GoogleIdTokenVerifier (google-api-client 1.10.0-beta)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.google.api.client.googleapis.auth.oauth2
Class GoogleIdTokenVerifier

java.lang.Object
  com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier

public class GoogleIdTokenVerifier
extends Object
extends Object

Thread-safe Google ID token verifier.

The public keys are loaded Google's public certificate endpoint at "https://www.googleapis.com/oauth2/v1/certs". The public keys are cached in this instance of GoogleIdTokenVerifier. Therefore, for maximum efficiency, applications should use a single globally-shared instance of the GoogleIdTokenVerifier. Use verify(GoogleIdToken) or GoogleIdToken.verify(GoogleIdTokenVerifier) to verify a Google ID token.

Samples usage:

  public static GoogleIdTokenVerifier verifier;

  public static void initVerifier(
      HttpTransport transport, JsonFactory jsonFactory, String clientId) {
    verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
        .setClientId(clientId)
        .build();
  }

  public static boolean verifyToken(GoogleIdToken idToken)
      throws GeneralSecurityException, IOException {
    return verifier.verify(idToken);
  }

Since:: 1.7

Nested Class Summary
`static class`	`GoogleIdTokenVerifier.Builder` Builder for `GoogleIdTokenVerifier`.

Constructor Summary
	`GoogleIdTokenVerifier(HttpTransport transport, JsonFactory jsonFactory)` Constructor with required parameters.
	`GoogleIdTokenVerifier(HttpTransport transport, JsonFactory jsonFactory, String clientId)` Deprecated. (scheduled to be removed in 1.11) Use the `#GoogleIdTokenVerifier.Builder` to specify client IDs or use `GoogleIdTokenVerifier(HttpTransport, JsonFactory)` if no client IDs are required.
`protected`	`GoogleIdTokenVerifier(Set<String> clientIds, HttpTransport transport, JsonFactory jsonFactory)` Construct the `GoogleIdTokenVerifier`.
`protected`	`GoogleIdTokenVerifier(Set<String> clientIds, HttpTransport transport, JsonFactory jsonFactory, Clock clock)` Construct the `GoogleIdTokenVerifier`.

Method Summary
`String`	`getClientId()` Deprecated. (scheduled to be removed in 1.11) Use `getClientIds()`
`Set<String>`	`getClientIds()` Returns the set of client IDs.
`long`	`getExpirationTimeMilliseconds()` Returns the expiration time in milliseconds to be used with `Clock.currentTimeMillis()` or `0` for none.
`JsonFactory`	`getJsonFactory()` Returns the JSON factory.
`List<PublicKey>`	`getPublicKeys()` Returns the public keys or `null` for none.
`GoogleIdTokenVerifier`	`loadPublicCerts()` Downloads the public keys from the public certificates endpoint at `"https://www.googleapis.com/oauth2/v1/certs"`.
`boolean`	`verify(GoogleIdToken idToken)` Verifies that the given ID token is valid using `verify(GoogleIdToken, String)` with the `getClientIds()`.
`boolean`	`verify(GoogleIdToken idToken, String clientId)` Verifies that the given ID token is valid, using the given client ID.
`boolean`	`verify(Set<String> clientIds, GoogleIdToken idToken)` Verifies that the given ID token is valid, using the given set of client IDs.
`GoogleIdToken`	`verify(String idTokenString)` Returns a Google ID token if the given ID token string is valid using `verify(GoogleIdToken, String)` with the `getClientIds()`.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

GoogleIdTokenVerifier

@Deprecated
public GoogleIdTokenVerifier(HttpTransport transport,
                                        JsonFactory jsonFactory,
                                        String clientId)

Deprecated. (scheduled to be removed in 1.11) Use the #GoogleIdTokenVerifier.Builder to specify client IDs or use GoogleIdTokenVerifier(HttpTransport, JsonFactory) if no client IDs are required.

Constructor with required parameters.

Parameters:: transport - HTTP transport; jsonFactory - JSON factory; clientId - client ID or null for none

GoogleIdTokenVerifier

public GoogleIdTokenVerifier(HttpTransport transport,
                             JsonFactory jsonFactory)

Constructor with required parameters. Use the #GoogleIdTokenVerifier.Builder to specify client IDs.

Parameters:: transport - HTTP transport; jsonFactory - JSON factory

GoogleIdTokenVerifier

protected GoogleIdTokenVerifier(Set<String> clientIds,
                                HttpTransport transport,
                                JsonFactory jsonFactory)

Construct the GoogleIdTokenVerifier.

