Package org.forgerock.oauth2.core

Class OAuth2Jwt

  • public class OAuth2Jwt
extends Object
    Parses a JWT string and offers methods to validate the JWT is valid for the use as an OAuth2 authorization grant or for OAuth2 client authentication.
    Since:
    12.0.0

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static OAuth2Jwt create​(String jwtString)
      Creates an OAuth2Jwt instance from the provided JWT string.
      org.forgerock.json.jose.jws.SignedJwt getSignedJwt()
      Gets the Signed JWT.
      String getSubject()
      Gets the JWT subject.
      boolean isContentValid()
      Verifies that the JWT is valid by: ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims ensuring the JWT expiry is not unreasonably far in the future ensuring the JWT has not expired ensuring the JWT is not being used before its 'not before time' ensuring the JWT issued at time is not unreasonably far in the past
      boolean isExpired()
      Checks that the JWT has not expired.
      boolean isIntendedForAudience​(String audience)
      Checks that the JWT is intended for the provided audience.
      boolean isValid​(org.forgerock.json.jose.jws.handlers.SigningHandler signingHandler)
      Verifies that the JWT is valid by: verifying the signature ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims ensuring the JWT expiry is not unreasonably far in the future ensuring the JWT has not expired ensuring the JWT is not being used before its 'not before time' ensuring the JWT issued at time is not unreasonably far in the past

    • Method Detail

      • create

        public static OAuth2Jwt create​(String jwtString)
        Creates an OAuth2Jwt instance from the provided JWT string.
        Parameters:
        jwtString - The JWT string.
        Returns:
        An OAuth2Jwt instance.

      • isValid

        public boolean isValid​(org.forgerock.json.jose.jws.handlers.SigningHandler signingHandler)
        Verifies that the JWT is valid by:
        • verifying the signature
        • ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims
        • ensuring the JWT expiry is not unreasonably far in the future
        • ensuring the JWT has not expired
        • ensuring the JWT is not being used before its 'not before time'
        • ensuring the JWT issued at time is not unreasonably far in the past
        Parameters:
        signingHandler - The SigningHandler instance to verify the JWT signature with.
        Returns:
        true if the JWT meets all the expectations.

      • isContentValid

        public boolean isContentValid()
        Verifies that the JWT is valid by:
        • ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims
        • ensuring the JWT expiry is not unreasonably far in the future
        • ensuring the JWT has not expired
        • ensuring the JWT is not being used before its 'not before time'
        • ensuring the JWT issued at time is not unreasonably far in the past
        Returns:
        true if the JWT meets all the expectations.

      • isExpired

        public boolean isExpired()
        Checks that the JWT has not expired.
        Returns:
        true if the JWT has expired.

      • isIntendedForAudience

        public boolean isIntendedForAudience​(String audience)
        Checks that the JWT is intended for the provided audience.
        Parameters:
        audience - The audience.
        Returns:
        true if the JWT 'audience' claim contains the provided audience.

      • getSubject

        public String getSubject()
        Gets the JWT subject.
        Returns:
        The JWT subject.

      • getSignedJwt

        public org.forgerock.json.jose.jws.SignedJwt getSignedJwt()
        Gets the Signed JWT.