com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public final class GoogleIdTokenVerifier
Thread-safe Google ID token verifier.
The public keys are loaded Google's public certificate endpoint at
"https://www.googleapis.com/oauth2/v1/certs". The public keys are cached in this instance
of GoogleIdTokenVerifier. Therefore, for maximum efficiency, applications should use a
single globally-shared instance of the GoogleIdTokenVerifier. Use
verify(GoogleIdToken) or GoogleIdToken.verify(GoogleIdTokenVerifier) to verify a
Google ID token.
Samples usage:
public static GoogleIdTokenVerifier verifier;
public static void initVerifier(
HttpTransport transport, JsonFactory jsonFactory, String clientId) {
verifier = new GoogleIdTokenVerifier(transport, jsonFactory, clientId);
}
public static boolean verifyToken(GoogleIdToken idToken)
throws GeneralSecurityException, IOException {
return verifier.verify(idToken);
}
| Constructor Summary | |
|---|---|
GoogleIdTokenVerifier(HttpTransport transport,
JsonFactory jsonFactory,
String clientId)
Constructor with required parameters. |
|
| Method Summary | |
|---|---|
String |
getClientId()
Returns the client ID. |
long |
getExpirationTimeMilliseconds()
Returns the expiration time in milliseconds to be used with System.currentTimeMillis()
or 0 for none. |
JsonFactory |
getJsonFactory()
Returns the JSON factory. |
List<PublicKey> |
getPublicKeys()
Returns the public keys or null for none. |
GoogleIdTokenVerifier |
loadPublicCerts()
Downloads the public keys from the public certificates endpoint at "https://www.googleapis.com/oauth2/v1/certs". |
boolean |
verify(GoogleIdToken idToken)
Verifies that the given ID token is valid, by verifying the signature, verifying the current time against the issued at and expiration time (allowing for a 5 minute clock skew), and checking the issuer, audience, and issuee. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public GoogleIdTokenVerifier(HttpTransport transport,
JsonFactory jsonFactory,
String clientId)
transport - HTTP transportjsonFactory - JSON factoryclientId - client ID| Method Detail |
|---|
public JsonFactory getJsonFactory()
public String getClientId()
public List<PublicKey> getPublicKeys()
null for none.
public long getExpirationTimeMilliseconds()
System.currentTimeMillis()
or 0 for none.
public boolean verify(GoogleIdToken idToken)
throws GeneralSecurityException,
IOException
There is only one type of signature supported by Google ID tokens: RS256. RS256 uses RSA and SHA-256 based on the public keys downloaded from the public certificate endpoint.
true if verified successfully or false if failed
GeneralSecurityException
IOException
public GoogleIdTokenVerifier loadPublicCerts()
throws GeneralSecurityException,
IOException
"https://www.googleapis.com/oauth2/v1/certs".
This method is automatically called if the public keys have not yet been initialized or if the expiration time is very close, so normally this doesn't need to be called. Only call this method explicitly to force the public keys to be updated.
GeneralSecurityException
IOException
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||