Parameters:: clientIds - set of client IDs or null for none; transport - HTTP transport; jsonFactory - JSON factory
Since:: 1.9

GoogleIdTokenVerifier

protected GoogleIdTokenVerifier(Set<String> clientIds,
                                HttpTransport transport,
                                JsonFactory jsonFactory,
                                Clock clock)

Construct the GoogleIdTokenVerifier.

Parameters:: clientIds - set of client IDs or null for none; transport - HTTP transport; jsonFactory - JSON factory; clock - Clock for expiration checks
Since:: 1.9

Method Detail

getJsonFactory

public final JsonFactory getJsonFactory()

Returns the JSON factory.

getClientId

@Deprecated
public final String getClientId()

Deprecated. (scheduled to be removed in 1.11) Use getClientIds()

Returns the client ID or null for none that was specified in GoogleIdTokenVerifier(HttpTransport, JsonFactory, String).

getClientIds

public final Set<String> getClientIds()

Returns the set of client IDs.

Since:: 1.9

getPublicKeys

public final List<PublicKey> getPublicKeys()

Returns the public keys or null for none.

getExpirationTimeMilliseconds

public final long getExpirationTimeMilliseconds()

Returns the expiration time in milliseconds to be used with Clock.currentTimeMillis() or 0 for none.

verify

public boolean verify(GoogleIdToken idToken)
               throws GeneralSecurityException,
                      IOException

Verifies that the given ID token is valid using verify(GoogleIdToken, String) with the getClientIds().

Parameters:: idToken - Google ID token
Returns:: true if verified successfully or false if failed
Throws:: GeneralSecurityException; IOException

verify

public GoogleIdToken verify(String idTokenString)
                     throws GeneralSecurityException,
                            IOException

Returns a Google ID token if the given ID token string is valid using verify(GoogleIdToken, String) with the getClientIds().

Parameters:: idTokenString - Google ID token string
Returns:: Google ID token if verified successfully or null if failed
Throws:: GeneralSecurityException; IOException
Since:: 1.9

verify

public boolean verify(GoogleIdToken idToken,
                      String clientId)
               throws GeneralSecurityException,
                      IOException

Verifies that the given ID token is valid, using the given client ID. It verifies:

The RS256 signature, which uses RSA and SHA-256 based on the public keys downloaded from the public certificate endpoint.
The current time against the issued at and expiration time (allowing for a 5 minute clock skew).
The issuer is "accounts.google.com".
The audience and issuee match the client ID (skipped if clientId is null.

Parameters:: idToken - Google ID token; clientId - client ID or null to skip checking it
Returns:: true if verified successfully or false if failed
Throws:: GeneralSecurityException; IOException
Since:: 1.8

verify

public boolean verify(Set<String> clientIds,
                      GoogleIdToken idToken)
               throws GeneralSecurityException,
                      IOException

Verifies that the given ID token is valid, using the given set of client IDs. It verifies:

The RS256 signature, which uses RSA and SHA-256 based on the public keys downloaded from the public certificate endpoint.
The current time against the issued at and expiration time (allowing for a 5 minute clock skew).
The issuer is "accounts.google.com".
The audience and issuee match one of the client IDs (skipped if clientIds is null.

Parameters:: idToken - Google ID token; clientIds - set of client IDs
Returns:: true if verified successfully or false if failed
Throws:: GeneralSecurityException; IOException
Since:: 1.9

loadPublicCerts

public GoogleIdTokenVerifier loadPublicCerts()
                                      throws GeneralSecurityException,
                                             IOException

Downloads the public keys from the public certificates endpoint at "https://www.googleapis.com/oauth2/v1/certs".

This method is automatically called if the public keys have not yet been initialized or if the expiration time is very close, so normally this doesn't need to be called. Only call this method explicitly to force the public keys to be updated.

Throws:: GeneralSecurityException; IOException

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.google.api.client.googleapis.auth.oauth2 Class GoogleIdTokenVerifier

GoogleIdTokenVerifier

GoogleIdTokenVerifier

GoogleIdTokenVerifier

GoogleIdTokenVerifier

getJsonFactory

getClientId

getClientIds

getPublicKeys

getExpirationTimeMilliseconds

verify

verify

verify

verify

loadPublicCerts

com.google.api.client.googleapis.auth.oauth2
Class GoogleIdTokenVerifier