Package io.smallrye.jwt.build

Interface JwtEncryptionBuilder

All Superinterfaces:
JwtEncryption
public interface JwtEncryptionBuilder extends JwtEncryption
JWT JsonWebEncryption Builder.

JwtEncryptionBuilder implementations must set the 'alg' (algorithm) header to 'RSA-OAEP-256' and 'enc' (content encryption algorithm) header to 'A256GCM' unless they have already been set. The 'cty' (content type) header must be set to 'JWT' when the inner signed JWT is encrypted.

Note that JwtEncryptionBuilder implementations are not expected to be thread-safe. However reusing a single JwtEncryptionBuilder for creating more than one encrypted token is not recommended because a single JwtEncryptionBuilder can not provide a unique token identifier per every token.

See Also:

  • Method Details

    • keyAlgorithm

      JwtEncryptionBuilder keyAlgorithm(KeyEncryptionAlgorithm algorithm)
      Set an 'alg' key encryption algorithm. Note that only 'RSA-OAEP-256' (default), 'ECDH-ES+A256KW' and 'A256KW' algorithms must be supported. A key of size 2048 bits or larger MUST be used with 'RSA-OAEP-256' algorithm.
      Parameters:
      algorithm - the key encryption algorithm
      Returns:
      JwtEncryptionBuilder
      Since:
      2.1.3

    • keyEncryptionAlgorithm

      @Deprecated default JwtEncryptionBuilder keyEncryptionAlgorithm(KeyEncryptionAlgorithm algorithm)
      Deprecated.
      Use keyAlgorithm(io.smallrye.jwt.algorithm.KeyEncryptionAlgorithm)
      Set an 'alg' key encryption algorithm. Note that only 'RSA-OAEP-256' (default), 'ECDH-ES+A256KW' and 'A256KW' algorithms must be supported. A key of size 2048 bits or larger MUST be used with 'RSA-OAEP-256' algorithm.
      Parameters:
      algorithm - the key encryption algorithm
      Returns:
      JwtEncryptionBuilder

    • contentAlgorithm

      JwtEncryptionBuilder contentAlgorithm(ContentEncryptionAlgorithm algorithm)
      Set an 'enc' content encryption algorithm. Note that only 'A256GCM' (default) and 'A128CBC-HS256' algorithms must be supported.
      Parameters:
      algorithm - the content encryption algorithm
      Returns:
      JwtEncryptionBuilder
      Since:
      2.1.3

    • contentEncryptionAlgorithm

      @Deprecated default JwtEncryptionBuilder contentEncryptionAlgorithm(ContentEncryptionAlgorithm algorithm)
      Deprecated.
      Use contentAlgorithm(io.smallrye.jwt.algorithm.ContentEncryptionAlgorithm)
      Set an 'enc' content encryption algorithm. Note that only 'A256GCM' (default) and 'A128CBC-HS256' algorithms must be supported.
      Parameters:
      algorithm - the content encryption algorithm
      Returns:
      JwtEncryptionBuilder

    • keyId

      JwtEncryptionBuilder keyId(String keyId)
      Set a 'kid' key encryption key id.
      Parameters:
      keyId - the key id
      Returns:
      JwtEncryptionBuilder
      Since:
      2.1.3

    • keyEncryptionKeyId

      @Deprecated default JwtEncryptionBuilder keyEncryptionKeyId(String keyId)
      Deprecated.
      Use keyId(java.lang.String)
      Set a 'kid' key encryption key id.
      Parameters:
      keyId - the key id
      Returns:
      JwtEncryptionBuilder

    • type

      JwtEncryptionBuilder type(String type)
      Set a type (`typ`) header.
      Parameters:
      type - the type
      Returns:
      JwtEncryptionBuilder

    • header

      JwtEncryptionBuilder header(String name, Object value)
      Custom JWT encryption header. If the 'alg' (algorithm) header is set with this method then it has to match one of the KeyEncryptionAlgorithm values. If the 'enc' (encryption) header is set with this method then it has to match one of the ContentEncryptionAlgorithm values.
      Parameters:
      name - the header name
      value - the header value
      Returns:
      JwtEncryptionBuilder