Class IdTokenVerifier (1.32.1)

Beta
Thread-safe ID token verifier based on ID Token Validation.

Call #verify(IdToken) to verify a ID token. This is a light-weight object, so you may use a new instance for each configuration of expected issuer and trusted client IDs. Sample usage:

IdTokenVerifier verifier = new IdTokenVerifier.Builder() .setIssuer("issuer.example.com") .setAudience(Arrays.asList("myClientId")) .build(); ... if (!verifier.verify(idToken)) {...}

Note that #verify(IdToken) only implements a subset of the verification steps, mostly just the MUST steps. Please read <a href="http://openid.net/specs/openid-connect-basic-1_0-27.html#id.token.validation>ID Token Validation for the full list of verification steps.

Default value for seconds of time skew to accept when verifying time (5 minutes).

Returns the seconds of time skew to accept when verifying time.

Returns the unmodifiable list of trusted audience client IDs or null to suppress the audience check.

Returns the clock.

Returns the first of equivalent expected issuers or null if issuer check suppressed.

Returns the equivalent expected issuers or null if issuer check suppressed.

Verifies that the given ID token is valid using the cached public keys.

It verifies:

• The issuer is one of #getIssuers() by calling IdToken#verifyIssuer(String).
• The audience is one of #getAudience() by calling IdToken#verifyAudience(Collection).
• The current time against the issued at and expiration time, using the #getClock() and allowing for a time skew specified in #getAcceptableTimeSkewSeconds() , by calling IdToken#verifyTime(long, long).

Overriding is allowed, but it must call the super implementation.