Package io.smallrye.jwt.build

Interface JwtClaimsBuilder

All Superinterfaces:
JwtSignature
public interface JwtClaimsBuilder extends JwtSignature
JWT Claims Builder.

JwtClaimsBuilder implementations must set the 'iat' (issued at time), 'exp' (expiration time) and 'jti' (unique token identifier) claims unless they have already been set or the 'smallrye.jwt.new-token.add-default-claims' property is set to "false". JwtClaimsBuilder must ensure a 'jti' claim value is unique when the same builder is used for building more than one token.

By default the 'iat' claim is set to the current time in seconds and the 'exp' claim is set by adding a default token lifespan value of 5 minutes to the 'iat' claim value. The 'smallrye.jwt.new-token.lifespan' property can be used to customize a new token lifespan and its 'exp' claim values.

The 'iss' (issuer) claim must be set if it has not already been set and the 'smallrye.jwt.new-token.issuer' property is set. The 'aud' (audience) claim must be set if it has not already been set and the 'smallrye.jwt.new-token.audience' property is set.

Note that 'smallrye.jwt.new-token.issuer' and 'smallrye.jwt.new-token.audience' property values, if set, will override the existing `iss` and `aud` claim values if the 'smallrye.jwt.new-token.override-matching-claims' is set to 'true'. For example, it can be useful when propagating a JWT token whose 'issuer' and/or `audience` properties have to be updated without using this interface.

Note that JwtClaimsBuilder implementations are not expected to be thread-safe.

See Also:

  • Method Details

    • issuer

      JwtClaimsBuilder issuer(String issuer)
      Set an issuer 'iss' claim
      Parameters:
      issuer - the issuer
      Returns:
      JwtClaimsBuilder

    • subject

      JwtClaimsBuilder subject(String subject)
      Set a subject 'sub' claim
      Parameters:
      subject - the subject
      Returns:
      JwtClaimsBuilder

    • upn

      JwtClaimsBuilder upn(String upn)
      Set a 'upn' claim
      Parameters:
      upn - the upn
      Returns:
      JwtClaimsBuilder

    • preferredUserName

      JwtClaimsBuilder preferredUserName(String preferredUserName)
      Set a preferred user name 'preferred_username' claim
      Parameters:
      preferredUserName - the preferred user name
      Returns:
      JwtClaimsBuilder

    • issuedAt

      JwtClaimsBuilder issuedAt(long issuedAt)
      Set an issuedAt 'iat' claim
      Parameters:
      issuedAt - the issuedAt time in seconds
      Returns:
      JwtClaimsBuilder

    • issuedAt

      default JwtClaimsBuilder issuedAt(Instant issuedAt)
      Set an issuedAt 'iat' claim
      Parameters:
      issuedAt - the issuedAt time in seconds
      Returns:
      JwtClaimsBuilder

    • expiresAt

      JwtClaimsBuilder expiresAt(long expiresAt)
      Set an expiry 'exp' claim
      Parameters:
      expiresAt - the absolute expiry time in seconds
      Returns:
      JwtClaimsBuilder

    • expiresAt

      default JwtClaimsBuilder expiresAt(Instant expiresAt)
      Set an expiry 'exp' claim
      Parameters:
      expiresAt - the absolute expiry time in seconds
      Returns:
      JwtClaimsBuilder

    • expiresIn

      JwtClaimsBuilder expiresIn(long expiresIn)
      Set a relative expiry time.
      Parameters:
      expiresIn - the relative expiry time in seconds which will be added to the 'iat' (issued at) claim value to calculate the value of the 'exp' (expires at) claim.
      Returns:
      JwtClaimsBuilder

    • expiresIn

      default JwtClaimsBuilder expiresIn(Duration expiresIn)
      Set a relative expiry time.
      Parameters:
      expiresIn - the relative expiry time in seconds which will be added to the 'iat' (issued at) claim value to calculate the value of the 'exp' (expires at) claim.
      Returns:
      JwtClaimsBuilder

