Interface JWT
- All Superinterfaces:
JWS
public interface JWT extends JWS
JWT
represents a parsed JWT (JSON Web Token) Object.
A JWT consists of three sections:
Header
The header consist of two parts:
- declaring the type, which is JWT
- the hashing algorithm used, e.g HMAC SHA256
{ "type": "JWT", "alg": "HS256" }
Payload
The payload contains the data for the JWT. These are known as JWT Claims. The claims contain all the information regarding the JWT. Typically the JWT payload is in JSON format
Registered Claims
Registered claims are not mandatory but they are reserved names outline in RFC 7519, These include:
- iss: The issuer of the token.
- sub: The subject of the token.
- aud: The audience of the token.
- exp: This will define the expiration in NumericDate value. The expiration MUST be after the current date/time.
- nbf: Defines the time before which the JWT MUST NOT be accepted for processing.
- iat: The time the JWT was issued. Can be used to determine the age of the JWT
- jti: Unique identifier for the JWT. Can be used to prevent the JWT from being replayed. This is helpful for a one time use token.
Public Claims
These are claims that are created, for example name, email etc..
An example payload:
{ "iss": "ebasetech.com", "exp": 1300819380, "name": "John Doe", "admin": true }
Signature The third and final part of our JSON Web Token is going to be the signature. The signature is omitted if the algorithm in the header is set to none. The signature is created by signing the concatenated base64Encoded header and payload:
Example of a HS256 signature:
var encodedString = base64UrlEncode(header) + "." + base64UrlEncode(payload); HMACSHA256(encodedString, 'secret');
- Since:
- V5.7
-
Method Summary
Modifier and Type Method Description java.lang.String[]
getAudience()
java.lang.Object
getClaim(java.lang.String claimName)
Returns a claim value for a given namejava.lang.Object[]
getClaimArray(java.lang.String claimName)
Returns a claim array value for a given namejava.lang.String[]
getClaimNames()
java.util.Date
getExpiration()
java.util.Date
getIssuedAt()
java.lang.String
getIssuer()
java.lang.String
getJWTId()
java.util.Date
getNotBefore()
java.lang.String
getSubject()
boolean
isExpired()
Methods inherited from interface com.ebasetech.xi.api.JWS
getHeader, getPayload, getSignature, isSigned, verifyFileJWKSet, verifyFromKeyStore, verifyHMAC, verifyInputStreamJWKSet, verifyPublicKey, verifyRemoteJWKSet
-
Method Details
-
getClaim
java.lang.Object getClaim(java.lang.String claimName)Returns a claim value for a given name- Parameters:
claimName
- of the claim value- Returns:
- value of the given claim name or null
- Since:
- V5.7
-
getClaimArray
java.lang.Object[] getClaimArray(java.lang.String claimName)Returns a claim array value for a given name- Parameters:
claimName
- of the claim value- Returns:
- value of the given claim name or null
- Since:
- V5.7
-
getExpiration
java.util.Date getExpiration()- Returns:
- the JWT expiration (
exp
) timestamp or null if not present. - Since:
- V5.7
-
isExpired
boolean isExpired()- Returns:
- true if the JWT date has expired (date is after now), false otherwise. If the (
exp
) claim is not set, false is returned. - Since:
- V5.7
-
getIssuedAt
java.util.Date getIssuedAt()- Returns:
- the JWT issued at timestamp (
iat
) or (null
) if not present. If present, this value is the timestamp when the JWT was created. - Since:
- V5.7
-
getNotBefore
java.util.Date getNotBefore()- Returns:
- Returns the JWT not before timestamp (
nbf
) or (null
) if not present. - Since:
- V5.7
-
getAudience
java.lang.String[] getAudience()- Returns:
- the JWT audience (
aud
) value or (null
) if not present. - Since:
- V5.7
-
getJWTId
java.lang.String getJWTId()- Returns:
- the JWTs JWT ID (
jti
) value or (null
) if not present. This value is a unique identifier for the JWT. If available, this value is expected to be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object. The ID can be used to prevent the JWT from being replayed. - Since:
- V5.7
-
getIssuer
java.lang.String getIssuer()- Returns:
- the JWT issuer (
iss
) value or (null
) if not present. - Since:
- V5.7
-
getSubject
java.lang.String getSubject()- Returns:
- the JWT subject (
sub
) value or (null
) if not present. - Since:
- V5.7
-
getClaimNames
java.lang.String[] getClaimNames()- Returns:
- all the claims names contained within the JWT. This should be used in conjunction with getClaim() to extract the value
- Since:
- V5.7
- See Also:
getClaim(String)
-