Class IdToken (1.36.0)

public class IdToken extends JsonWebSignature

Beta
ID token as described in ID Token.

Use #parse(JsonFactory, String) to parse an ID token from a string. Then, use the verify methods to verify the ID token as required by the specification.

Implementation is not thread-safe.

Inheritance

java.lang.Object > JsonWebToken > com.google.api.client.json.webtoken.JsonWebSignature > IdToken

Inherited Members

com.google.api.client.json.webtoken.JsonWebSignature.getHeader()

com.google.api.client.json.webtoken.JsonWebSignature.getSignatureBytes()

com.google.api.client.json.webtoken.JsonWebSignature.getSignedContentBytes()

com.google.api.client.json.webtoken.JsonWebSignature.parse(com.google.api.client.json.JsonFactory,java.lang.String)

com.google.api.client.json.webtoken.JsonWebSignature.parser(com.google.api.client.json.JsonFactory)

com.google.api.client.json.webtoken.JsonWebSignature.signUsingRsaSha256(java.security.PrivateKey,com.google.api.client.json.JsonFactory,com.google.api.client.json.webtoken.JsonWebSignature.Header,com.google.api.client.json.webtoken.JsonWebToken.Payload)

com.google.api.client.json.webtoken.JsonWebSignature.verifySignature()

com.google.api.client.json.webtoken.JsonWebSignature.verifySignature(java.security.PublicKey)

com.google.api.client.json.webtoken.JsonWebSignature.verifySignature(javax.net.ssl.X509TrustManager)

com.google.api.client.json.webtoken.JsonWebToken.getPayload()

com.google.api.client.json.webtoken.JsonWebToken.toString()

Object.clone()

Object.equals(Object)

Object.finalize()

Object.getClass()

Object.hashCode()

Object.notify()

Object.notifyAll()

Object.wait()

Object.wait(long)

Object.wait(long,int)

Static Methods

parse(JsonFactory jsonFactory, String idTokenString)

public static IdToken parse(JsonFactory jsonFactory, String idTokenString)

Parses the given ID token string and returns the parsed ID token.

Parameters
Name	Description
`jsonFactory`	`com.google.api.client.json.JsonFactory` JSON factory
`idTokenString`	`String` ID token string

Returns
Type	Description
`IdToken`	parsed ID token

Exceptions
Type	Description
`IOException`

Constructors

IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)

public IdToken(JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)

Parameters
Name	Description
`header`	`com.google.api.client.json.webtoken.JsonWebSignature.Header` header
`payload`	`IdToken.Payload` payload
`signatureBytes`	`byte[]` bytes of the signature
`signedContentBytes`	`byte[]` bytes of the signature content

Methods

getPayload()

public IdToken.Payload getPayload()

Returns
Type	Description
`IdToken.Payload`

Overrides

com.google.api.client.json.webtoken.JsonWebToken.getPayload()

verifyAudience(Collection<String> trustedClientIds)

public final boolean verifyAudience(Collection<String> trustedClientIds)

Returns whether the audience in the payload contains only client IDs that are trusted as specified in step 2 of ID Token Validation.

Parameter
Name	Description
`trustedClientIds`	`Collection<String>` list of trusted client IDs

Returns
Type	Description
`boolean`

verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getExpirationTimeSeconds is valid relative to the current time, allowing for a clock skew as specified in step 5 of ID Token Validation.

Parameters
Name	Description
`currentTimeMillis`	`long` current time in milliseconds (typically System#currentTimeMillis())
`acceptableTimeSkewSeconds`	`long` seconds of acceptable clock skew

Returns
Type	Description
`boolean`

verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getIssuedAtTimeSeconds is valid relative to the current time, allowing for a clock skew as specified in step 6 of ID Token Validation.

Parameters
Name	Description
`currentTimeMillis`	`long` current time in milliseconds (typically System#currentTimeMillis())
`acceptableTimeSkewSeconds`	`long` seconds of acceptable clock skew

Returns
Type	Description
`boolean`

verifyIssuer(String expectedIssuer)

public final boolean verifyIssuer(String expectedIssuer)

Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.

Parameter
Name	Description
`expectedIssuer`	`String` expected issuer

Returns
Type	Description
`boolean`

verifyIssuer(Collection<String> expectedIssuer)

public final boolean verifyIssuer(Collection<String> expectedIssuer)

Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation. When an issuer is migrating to a new issuer string the expected issuer has multiple aliases, so multiple are permitted here.

Parameter
Name	Description
`expectedIssuer`	`Collection<String>`

Returns
Type	Description
`boolean`

verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

public final boolean verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)

Returns whether the Payload#getExpirationTimeSeconds and Payload#getIssuedAtTimeSeconds are valid relative to the current time, allowing for a clock skew as specified in steps 5 and 6 of ID Token Validation.

Parameters
Name	Description
`currentTimeMillis`	`long` current time in milliseconds (typically System#currentTimeMillis())
`acceptableTimeSkewSeconds`	`long` seconds of acceptable clock skew

Returns
Type	Description
`boolean`