public interface PasetoParserBuilder
PasetoParser. The constructed parser will work for multiple versions/purpose token
when configured.
Typical usage:
Pasetos.parserBuilder()
.setSharedSecret(...)
// ...
.requireIssuer("https://example.com/issuer)
.build()
| Modifier and Type | Method and Description |
|---|---|
PasetoParser |
build() |
default PasetoParserBuilder |
require(java.lang.String claimName,
java.lang.Object value)
Ensures that the specified
claimName exists in the parsed Paseto. |
PasetoParserBuilder |
require(java.lang.String claimName,
java.util.function.Predicate<java.lang.Object> value) |
default PasetoParserBuilder |
requireAudience(java.lang.String aud)
Ensures that the specified
aud exists in the parsed Paseto. |
default PasetoParserBuilder |
requireExpiration(java.time.Instant exp)
Ensures that the specified
exp exists in the parsed Paseto. |
PasetoParserBuilder |
requireFooter(java.lang.String claimName,
java.util.function.Predicate<java.lang.Object> value) |
default PasetoParserBuilder |
requireIssuedAt(java.time.Instant iat)
Ensures that the specified
iat exists in the parsed Paseto. |
default PasetoParserBuilder |
requireIssuer(java.lang.String iss)
Ensures that the specified
iss exists in the parsed Paseto. |
default PasetoParserBuilder |
requireKeyId(java.lang.String kid)
Ensures that the specified
kid exists in the parsed Paseto footer. |
default PasetoParserBuilder |
requireNotBefore(java.time.Instant nbf)
Ensures that the specified
nbf exists in the parsed Paseto. |
default PasetoParserBuilder |
requireSubject(java.lang.String sub)
Ensures that the specified
sub exists in the parsed Paseto. |
default PasetoParserBuilder |
requireTokenId(java.lang.String jti)
Ensures that the specified
jti exists in the parsed Paseto. |
PasetoParserBuilder |
setAllowedClockSkew(java.time.Duration allowedClockSkew)
Sets the amount of clock skew tolerate when verifying the local time against the
exp
and nbf claims. |
PasetoParserBuilder |
setClock(java.time.Clock clock)
Sets the
Clock that determines the timestamp to use when validating the parsed Paseto. |
PasetoParserBuilder |
setDeserializer(Deserializer<java.util.Map<java.lang.String,java.lang.Object>> deserializer) |
PasetoParserBuilder |
setKeyResolver(KeyResolver keyResolver)
Sets the
KeyResolver used to acquire the signing key that should be used to verify
a paseto tokens's signature. |
PasetoParserBuilder |
setPublicKey(java.security.PublicKey publicKey) |
default PasetoParserBuilder |
setSharedSecret(byte[] sharedSecret) |
PasetoParserBuilder |
setSharedSecret(javax.crypto.SecretKey sharedSecret) |
PasetoParserBuilder setKeyResolver(KeyResolver keyResolver)
KeyResolver used to acquire the signing key that should be used to verify
a paseto tokens's signature.
Specifying a SigningKeyResolver is necessary when the signing key is not already known before parsing
the token and the footer must be inspected first to determine how to
look up the signing key. Once returned by the resolver, the PasetoParser will then verify the paseto token's
signature with the returned key. For example:
Paseto token = Pasetos.parserBuilder().setSigningKeyResolver(new KeyResolverAdapter() {
@Override
public byte[] resolvePublicKeyBytes(Paseto paseto) {
//inspect the header or claims, lookup and return the signing key
return getPublicKeyBytes(paseto); //implement me
}})
.build()
.parse(tokenString);
A SigningKeyResolver is invoked once during parsing before the signature is verified.
This method should only be used if a signing key is not provided by the other setSigningKey* builder
methods.
Pasetos.parserBuilder(). This will construct an
immutable PasetoParser.keyResolver - the signing key resolver used to retrieve the signing key.PasetoParserBuilder setPublicKey(java.security.PublicKey publicKey)
default PasetoParserBuilder setSharedSecret(byte[] sharedSecret)
PasetoParserBuilder setSharedSecret(javax.crypto.SecretKey sharedSecret)
PasetoParserBuilder setDeserializer(Deserializer<java.util.Map<java.lang.String,java.lang.Object>> deserializer)
PasetoParser build()
default PasetoParserBuilder requireIssuer(java.lang.String iss)
iss exists in the parsed Paseto. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
Paseto is invalid and may not be used.iss - expected claim valueMissingClaimException,
IncorrectClaimExceptiondefault PasetoParserBuilder requireSubject(java.lang.String sub)
sub exists in the parsed Paseto. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
Paseto is invalid and may not be used.sub - expected claim valueMissingClaimException,
IncorrectClaimExceptiondefault PasetoParserBuilder requireAudience(java.lang.String aud)
aud exists in the parsed Paseto. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
Paseto is invalid and may not be used.aud - expected claim valueMissingClaimException,
IncorrectClaimExceptiondefault PasetoParserBuilder requireExpiration(java.time.Instant exp)
exp exists in the parsed Paseto. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
Paseto is invalid and may not be used.exp - expected claim valueMissingClaimException,
IncorrectClaimExceptiondefault PasetoParserBuilder requireNotBefore(java.time.Instant nbf)
nbf exists in the parsed Paseto. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
Paseto is invalid and may not be used.nbf - expected claim valueMissingClaimException,
IncorrectClaimExceptiondefault PasetoParserBuilder requireIssuedAt(java.time.Instant iat)
iat exists in the parsed Paseto. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
Paseto is invalid and may not be used.iat - expected claim valueMissingClaimException,
IncorrectClaimExceptiondefault PasetoParserBuilder requireTokenId(java.lang.String jti)
jti exists in the parsed Paseto. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
Paseto is invalid and may not be used.jti - expected claim valueMissingClaimException,
IncorrectClaimExceptiondefault PasetoParserBuilder requireKeyId(java.lang.String kid)
kid exists in the parsed Paseto footer. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
Paseto is invalid and may not be used.kid - expected claim valueMissingClaimException,
IncorrectClaimExceptiondefault PasetoParserBuilder require(java.lang.String claimName, java.lang.Object value)
claimName exists in the parsed Paseto. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
Paseto is invalid and may not be used.claimName - value - MissingClaimException,
IncorrectClaimExceptionPasetoParserBuilder require(java.lang.String claimName, java.util.function.Predicate<java.lang.Object> value)
PasetoParserBuilder requireFooter(java.lang.String claimName, java.util.function.Predicate<java.lang.Object> value)
PasetoParserBuilder setClock(java.time.Clock clock)
Clock that determines the timestamp to use when validating the parsed Paseto.
The parser uses a default Clock implementation that simply returns new Date() when called.clock - a Clock object to return the timestamp to use when validating the parsed Paseto.PasetoParserBuilder setAllowedClockSkew(java.time.Duration allowedClockSkew)
exp
and nbf claims.allowedClockSkew - the duration to tolerate for clock skew when verifying exp or nbf claims.Copyright © 2019-2020 paseto.dev. All Rights Reserved.