Class IdToken (1.36.0)

public class IdToken extends JsonWebSignature

Beta
ID token as described in ID Token.

Use #parse(JsonFactory, String) to parse an ID token from a string. Then, use the verify methods to verify the ID token as required by the specification.

Implementation is not thread-safe.

Inheritance

java.lang.Object > JsonWebToken > com.google.api.client.json.webtoken.JsonWebSignature > IdToken

Static Methods

parse(JsonFactory jsonFactory, String idTokenString)

public static IdToken parse(JsonFactory jsonFactory, String idTokenString)

Parses the given ID token string and returns the parsed ID token.

Parameters
Name Description
jsonFactory com.google.api.client.json.JsonFactory

JSON factory

idTokenString String

ID token string

Returns
Type Description
IdToken

parsed ID token

Exceptions
Type Description
IOException

Constructors

IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)

public IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)
Parameters
Name Description
header com.google.api.client.json.webtoken.JsonWebSignature.Header

header

payload IdToken.Payload

payload

signatureBytes byte[]

bytes of the signature

signedContentBytes byte[]

bytes of the signature content

Methods

getPayload()

public IdToken.Payload getPayload()
Returns
Type Description
IdToken.Payload
Overrides
com.google.api.client.json.webtoken.JsonWebToken.getPayload()

verifyAudience(Collection<String> trustedClientIds)

public final boolean verifyAudience(Collection<String> trustedClientIds)

Returns whether the audience in the payload contains only client IDs that are trusted as specified in step 2 of ID Token Validation.

Parameter
Name Description
trustedClientIds Collection<String>

list of trusted client IDs

Returns
Type Description
boolean

verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getExpirationTimeSeconds is valid relative to the current time, allowing for a clock skew as specified in step 5 of ID Token Validation.

Parameters
Name Description
currentTimeMillis long

current time in milliseconds (typically System#currentTimeMillis())

acceptableTimeSkewSeconds long

seconds of acceptable clock skew

Returns
Type Description
boolean

verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getIssuedAtTimeSeconds is valid relative to the current time, allowing for a clock skew as specified in step 6 of ID Token Validation.

Parameters
Name Description
currentTimeMillis long

current time in milliseconds (typically System#currentTimeMillis())

acceptableTimeSkewSeconds long

seconds of acceptable clock skew

Returns
Type Description
boolean

verifyIssuer(String expectedIssuer)

public final boolean verifyIssuer(String expectedIssuer)

Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.

Parameter
Name Description
expectedIssuer String

expected issuer

Returns
Type Description
boolean

verifyIssuer(Collection<String> expectedIssuer)

public final boolean verifyIssuer(Collection<String> expectedIssuer)

Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation. When an issuer is migrating to a new issuer string the expected issuer has multiple aliases, so multiple are permitted here.

Parameter
Name Description
expectedIssuer Collection<String>
Returns
Type Description
boolean

verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getExpirationTimeSeconds and Payload#getIssuedAtTimeSeconds are valid relative to the current time, allowing for a clock skew as specified in steps 5 and 6 of ID Token Validation.

Parameters
Name Description
currentTimeMillis long

current time in milliseconds (typically System#currentTimeMillis())

acceptableTimeSkewSeconds long

seconds of acceptable clock skew

Returns
Type Description
boolean