OAuth2Jwt (OpenAM Project 15.1.7-SNAPSHOT API)

java.lang.Object
- org.forgerock.oauth2.core.OAuth2Jwt

```
public class OAuth2Jwt
extends Object
```
Parses a JWT string and offers methods to validate the JWT is valid for the use as an OAuth2 authorization grant or for OAuth2 client authentication.

Since:

12.0.0

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`static OAuth2Jwt`	`create(String jwtString)` Creates an `OAuth2Jwt` instance from the provided JWT string.
`org.forgerock.json.jose.jws.SignedJwt`	`getSignedJwt()` Gets the Signed JWT.
`String`	`getSubject()` Gets the JWT subject.
`boolean`	`isContentValid()` Verifies that the JWT is valid by: ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims ensuring the JWT expiry is not unreasonably far in the future ensuring the JWT has not expired ensuring the JWT is not being used before its 'not before time' ensuring the JWT issued at time is not unreasonably far in the past
`boolean`	`isExpired()` Checks that the JWT has not expired.
`boolean`	`isIntendedForAudience(String audience)` Checks that the JWT is intended for the provided audience.
`boolean`	`isValid(org.forgerock.json.jose.jws.handlers.SigningHandler signingHandler)` Verifies that the JWT is valid by: verifying the signature ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims ensuring the JWT expiry is not unreasonably far in the future ensuring the JWT has not expired ensuring the JWT is not being used before its 'not before time' ensuring the JWT issued at time is not unreasonably far in the past

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - create
```
public static OAuth2Jwt create(String jwtString)
```
    Creates an OAuth2Jwt instance from the provided JWT string.
    
    Parameters:
    
    jwtString - The JWT string.
    
    Returns:
    
    An OAuth2Jwt instance.
  - isValid
```
public boolean isValid(org.forgerock.json.jose.jws.handlers.SigningHandler signingHandler)
```
    Verifies that the JWT is valid by:
    - verifying the signature
    - ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims
    - ensuring the JWT expiry is not unreasonably far in the future
    - ensuring the JWT has not expired
    - ensuring the JWT is not being used before its 'not before time'
    - ensuring the JWT issued at time is not unreasonably far in the past
    Parameters:
    
    signingHandler - The SigningHandler instance to verify the JWT signature with.
    
    Returns:
    
    true if the JWT meets all the expectations.
  - isContentValid
```
public boolean isContentValid()
```
    Verifies that the JWT is valid by:
    - ensuring the JWT contains the 'iss', 'sub', 'aud' and 'exp' claims
    - ensuring the JWT expiry is not unreasonably far in the future
    - ensuring the JWT has not expired
    - ensuring the JWT is not being used before its 'not before time'
    - ensuring the JWT issued at time is not unreasonably far in the past
    Returns:
    
    true if the JWT meets all the expectations.
  - isExpired
```
public boolean isExpired()
```
    Checks that the JWT has not expired.
    
    Returns:
    
    true if the JWT has expired.
  - isIntendedForAudience
```
public boolean isIntendedForAudience(String audience)
```
    Checks that the JWT is intended for the provided audience.
    
    Parameters:
    
    audience - The audience.
    
    Returns:
    
    true if the JWT 'audience' claim contains the provided audience.
  - getSubject
```
public String getSubject()
```
    Gets the JWT subject.
    
    Returns:
    
    The JWT subject.
  - getSignedJwt
```
public org.forgerock.json.jose.jws.SignedJwt getSignedJwt()
```
    Gets the Signed JWT.

Class OAuth2Jwt

Method Summary

Methods inherited from class java.lang.Object

Method Detail

create

isValid

isContentValid

isExpired

isIntendedForAudience

getSubject

getSignedJwt