Package com.auth0.utils.tokens

Class IdTokenVerifier

java.lang.Object

com.auth0.utils.tokens.IdTokenVerifier

public final class IdTokenVerifier
extends Object

Provides utility methods for validating an OIDC-compliant ID token. See the OIDC Specification for more information.

This class is not thread-safe: It makes use of Date and Calendar classes to verify time sensitive claims.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	IdTokenVerifier.Builder	Builder class to construct a IdTokenVerifier

Method Summary

Modifier and Type	Method	Description
static IdTokenVerifier.Builder	init(String issuer, String audience, SignatureVerifier signatureVerifier)	Initialize an instance of IdTokenVerifier.
void	verify(String token)	Verifies a provided ID Token follows the OIDC specification.
void	verify(String token, String nonce)	Verifies a provided ID Token follows the OIDC specification.
void	verify(String token, String nonce, Integer maxAuthenticationAge)	Verifies a provided ID Token follows the OIDC specification.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

init

public static IdTokenVerifier.Builder init(String issuer,
 String audience,
 SignatureVerifier signatureVerifier)

Initialize an instance of IdTokenVerifier.

Parameters:

issuer - the expected issuer of the token. Must not be null.

audience - the expected audience of the token. Must not be null.

signatureVerifier - the SignatureVerifier to use when verifying the token. Must not be null.

Returns:

a IdTokenVerifier.Builder for further configuration.

verify

public void verify(String token)
            throws IdTokenValidationException

Verifies a provided ID Token follows the OIDC specification.

Parameters:

token - the ID Token to verify. Must not be null or empty.

Throws:

IdTokenValidationException - if:

• The ID token is null
• The ID token's signing algorithm is not supported
• The ID token's signature is invalid
• Any of the ID token's claims are invalid

See Also:

• verify(String, String)
• verify(String, String, Integer)

verify

public void verify(String token,
 String nonce)
            throws IdTokenValidationException

Verifies a provided ID Token follows the OIDC specification.

Parameters:

token - the ID Token to verify.

nonce - the nonce expected on the ID token, which must match the nonce specified on the authorization request. If null, no validation of the nonce will occur.

Throws:

IdTokenValidationException - if:

• The ID token is null
• The ID token's signing algorithm is not supported
• The ID token's signature is invalid
• Any of the ID token's claims are invalid

See Also:

• verify(String)
• verify(String, String, Integer)

verify

public void verify(String token,
 String nonce,
 Integer maxAuthenticationAge)
            throws IdTokenValidationException

Verifies a provided ID Token follows the OIDC specification.

Parameters:

token - the ID Token to verify. Must not be null or empty.

nonce - the nonce expected on the ID token, which must match the nonce specified on the authorization request. If null, no validation of the nonce will occur.

maxAuthenticationAge - The maximum authentication age allowed, which specifies the allowable elapsed time in seconds since the last time the end-user was actively authenticated. This must match the specified max_age parameter specified on the authorization request. If null, no validation of the auth_time claim will occur.

Throws:

IdTokenValidationException - if:

• The ID token is null
• The ID token's signing algorithm is not supported
• The ID token's signature is invalid
• Any of the ID token's claims are invalid

See Also:

• verify(String)
• verify(String, String)