public class IdToken extends JsonWebSignature
Beta
ID token as described in ID Token.
Use #parse(JsonFactory, String) to parse an ID token from a string. Then, use the
verify
methods to verify the ID token as required by the specification.
Implementation is not thread-safe.
Inheritance
java.lang.Object > JsonWebToken > com.google.api.client.json.webtoken.JsonWebSignature > IdTokenStatic Methods
parse(JsonFactory jsonFactory, String idTokenString)
public static IdToken parse(JsonFactory jsonFactory, String idTokenString)
Parses the given ID token string and returns the parsed ID token.
Name | Description |
jsonFactory | com.google.api.client.json.JsonFactory JSON factory |
idTokenString | String ID token string |
Type | Description |
IdToken | parsed ID token |
Type | Description |
IOException |
Constructors
IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
public IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
Name | Description |
header | com.google.api.client.json.webtoken.JsonWebSignature.Header header |
payload | IdToken.Payload payload |
signatureBytes | byte[] bytes of the signature |
signedContentBytes | byte[] bytes of the signature content |
Methods
getPayload()
public IdToken.Payload getPayload()
Type | Description |
IdToken.Payload |
verifyAudience(Collection<String> trustedClientIds)
public final boolean verifyAudience(Collection<String> trustedClientIds)
Returns whether the audience in the payload contains only client IDs that are trusted as specified in step 2 of ID Token Validation.
Name | Description |
trustedClientIds | Collection<String> list of trusted client IDs |
Type | Description |
boolean |
verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
public final boolean verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
Returns whether the Payload#getExpirationTimeSeconds is valid relative to the current time, allowing for a clock skew as specified in step 5 of ID Token Validation.
Name | Description |
currentTimeMillis | long current time in milliseconds (typically System#currentTimeMillis()) |
acceptableTimeSkewSeconds | long seconds of acceptable clock skew |
Type | Description |
boolean |
verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
public final boolean verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
Returns whether the Payload#getIssuedAtTimeSeconds is valid relative to the current time, allowing for a clock skew as specified in step 6 of ID Token Validation.
Name | Description |
currentTimeMillis | long current time in milliseconds (typically System#currentTimeMillis()) |
acceptableTimeSkewSeconds | long seconds of acceptable clock skew |
Type | Description |
boolean |
verifyIssuer(String expectedIssuer)
public final boolean verifyIssuer(String expectedIssuer)
Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.
Name | Description |
expectedIssuer | String expected issuer |
Type | Description |
boolean |
verifyIssuer(Collection<String> expectedIssuer)
public final boolean verifyIssuer(Collection<String> expectedIssuer)
Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation. When an issuer is migrating to a new issuer string the expected issuer has multiple aliases, so multiple are permitted here.
Name | Description |
expectedIssuer | Collection<String> |
Type | Description |
boolean |
verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
public final boolean verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)
Returns whether the Payload#getExpirationTimeSeconds and Payload#getIssuedAtTimeSeconds are valid relative to the current time, allowing for a clock skew as specified in steps 5 and 6 of ID Token Validation.
Name | Description |
currentTimeMillis | long current time in milliseconds (typically System#currentTimeMillis()) |
acceptableTimeSkewSeconds | long seconds of acceptable clock skew |
Type | Description |
boolean |