public final class JWT extends Object
| Constructor and Description |
|---|
JWT() |
| Modifier and Type | Method and Description |
|---|---|
JWT |
addJWK(JWK jwk)
Adds a JSON Web Key (rfc7517) to the crypto map.
|
JWT |
allowEmbeddedKey(boolean allowEmbeddedKey)
Enable/Disable support for embedded keys.
|
Collection<String> |
availableAlgorithms() |
JsonObject |
decode(String token) |
JsonObject |
decode(String token,
boolean full) |
boolean |
isScopeGranted(JsonObject jwt,
JWTOptions options)
Scope claim are used to grant access to a specific resource.
|
boolean |
isUnsecure() |
JWT |
nonceAlgorithm(String alg) |
static JsonObject |
parse(byte[] token) |
static JsonObject |
parse(String token) |
String |
sign(JsonObject payload,
JWTOptions options) |
public JWT addJWK(JWK jwk)
jwk - a JSON Web Keypublic JWT allowEmbeddedKey(boolean allowEmbeddedKey)
false.
By default this is disabled as it could be used as an attack vector to the application. A malicious user could
generate a self signed certificate and embed the public certificate on the token, which would always pass the
validation.
Users of this feature should regardless of the validation status, ensure that the chain is valid by adding a
well known root certificate (that has been previously agreed with the server).allowEmbeddedKey - when true embedded keys are used to check the signature.public static JsonObject parse(byte[] token)
public static JsonObject parse(String token)
public JsonObject decode(String token)
public JsonObject decode(String token, boolean full)
public boolean isScopeGranted(JsonObject jwt, JWTOptions options)
jwt - JsonObject decoded json web token value.options - JWTOptions coming from the provider.public String sign(JsonObject payload, JWTOptions options)
public boolean isUnsecure()
public Collection<String> availableAlgorithms()
Copyright © 2021. All rights reserved.