Package io.fusionauth.jwt

Class JWTDecoder

java.lang.Object
io.fusionauth.jwt.JWTDecoder
Direct Known Subclasses:
TimeMachineJWTDecoder
public class JWTDecoder extends Object
Author:
Daniel DeGroff

  • Constructor Details

    • JWTDecoder

      public JWTDecoder()

  • Method Details

    • decode

      public JWT decode(String encodedJWT, Verifier... verifiers)
      Decode the JWT using one of they provided verifiers. One more verifiers may be provided, the first verifier found supporting the algorithm reported by the JWT header will be utilized.

      A JWT that is expired or not yet valid will not be decoded, instead a JWTExpiredException or JWTUnavailableForProcessingException exception will be thrown respectively.

      Parameters:
      encodedJWT - The encoded JWT in string format.
      verifiers - A map of verifiers.
      Returns:
      a decoded JWT.

    • withClockSkew

      public JWTDecoder withClockSkew(int clockSkew)
      Specify the number of seconds allowed for clock skew used for calculating the expiration and not before instants of a JWT.

      The default value is 0.

      Parameters:
      clockSkew - the number of seconds allowed for clock skew.
      Returns:
      this

    • decode

      public JWT decode(String encodedJWT, Map<String,Verifier> verifiers)
      Decode the JWT using one of they provided verifiers. A JWT header value named kid is expected to contain the key to look up the correct verifier.

      A JWT that is expired or not yet valid will not be decoded, instead a JWTExpiredException or JWTUnavailableForProcessingException exception will be thrown respectively.

      Parameters:
      encodedJWT - The encoded JWT in string format.
      verifiers - A map of verifiers.
      Returns:
      a decoded JWT.

    • decode

      public JWT decode(String encodedJWT, java.util.function.Function<String,Verifier> verifierFunction)
      Decode the JWT using one of they provided verifiers. A JWT header value named kid is expected to contain the key to look up the correct verifier.

      A JWT that is expired or not yet valid will not be decoded, instead a JWTExpiredException or JWTUnavailableForProcessingException exception will be thrown respectively.

      Parameters:
      encodedJWT - The encoded JWT in string format.
      verifierFunction - A function that takes a key identifier and returns a verifier.
      Returns:
      a decoded JWT.

    • decode

      public JWT decode(String encodedJWT, java.util.function.Function<String,Verifier> verifierFunction, java.util.function.Function<Header,String> keyFunction)
      Decode the JWT using one of they provided verifiers. A JWT header value named kid is expected to contain the key to look up the correct verifier.

      A JWT that is expired or not yet valid will not be decoded, instead a JWTExpiredException or JWTUnavailableForProcessingException exception will be thrown respectively.

      Parameters:
      encodedJWT - The encoded JWT in string format.
      verifierFunction - A function that takes a key identifier returns a verifier.
      keyFunction - A function used to look up the verifier key from the header.
      Returns:
      a decoded JWT.

    • decode

      public JWT decode(String encodedJWT, Map<String,Verifier> verifiers, java.util.function.Function<Header,String> keyFunction)
      Decode the JWT using one of they provided verifiers. The key used to look up the correct verifier is provided by the keyFunction. The key function is provided the JWT header and is expected to return a string key to look up the correct verifier.

      A JWT that is expired or not yet valid will not be decoded, instead a JWTExpiredException or JWTUnavailableForProcessingException exception will be thrown respectively.

      Parameters:
      encodedJWT - The encoded JWT in string format.
      verifiers - A map of verifiers.
      keyFunction - A function used to look up the verifier key from the header.
      Returns:
      a decoded JWT.

    • now

      protected java.time.ZonedDateTime now()
      Returns:
      the 'now' to be used to validate 'exp' and 'nbf' claims.