Package com.google.api.client.auth.openidconnect (1.36.0)

com.google.api.client.util.Beta
OpenID Connect.

Classes

IdToken

Beta
ID token as described in ID Token.

Use #parse(JsonFactory, String) to parse an ID token from a string. Then, use the verify methods to verify the ID token as required by the specification.

Implementation is not thread-safe.

IdToken.Payload

Beta
ID token payload.

IdTokenResponse

Beta
OAuth ID Connect JSON model for a successful access token response as specified in OpenID Connect Basic Client Profile 1.0 (draft 23).

Implementation is not thread-safe. Sample usage:

static JsonWebSignature executeIdToken(TokenRequest tokenRequest) throws IOException { IdTokenResponse idTokenResponse = IdTokenResponse.execute(tokenRequest); return idTokenResponse.parseIdToken(); }

IdTokenVerifier

Thread-safe ID token verifier based on ID Token Validation.

Call #verify(IdToken) to verify an ID token. This is a light-weight object, so you may use a new instance for each configuration of expected issuer and trusted client IDs. Sample usage:

IdTokenVerifier verifier = new IdTokenVerifier.Builder() .setIssuer("issuer.example.com") .setAudience(Arrays.asList("myClientId")) .build(); ... if (!verifier.verify(idToken)) {...}

The verifier validates token signature per current OpenID Connect Spec: https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation By default, method gets a certificate from well-known location A request to certificate location is performed using com.google.api.client.http.javanet.NetHttpTransport Either or both certificate location and transport implementation can be overridden via Builder

IdTokenVerifier verifier = new IdTokenVerifier.Builder() .setIssuer("issuer.example.com") .setAudience(Arrays.asList("myClientId")) .setHttpTransportFactory(customHttpTransportFactory) .build(); ... if (!verifier.verify(idToken)) {...}

not recommended: this check can be disabled with OAUTH_CLIENT_SKIP_SIGNATURE environment variable set to true. Use #verifyPayload(IdToken) instead.

Note that #verify(IdToken) only implements a subset of the verification steps, mostly just the MUST steps. Please read <a href="http://openid.net/specs/openid-connect-basic-1_0-27.html#id.token.validation>ID Token Validation for the full list of verification steps.

IdTokenVerifier.Builder

Builder for IdTokenVerifier.

Implementation is not thread-safe.

Interfaces

HttpTransportFactory

A base interface for all HttpTransport factories.

Implementation must provide a public no-arg constructor. Loading of a factory implementation is done via java.util.ServiceLoader.