Package io.smallrye.jwt.build

Class Jwt

java.lang.Object
io.smallrye.jwt.build.Jwt
public final class Jwt extends Object
Factory class for creating JwtClaimsBuilder which produces signed, encrypted or signed first and then encrypted JWT tokens.

The following example shows how to initialize a JwtClaimsBuilder from an existing resource containing the claims in a JSON format and produce a signed JWT token with a configured signing key: 

 
 String = Jwt.claims("/tokenClaims.json").sign();

The next example shows how to use JwtClaimsBuilder to add the claims and encrypt a JSON representation of these claims with a configured encrypting key: 

 
 String = Jwt.claims().issuer("https://issuer.org").claim("custom-claim", "custom-value").encrypt();

The final example shows how to initialize a JwtClaimsBuilder from an existing resource containing the claims in a JSON format, produce an inner signed JWT token with a configured signing key and encrypt it with a configured encrypting key. 

 
 String = Jwt.claims("/tokenClaims.json").innerSign().encrypt();

  • Constructor Details

    • Jwt

      public Jwt()

  • Method Details

    • claims

      public static JwtClaimsBuilder claims()
      Creates a new instance of JwtClaimsBuilder
      Returns:
      JwtClaimsBuilder

    • claims

      public static JwtClaimsBuilder claims(Map<String,Object> claims)
      Creates a new instance of JwtClaimsBuilder from a map of claims.
      Parameters:
      claims - the map with the claim name and value pairs. Claim value is converted to String unless it is an instance of Boolean, Number, Collection, Map, JsonObject or JsonArray.
      Returns:
      JwtClaimsBuilder

    • claims

      public static JwtClaimsBuilder claims(jakarta.json.JsonObject jsonObject)
      Creates a new instance of JwtClaimsBuilder from JsonObject
      Parameters:
      jsonObject - JsonObject containing the claims.
      Returns:
      JwtClaimsBuilder

    • claims

      public static JwtClaimsBuilder claims(String jsonLocation)
      Creates a new instance of JwtClaimsBuilder from a JSON resource.
      Parameters:
      jsonLocation - JSON resource location
      Returns:
      JwtClaimsBuilder

    • claimsJson

      public static JwtClaimsBuilder claimsJson(String json)
      Creates a new instance of JwtClaimsBuilder from a JSON string.
      Parameters:
      json - JSON string
      Returns:
      JwtClaimsBuilder

    • claims

      public static JwtClaimsBuilder claims(org.eclipse.microprofile.jwt.JsonWebToken jwt)
      Creates a new instance of JwtClaimsBuilder from JsonWebToken.
      Parameters:
      jwt - JsonWebToken token.
      Returns:
      JwtClaimsBuilder

    • claim

      public static JwtClaimsBuilder claim(org.eclipse.microprofile.jwt.Claims name, Object value)
      Creates a new instance of JwtClaimsBuilder with a specified claim. Simple claim value are converted to String unless it is an instance of Boolean, Number, Instant or PublicKey.

      Instant values have their number of seconds from the epoch converted to long.

      PublicKey values are converted to JSON Web Key (JWK) representations.

      Array claims can be set as Collection or JsonArray, complex claims can be set as Map or JsonObject. The members of the array claims can be complex claims.

      Types of the claims directly supported by this builder are enforced. The 'iss' (issuer), 'sub' (subject), 'upn', 'preferred_username' and 'jti' (token identifier) claims must be of String type. The 'aud' (audience) and 'groups' claims must be either of String or Collection of String type. The 'iat' (issued at) and 'exp' (expires at) claims must be either of long or Instant type.

      Parameters:
      name - the claim name
      value - the claim value
      Returns:
      JwtClaimsBuilder
      Throws:
      IllegalArgumentException - - if the type of the claim directly supported by JwtClaimsBuilder is wrong

    • claim

      public static JwtClaimsBuilder claim(String name, Object value)
      Creates a new instance of JwtClaimsBuilder with a specified claim. Simple claim value are converted to String unless it is an instance of Boolean, Number, Instant or PublicKey.

      Instant values have their number of seconds from the epoch converted to long.

      PublicKey values are converted to JSON Web Key (JWK) representations.

      Array claims can be set as Collection or JsonArray, complex claims can be set as Map or JsonObject. The members of the array claims can be complex claims.

      Types of the claims directly supported by this builder are enforced. The 'iss' (issuer), 'sub' (subject), 'upn', 'preferred_username' and 'jti' (token identifier) claims must be of String type. The 'aud' (audience) and 'groups' claims must be either of String or Collection of String type. The 'iat' (issued at) and 'exp' (expires at) claims must be either of long or Instant type.

      Parameters:
      name - the claim name
      value - the claim value
      Returns:
      JwtClaimsBuilder
      Throws:
      IllegalArgumentException - - if the type of the claim directly supported by JwtClaimsBuilder is wrong

    • issuer

      public static JwtClaimsBuilder issuer(String issuer)
      Creates a new instance of JwtClaimsBuilder with a specified issuer.
      Parameters:
      issuer - the issuer
      Returns:
      JwtClaimsBuilder

    • subject

      public static JwtClaimsBuilder subject(String subject)
      Creates a new instance of JwtClaimsBuilder with a specified subject.
      Parameters:
      subject - the subject
      Returns:
      JwtClaimsBuilder

    • groups

      public static JwtClaimsBuilder groups(String groups)
      Creates a new instance of JwtClaimsBuilder with a specified 'groups' claim.
      Parameters:
      groups - the groups
      Returns:
      JwtClaimsBuilder

