Package jakarta.security.enterprise.identitystore.openid

Interface JwtClaims

  • All Superinterfaces:
    Claims
    public interface JwtClaims
extends Claims
    Standard JWT claims. A token typically.

    • Field Detail

      • NONE

        static final JwtClaims NONE
        Singleton instance representing no claims

    • Method Detail

      • getIssuer

        default Optional<String> getIssuer()
        The principal that issued the JWT
        Returns:
        value of iss claim

      • getSubject

        default Optional<String> getSubject()
        The principal that is the subject of the JWT. The claims in a JWT are normally statements about the subject.
        Returns:
        value of sub claim

      • getAudience

        default List<String> getAudience()
        The recipients that the JWT is intended for. To ease work with the field, audience is always represented as list, also in special cases -- it is singleton list when it was a string in the token, and empty set if it was not present.
        Returns:
        non-null set representing the values of aud claim

      • getExpirationTime

        default Optional<Instant> getExpirationTime()
        Expiration time on or after which the JWT MUST NOT be accepted for processing.
        Returns:
        value of exp claim

      • isExpired

        default boolean isExpired​(Clock clock,
                          boolean required,
                          Duration skew)
        Check if JWT is expired
        Parameters:
        clock - Clock representing reference time of checking
        required - indication whether the claim is required, i. e. whether token with claim is considered expired
        skew - allowed clock skew to account for drift between provider and us
        Returns:
        true when current time is past expiration time, or exp claim is not present and required is true

      • getNotBeforeTime

        default Optional<Instant> getNotBeforeTime()
        The time before which the JWT MUST NOT be accepted for processing.
        Returns:

      • isBeforeValidity

        default boolean isBeforeValidity​(Clock clock,
                                 boolean required,
                                 Duration skew)
        Check if JWT is before its defined validity
        Parameters:
        clock - Clock representing reference time of checking
        required - indication, whether the claim is required, i. e. whether token without nbf is considered before validity
        skew - allowed clock skew to account for drift between provider and us
        Returns:

      • isValid

        default boolean isValid()
        Check JWT validity against current time with 1MIN clock skew.
        Returns:
        true if exp token is present and within limits and nbf is within limits when present

      • getIssuedAt

        default Optional<Instant> getIssuedAt()
        The time at which the JWT was issued.
        Returns:
        value of exp claim

      • getJwtId

        default Optional<String> getJwtId()
        Unique identifier for the JWT
        Returns:
        value of jti claim