long value)
                               throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim is equal to the given Long value.
        Specified by:
        withClaim in interface Verification
        Parameters:
        name - the Claim's name.
        value - the Claim's value.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withClaim

        public Verification withClaim​(java.lang.String name,
                                      java.lang.Double value)
                               throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim is equal to the given Integer value.
        Specified by:
        withClaim in interface Verification
        Parameters:
        name - the Claim's name.
        value - the Claim's value.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withClaim

        public Verification withClaim​(java.lang.String name,
                                      java.lang.String value)
                               throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim is equal to the given String value. This check is case-sensitive.
        Specified by:
        withClaim in interface Verification
        Parameters:
        name - the Claim's name.
        value - the Claim's value.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withClaim

        public Verification withClaim​(java.lang.String name,
                                      java.util.Date value)
                               throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim is equal to the given Date value. Note that date-time claims are serialized as seconds since the epoch; when verifying date-time claim value, any time units more granular than seconds will not be considered.
        Specified by:
        withClaim in interface Verification
        Parameters:
        name - the Claim's name.
        value - the Claim's value.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withClaim

        public Verification withClaim​(java.lang.String name,
                                      java.time.Instant value)
                               throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim is equal to the given Instant value. Note that date-time claims are serialized as seconds since the epoch; when verifying a date-time claim value, any time units more granular than seconds will not be considered.
        Specified by:
        withClaim in interface Verification
        Parameters:
        name - the Claim's name.
        value - the Claim's value.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withClaim

        public Verification withClaim​(java.lang.String name,
                                      java.util.function.BiPredicate<Claim,​DecodedJWT> predicate)
                               throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Executes the predicate provided and the validates the JWT if the predicate returns true.
        Specified by:
        withClaim in interface Verification
        Parameters:
        name - the Claim's name
        predicate - the predicate check to be done.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withArrayClaim

        public Verification withArrayClaim​(java.lang.String name,
                                           java.lang.String... items)
                                    throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim contain at least the given String items.
        Specified by:
        withArrayClaim in interface Verification
        Parameters:
        name - the Claim's name.
        items - the items the Claim must contain.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withArrayClaim

        public Verification withArrayClaim​(java.lang.String name,
                                           java.lang.Integer... items)
                                    throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim contain at least the given Integer items.
        Specified by:
        withArrayClaim in interface Verification
        Parameters:
        name - the Claim's name.
        items - the items the Claim must contain.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • withArrayClaim

        public Verification withArrayClaim​(java.lang.String name,
                                           java.lang.Long... items)
                                    throws java.lang.IllegalArgumentException
        Description copied from interface: Verification
        Verifies whether the claim contain at least the given Long items.
        Specified by:
        withArrayClaim in interface Verification
        Parameters:
        name - the Claim's name.
        items - the items the Claim must contain.
        Returns:
        this same Verification instance.
        Throws:
        java.lang.IllegalArgumentException - if the name is null.
      • build

        public JWTVerifier build()
        Description copied from interface: Verification
        Creates a new and reusable instance of the JWTVerifier with the configuration already provided.
        Specified by:
        build in interface Verification
        Returns:
        a new JWTVerifier instance.
      • build

        public JWTVerifier build​(java.time.Clock clock)
        Creates a new and reusable instance of the JWTVerifier with the configuration already provided. ONLY FOR TEST PURPOSES.
        Parameters:
        clock - the instance that will handle the current time.
        Returns:
        a new JWTVerifier instance with a custom Clock
      • getLeewayFor

        public long getLeewayFor​(java.lang.String name)
        Fetches the Leeway set for claim or returns the defaultLeeway.
        Parameters:
        name - Claim for which leeway is fetched
        Returns:
        Leeway value set for the claim