    • groups

      default JwtClaimsBuilder groups(String group)
      Set a single value 'groups' claim
      Parameters:
      group - the groups
      Returns:
      JwtClaimsBuilder

    • groups

      JwtClaimsBuilder groups(Set<String> groups)
      Set a multiple value 'groups' claim
      Parameters:
      groups - the groups
      Returns:
      JwtClaimsBuilder

    • scope

      default JwtClaimsBuilder scope(String scope)
      Set a 'scope' claim value
      Parameters:
      scope - the scope
      Returns:
      JwtClaimsBuilder

    • scope

      JwtClaimsBuilder scope(Set<String> scopes)
      Set a multiple value 'scope' claim whose value will be represented as a String where each scope value is separated by the " " space character.
      Parameters:
      scopes - the scopes
      Returns:
      JwtClaimsBuilder

    • audience

      JwtClaimsBuilder audience(String audience)
      Set a single value audience 'aud' claim
      Parameters:
      audience - the audience
      Returns:
      JwtClaimsBuilder

    • audience

      JwtClaimsBuilder audience(Set<String> audiences)
      Set a multiple value audience 'aud' claim whose value will be represented as a JSON array
      Parameters:
      audiences - the audiences
      Returns:
      JwtClaimsBuilder

    • claim

      default JwtClaimsBuilder claim(org.eclipse.microprofile.jwt.Claims name, Object value)
      Set a claim. Simple claim value are converted to String unless it is an instance of Boolean, Number, Instant or PublicKey.

      Instant values have their number of seconds from the epoch converted to long.

      PublicKey values are converted to JSON Web Key (JWK) representations.

      Array claims can be set as Collection or JsonArray, complex claims can be set as Map or JsonObject. The members of the array claims can be complex claims.

      Types of claims directly supported by this builder are enforced. The 'iss' (issuer), 'sub' (subject), 'upn', 'preferred_username' and 'jti' (token identifier) claims must be of String type. The 'aud' (audience) and 'groups' claims must be either of String or Collection of String type. The 'iat' (issued at) and 'exp' (expires at) claims must be either of long or Instant type.

      Parameters:
      name - the claim name
      value - the claim value
      Returns:
      JwtClaimsBuilder
      Throws:
      IllegalArgumentException - - if the type of the claim directly supported by this builder is wrong

    • claim

      JwtClaimsBuilder claim(String name, Object value)
      Set a claim. Simple claim value are converted to String unless it is an instance of Boolean, Number, Instant or PublicKey.

      Instant values have their number of seconds from the epoch converted to long.

      PublicKey values are converted to JSON Web Key (JWK) representations.

      Array claims can be set as Collection or JsonArray, complex claims can be set as Map or JsonObject. The members of the array claims can be complex claims.

      Types of the claims directly supported by this builder are enforced. The 'iss' (issuer), 'sub' (subject), 'upn', 'preferred_username' and 'jti' (token identifier) claims must be of String type. The 'aud' (audience) and 'groups' claims must be either of String or Collection of String type. The 'iat' (issued at) and 'exp' (expires at) claims must be either of long or Instant type.

      Parameters:
      name - the claim name
      value - the claim value
      Returns:
      JwtClaimsBuilder
      Throws:
      IllegalArgumentException - - if the type of the claim directly supported by this builder is wrong

    • remove

      JwtClaimsBuilder remove(String name)
      Remove a claim.
      Parameters:
      name - the claim name
      Returns:
      JwtClaimsBuilder

    • jws

      JwtSignatureBuilder jws()
      Set JsonWebSignature headers and sign the claims by moving to JwtSignatureBuilder
      Returns:
      JwtSignatureBuilder

    • jwe

      JwtEncryptionBuilder jwe()
      Set JsonWebEncryption headers and encrypt the claims by moving to JwtEncryptionBuilder
      Returns:
      JwtSignatureBuilder