Classes
IdToken
Beta
ID token as described in ID Token.
Use #parse(JsonFactory, String) to parse an ID token from a string. Then, use the
verify
methods to verify the ID token as required by the specification.
Implementation is not thread-safe.
IdToken.Payload
Beta
ID token payload.
IdTokenResponse
Beta
OAuth ID Connect JSON model for a successful access token response as specified in OpenID Connect Basic Client
Profile 1.0 (draft 23).
Implementation is not thread-safe. Sample usage:
static JsonWebSignature executeIdToken(TokenRequest tokenRequest) throws IOException { IdTokenResponse idTokenResponse = IdTokenResponse.execute(tokenRequest); return idTokenResponse.parseIdToken(); }
IdTokenVerifier
Thread-safe ID token verifier based on ID Token Validation.
Call #verify(IdToken) to verify an ID token. This is a light-weight object, so you may use a new instance for each configuration of expected issuer and trusted client IDs. Sample usage:
IdTokenVerifier verifier = new IdTokenVerifier.Builder() .setIssuer("issuer.example.com") .setAudience(Arrays.asList("myClientId")) .build(); ... if (!verifier.verify(idToken)) {...}
The verifier validates token signature per current OpenID Connect Spec: https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation By default, method gets a certificate from well-known location A request to certificate location is performed using com.google.api.client.http.javanet.NetHttpTransport Either or both certificate location and transport implementation can be overridden via Builder
IdTokenVerifier verifier = new IdTokenVerifier.Builder() .setIssuer("issuer.example.com") .setAudience(Arrays.asList("myClientId")) .setHttpTransportFactory(customHttpTransportFactory) .build(); ... if (!verifier.verify(idToken)) {...}
not recommended: this check can be disabled with OAUTH_CLIENT_SKIP_SIGNATURE environment variable set to true. Use #verifyPayload(IdToken) instead.
Note that #verify(IdToken) only implements a subset of the verification steps, mostly just the MUST steps. Please read <a href="http://openid.net/specs/openid-connect-basic-1_0-27.html#id.token.validation>ID Token Validation for the full list of verification steps.
IdTokenVerifier.Builder
Builder for IdTokenVerifier.
Implementation is not thread-safe.
Interfaces
HttpTransportFactory
A base interface for all HttpTransport factories.
Implementation must provide a public no-arg constructor. Loading of a factory implementation is done via java.util.ServiceLoader.