Class IdToken (1.33.3)

public class IdToken extends JsonWebSignature

Beta
ID token as described in ID Token.

Use #parse(JsonFactory, String) to parse an ID token from a string. Then, use the verify methods to verify the ID token as required by the specification.

Implementation is not thread-safe.

Inheritance

java.lang.Object > JsonWebToken > com.google.api.client.json.webtoken.JsonWebSignature > IdToken

Inherited Members

com.google.api.client.json.webtoken.JsonWebSignature.getHeader()

com.google.api.client.json.webtoken.JsonWebSignature.getSignatureBytes()

com.google.api.client.json.webtoken.JsonWebSignature.getSignedContentBytes()

com.google.api.client.json.webtoken.JsonWebSignature.parse(com.google.api.client.json.JsonFactory,java.lang.String)

com.google.api.client.json.webtoken.JsonWebSignature.parser(com.google.api.client.json.JsonFactory)

com.google.api.client.json.webtoken.JsonWebSignature.signUsingRsaSha256(java.security.PrivateKey,com.google.api.client.json.JsonFactory,com.google.api.client.json.webtoken.JsonWebSignature.Header,com.google.api.client.json.webtoken.JsonWebToken.Payload)

com.google.api.client.json.webtoken.JsonWebSignature.verifySignature()

com.google.api.client.json.webtoken.JsonWebSignature.verifySignature(java.security.PublicKey)

com.google.api.client.json.webtoken.JsonWebSignature.verifySignature(javax.net.ssl.X509TrustManager)

com.google.api.client.json.webtoken.JsonWebToken.getPayload()

com.google.api.client.json.webtoken.JsonWebToken.toString()

Object.clone()

Object.equals(Object)

Object.finalize()

Object.getClass()

Object.hashCode()

Object.notify()

Object.notifyAll()

Object.wait()

Object.wait(long)

Object.wait(long,int)

Static Methods

parse(JsonFactory jsonFactory, String idTokenString)

public static IdToken parse(JsonFactory jsonFactory, String idTokenString)

Parses the given ID token string and returns the parsed ID token.

Parameters

Name	Description
jsonFactory	`com.google.api.client.json.JsonFactory` JSON factory
idTokenString	`String` ID token string

Returns

Type	Description
IdToken	parsed ID token

Exceptions

Type	Description
IOException

Constructors

IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)

public IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)

Parameters

Name	Description
header	`com.google.api.client.json.webtoken.JsonWebSignature.Header` header
payload	`IdToken.Payload` payload
signatureBytes	`byte[]` bytes of the signature
signedContentBytes	`byte[]` bytes of the signature content

Methods

getPayload()

public IdToken.Payload getPayload()

Returns

Type	Description
IdToken.Payload

Overrides

com.google.api.client.json.webtoken.JsonWebToken.getPayload()

verifyAudience(Collection<String> trustedClientIds)

public final boolean verifyAudience(Collection<String> trustedClientIds)

Returns whether the audience in the payload contains only client IDs that are trusted as specified in step 2 of ID Token Validation.

Parameter

Name	Description
trustedClientIds	`Collection<String>` list of trusted client IDs

Returns

Type	Description
boolean

verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getExpirationTimeSeconds is valid relative to the current time, allowing for a clock skew as specified in step 5 of ID Token Validation.

Parameters

Name	Description
currentTimeMillis	`long` current time in milliseconds (typically System#currentTimeMillis())
acceptableTimeSkewSeconds	`long` seconds of acceptable clock skew

Returns

Type	Description
boolean

verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getIssuedAtTimeSeconds is valid relative to the current time, allowing for a clock skew as specified in step 6 of ID Token Validation.

Parameters

Name	Description
currentTimeMillis	`long` current time in milliseconds (typically System#currentTimeMillis())
acceptableTimeSkewSeconds	`long` seconds of acceptable clock skew

Returns

Type	Description
boolean

verifyIssuer(String expectedIssuer)

public final boolean verifyIssuer(String expectedIssuer)

Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.

Parameter

Name	Description
expectedIssuer	`String` expected issuer

Returns

Type	Description
boolean

verifyIssuer(Collection<String> expectedIssuer)

public final boolean verifyIssuer(Collection<String> expectedIssuer)

Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation. When an issuer is migrating to a new issuer string the expected issuer has multiple aliases, so multiple are permitted here.

Parameter

Name	Description
expectedIssuer	`Collection<String>`

Returns

Type	Description
boolean

verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getExpirationTimeSeconds and Payload#getIssuedAtTimeSeconds are valid relative to the current time, allowing for a clock skew as specified in steps 5 and 6 of ID Token Validation.

Parameters

Name	Description
currentTimeMillis	`long` current time in milliseconds (typically System#currentTimeMillis())
acceptableTimeSkewSeconds	`long` seconds of acceptable clock skew

Returns

Type	Description
boolean