    • groups

      public static JwtClaimsBuilder groups(Set<String> groups)
      Creates a new instance of JwtClaimsBuilder with a specified 'groups' claim.
      Parameters:
      groups - the groups
      Returns:
      JwtClaimsBuilder

    • scope

      public static JwtClaimsBuilder scope(String scope)
      Creates a new instance of JwtClaimsBuilder with a specified 'scope' claim.
      Parameters:
      scope - the scope
      Returns:
      JwtClaimsBuilder

    • scope

      public static JwtClaimsBuilder scope(Set<String> scopes)
      Creates a new instance of JwtClaimsBuilder with a specified 'scope' claim.
      Parameters:
      scopes - the scopes
      Returns:
      JwtClaimsBuilder

    • audience

      public static JwtClaimsBuilder audience(String audience)
      Creates a new instance of JwtClaimsBuilder with a specified 'audience' claim.
      Parameters:
      audience - the audience
      Returns:
      JwtClaimsBuilder

    • audience

      public static JwtClaimsBuilder audience(Set<String> audiences)
      Creates a new instance of JwtClaimsBuilder with a specified 'audience' claim.
      Parameters:
      audiences - the audience
      Returns:
      JwtClaimsBuilder

    • upn

      public static JwtClaimsBuilder upn(String upn)
      Creates a new instance of JwtClaimsBuilder with a specified 'upn' claim.
      Parameters:
      upn - the upn
      Returns:
      JwtClaimsBuilder

    • preferredUserName

      public static JwtClaimsBuilder preferredUserName(String preferredUserName)
      Creates a new instance of JwtClaimsBuilder with a specified 'preferred_username' claim.
      Parameters:
      preferredUserName - the preferred user name
      Returns:
      JwtClaimsBuilder

    • sign

      public static String sign(String jsonLocation)
      Sign the claims loaded from a JSON resource using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location". Private RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      jsonLocation - JSON resource location
      Returns:
      signed JWT token
      Throws:
      JwtSignatureException - the exception if the signing operation has failed

    • sign

      public static String sign(Map<String,Object> claims)
      Sign the claims using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location". Private RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      claims - the map with the claim name and value pairs. Claim value is converted to String unless it is an instance of Boolean, Number, Collection, Map, JsonObject or JsonArray
      Returns:
      signed JWT token
      Throws:
      JwtSignatureException - the exception if the signing operation has failed

    • sign

      public static String sign(jakarta.json.JsonObject jsonObject)
      Sign the claims loaded from JsonObject using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location". Private RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      jsonObject - JsonObject containing the claims.
      Returns:
      signed JWT token
      Throws:
      JwtSignatureException - the exception if the signing operation has failed

    • signJson

      public static String signJson(String json)
      Sign the claims from a JSON string using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location". Private RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      json - JSON string
      Returns:
      signed JWT token
      Throws:
      JwtSignatureException - the exception if the signing operation has failed

    • encrypt

      public static String encrypt(String jsonLocation)
      Encrypt the claims loaded from a JSON resource using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      jsonLocation - JSON resource location
      Returns:
      encrypted JWT token
      Throws:
      JwtEncryptionException - the exception if the encryption operation has failed

    • encrypt

      public static String encrypt(Map<String,Object> claims)
      Encrypt the claims using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      claims - the map with the claim name and value pairs. Claim value is converted to String unless it is an instance of Boolean, Number, Collection, Map, JsonObject or JsonArray
      Returns:
      encrypted JWT token
      Throws:
      JwtEncryptionException - the exception if the encryption operation has failed

    • encrypt

      public static String encrypt(jakarta.json.JsonObject jsonObject)
      Encrypt the claims loaded from JsonObject using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      jsonObject - JsonObject containing the claims.
      Returns:
      encrypted JWT token
      Throws:
      JwtEncryptionException - the exception if the encryption operation has failed

    • encryptJson

      public static String encryptJson(String json)
      Encrypt the claims from a JSON string using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      json - JSON string
      Returns:
      encrypted JWT token
      Throws:
      JwtEncryptionException - the exception if the encryption operation has failed

    • innerSignAndEncrypt

      public static String innerSignAndEncrypt(String jsonLocation)
      Sign the claims loaded from a JSON resource using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      jsonLocation - JSON resource location
      Returns:
      encrypted JWT token
      Throws:
      JwtEncryptionException - the exception if the encryption operation has failed

    • innerSignAndEncrypt

      public static String innerSignAndEncrypt(Map<String,Object> claims)
      Sign the claims using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      claims - the map with the claim name and value pairs. Claim value is converted to String unless it is an instance of Boolean, Number, Collection, Map, JsonObject or JsonArray
      Returns:
      encrypted JWT token
      Throws:
      JwtEncryptionException - the exception if the encryption operation has failed

    • innerSignAndEncrypt

      public static String innerSignAndEncrypt(jakarta.json.JsonObject jsonObject)
      Sign the claims loaded from JsonObject using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      jsonObject - JsonObject containing the claims.
      Returns:
      encrypted JWT token
      Throws:
      JwtEncryptionException - the exception if the encryption operation has failed

    • innerSignAndEncryptJson

      public static String innerSignAndEncryptJson(String json)
      Sign the claims from a JSON string using 'RS256' algorithm with a private RSA key loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location". Public RSA key of size 2048 bits or larger MUST be used. The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims will be set and the `iss` issuer claim may be set by the implementation unless they have already been set. See JwtClaimsBuilder description for more information.
      Parameters:
      json - JSON string
      Returns:
      encrypted JWT token
      Throws:
      JwtEncryptionException - the exception if the encryption operation has failed