JwtHandler (OpenAM Project 15.1.7-SNAPSHOT API)

java.lang.Object
- org.forgerock.openam.authentication.modules.oidc.JwtHandler

```
public class JwtHandler
extends Object
```
The logic required to validate the integrity of an OIDC ID token JWT.

Constructor Summary

Constructors
Constructor and Description

JwtHandler(JwtHandlerConfig config)

Constructors
Constructor and Description
`JwtHandler(JwtHandlerConfig config)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`org.forgerock.json.jose.jwt.JwtClaimsSet`	`getJwtClaims(String jwtValue)` Get the set of claims contained within the specified token.
`static boolean`	`isFromValidAuthorizedParty(Set<String> acceptedAuthorizedParties, org.forgerock.json.jose.jwt.JwtClaimsSet jwtClaims)` Check whether or not the token is from one of the accepted authorized parties specified.
`static boolean`	`isIntendedForAudience(String audienceName, org.forgerock.json.jose.jwt.JwtClaimsSet jwtClaims)` Check whether or not the token is designated for the specified audience.
`static boolean`	`jwtHasAuthorizedPartyClaim(org.forgerock.json.jose.jwt.JwtClaimsSet jwtClaims)` Check if the token has an authorized party ("azp") entry.
`org.forgerock.json.jose.jwt.JwtClaimsSet`	`validateJwt(String jwtValue)` Validate the integrity of the JWT OIDC token, according to the spec (http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - JwtHandler
```
public JwtHandler(JwtHandlerConfig config)
```
- Method Detail
  - validateJwt
```
public org.forgerock.json.jose.jwt.JwtClaimsSet validateJwt(String jwtValue)
                                                     throws AuthLoginException
```
    Validate the integrity of the JWT OIDC token, according to the spec (http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation). Specifically check that the issuer is the expected issuer, the token has not expired, the token has at least one audience claim, and if there is an authorized party claim ("azp"), does it appear in the audience list contained within the token?
    
    Parameters:
    
    jwtValue - The encoded JWT string.
    
    Returns:
    
    The validated JWT claims.
    
    Throws:
    
    AuthLoginException
  - isIntendedForAudience
```
public static boolean isIntendedForAudience(String audienceName,
                                            org.forgerock.json.jose.jwt.JwtClaimsSet jwtClaims)
                                     throws AuthLoginException
```
    Check whether or not the token is designated for the specified audience.
    
    Parameters:
    
    audienceName - The audience name to check that the token is intended for.
    
    jwtClaims - The parsed JWT claims.
    
    Returns:
    
    true if the token is intended for the specified audience, false if it is not.
    
    Throws:
    
    AuthLoginException
  - isFromValidAuthorizedParty
```
public static boolean isFromValidAuthorizedParty(Set<String> acceptedAuthorizedParties,
                                                 org.forgerock.json.jose.jwt.JwtClaimsSet jwtClaims)
                                          throws AuthLoginException
```
    Check whether or not the token is from one of the accepted authorized parties specified.
    
    Parameters:
    
    acceptedAuthorizedParties - A list of accepted authorized parties.
    
    jwtClaims - The parsed JWT claims.
    
    Returns:
    
    true if the token's authorized party is in the list of accepted authorized parties, false if it is not, or the token does not contain an authorized party entry.
    
    Throws:
    
    AuthLoginException
  - jwtHasAuthorizedPartyClaim
```
public static boolean jwtHasAuthorizedPartyClaim(org.forgerock.json.jose.jwt.JwtClaimsSet jwtClaims)
                                          throws AuthLoginException
```
    Check if the token has an authorized party ("azp") entry.
    
    Parameters:
    
    jwtClaims - The parsed JWT claims.
    
    Returns:
    
    true if the token contains an authorized party claim and that claim is not an empty string, otherwise false.
    
    Throws:
    
    AuthLoginException
  - getJwtClaims
```
public org.forgerock.json.jose.jwt.JwtClaimsSet getJwtClaims(String jwtValue)
                                                      throws AuthLoginException
```
    Get the set of claims contained within the specified token.
    
    Parameters:
    
    jwtValue - The encoded JWT string.
    
    Returns:
    
    The set of claims contained within the token.
    
    Throws:
    
    AuthLoginException

Class JwtHandler

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

JwtHandler

Method Detail

validateJwt

isIntendedForAudience

isFromValidAuthorizedParty

jwtHasAuthorizedPartyClaim

getJwtClaims