Class IdToken (1.34.0)

public class IdToken extends JsonWebSignature

Beta
ID token as described in ID Token.

Use #parse(JsonFactory, String) to parse an ID token from a string. Then, use the verify methods to verify the ID token as required by the specification.

Implementation is not thread-safe.

Inheritance

java.lang.Object > JsonWebToken > com.google.api.client.json.webtoken.JsonWebSignature > IdToken

Static Methods

parse(JsonFactory jsonFactory, String idTokenString)

public static IdToken parse(JsonFactory jsonFactory, String idTokenString)

Parses the given ID token string and returns the parsed ID token.

Parameters
NameDescription
jsonFactorycom.google.api.client.json.JsonFactory

JSON factory

idTokenStringString

ID token string

Returns
TypeDescription
IdToken

parsed ID token

Exceptions
TypeDescription
IOException

Constructors

IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)

public IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
Parameters
NameDescription
headercom.google.api.client.json.webtoken.JsonWebSignature.Header

header

payloadIdToken.Payload

payload

signatureBytesbyte[]

bytes of the signature

signedContentBytesbyte[]

bytes of the signature content

Methods

getPayload()

public IdToken.Payload getPayload()
Returns
TypeDescription
IdToken.Payload
Overrides
com.google.api.client.json.webtoken.JsonWebToken.getPayload()

verifyAudience(Collection<String> trustedClientIds)

public final boolean verifyAudience(Collection<String> trustedClientIds)

Returns whether the audience in the payload contains only client IDs that are trusted as specified in step 2 of ID Token Validation.

Parameter
NameDescription
trustedClientIdsCollection<String>

list of trusted client IDs

Returns
TypeDescription
boolean

verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getExpirationTimeSeconds is valid relative to the current time, allowing for a clock skew as specified in step 5 of ID Token Validation.

Parameters
NameDescription
currentTimeMillislong

current time in milliseconds (typically System#currentTimeMillis())

acceptableTimeSkewSecondslong

seconds of acceptable clock skew

Returns
TypeDescription
boolean

verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getIssuedAtTimeSeconds is valid relative to the current time, allowing for a clock skew as specified in step 6 of ID Token Validation.

Parameters
NameDescription
currentTimeMillislong

current time in milliseconds (typically System#currentTimeMillis())

acceptableTimeSkewSecondslong

seconds of acceptable clock skew

Returns
TypeDescription
boolean

verifyIssuer(String expectedIssuer)

public final boolean verifyIssuer(String expectedIssuer)

Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.

Parameter
NameDescription
expectedIssuerString

expected issuer

Returns
TypeDescription
boolean

verifyIssuer(Collection<String> expectedIssuer)

public final boolean verifyIssuer(Collection<String> expectedIssuer)

Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation. When an issuer is migrating to a new issuer string the expected issuer has multiple aliases, so multiple are permitted here.

Parameter
NameDescription
expectedIssuerCollection<String>
Returns
TypeDescription
boolean

verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getExpirationTimeSeconds and Payload#getIssuedAtTimeSeconds are valid relative to the current time, allowing for a clock skew as specified in steps 5 and 6 of ID Token Validation.

Parameters
NameDescription
currentTimeMillislong

current time in milliseconds (typically System#currentTimeMillis())

acceptableTimeSkewSecondslong

seconds of acceptable clock skew

Returns
TypeDescription
boolean