• Home
• com.google.api-client
• google-api-client
• 2.4.1
• source code
• GoogleIdToken.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.google.api.client.googleapis.auth.oauth2.GoogleIdToken Maven / Gradle / Ivy

/*
 * Copyright 2012 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 * in compliance with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */

package com.google.api.client.googleapis.auth.oauth2;

import com.google.api.client.auth.openidconnect.IdToken;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.Beta;
import com.google.api.client.util.Key;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.List;

/**
 * {@link Beta} 

 * Google ID tokens as specified in OpenID Connect.
 *
 * 
Google ID tokens contain useful information about the authorized end user. Google ID tokens
 * are signed and the signature must be verified using {@link #verify(GoogleIdTokenVerifier)}.
 *
 * 
Implementation is not thread-safe.
 *
 * @since 1.7
 * @author Yaniv Inbar
 */
@SuppressWarnings("javadoc")
@Beta
public class GoogleIdToken extends IdToken {

  /**
   * Parses the given ID token string and returns the parsed {@link GoogleIdToken}.
   *
   * @param jsonFactory JSON factory
   * @param idTokenString ID token string
   * @return parsed Google ID token
   */
  public static GoogleIdToken parse(JsonFactory jsonFactory, String idTokenString)
      throws IOException {
    JsonWebSignature jws =
        JsonWebSignature.parser(jsonFactory).setPayloadClass(Payload.class).parse(idTokenString);
    return new GoogleIdToken(
        jws.getHeader(),
        (Payload) jws.getPayload(),
        jws.getSignatureBytes(),
        jws.getSignedContentBytes());
  }

  /**
   * @param header header
   * @param payload payload
   * @param signatureBytes bytes of the signature
   * @param signedContentBytes bytes of the signature content
   */
  public GoogleIdToken(
      Header header, Payload payload, byte[] signatureBytes, byte[] signedContentBytes) {
    super(header, payload, signatureBytes, signedContentBytes);
  }

  /**
   * Verifies that this ID token is valid using {@link GoogleIdTokenVerifier#verify(GoogleIdToken)}.
   */
  public boolean verify(GoogleIdTokenVerifier verifier)
      throws GeneralSecurityException, IOException {
    return verifier.verify(this);
  }

  @Override
  public Payload getPayload() {
    return (Payload) super.getPayload();
  }

  /**
   * {@link Beta} 

   * Google ID token payload.
   */
  @Beta
  public static class Payload extends IdToken.Payload {
    /** Hosted domain name if asserted user is a domain managed user or {@code null} for none. */
    @Key("hd")
    private String hostedDomain;

    /** E-mail of the user or {@code null} if not requested. */
    @Key("email")
    private String email;

    /**
     * {@code true} if the email is verified. TODO(mwan): change the type of the field to Boolean
     * and the handling in {@link #getEmailVerified()} accordingly after Google OpenID Connect
     * endpoint fixes the type of the field in ID Token.
     */
    @Key("email_verified")
    private Object emailVerified;

    public Payload() {}

    /**
     * Returns the obfuscated Google user id or {@code null} for none.
     *
     * @deprecated (scheduled to be removed in 1.18) Use {@link #getSubject()} instead.
     */
    @Deprecated
    public String getUserId() {
      return getSubject();
    }

    /**
     * Sets the obfuscated Google user id or {@code null} for none.
     *
     * @deprecated (scheduled to be removed in 1.18) Use {@link #setSubject(String)} instead.
     */
    @Deprecated
    public Payload setUserId(String userId) {
      return setSubject(userId);
    }

    /**
     * Returns the client ID of issuee or {@code null} for none.
     *
     * @deprecated (scheduled to be removed in 1.18) Use {@link #getAuthorizedParty()} instead.
     */
    @Deprecated
    public String getIssuee() {
      return getAuthorizedParty();
    }

    /**
     * Sets the client ID of issuee or {@code null} for none.
     *
     * @deprecated (scheduled to be removed in 1.18) Use {@link #setAuthorizedParty(String)}
     *     instead.
     */
    @Deprecated
    public Payload setIssuee(String issuee) {
      return setAuthorizedParty(issuee);
    }

    /**
     * Returns the hosted domain name if asserted user is a domain managed user or {@code null} for
     * none.
     */
    public String getHostedDomain() {
      return hostedDomain;
    }

    /**
     * Sets the hosted domain name if asserted user is a domain managed user or {@code null} for
     * none.
     */
    public Payload setHostedDomain(String hostedDomain) {
      this.hostedDomain = hostedDomain;
      return this;
    }

    /**
     * Returns the e-mail address of the user or {@code null} if it was not requested.
     *
     * 
Requires the {@code "https://www.googleapis.com/auth/userinfo.email"} scope.
     *
     * @since 1.10
     */
    public String getEmail() {
      return email;
    }

    /**
     * Sets the e-mail address of the user or {@code null} if it was not requested.
     *
     * 
Used in conjunction with the {@code "https://www.googleapis.com/auth/userinfo.email"}
     * scope.
     *
     * @since 1.10
     */
    public Payload setEmail(String email) {
      this.email = email;
      return this;
    }

    /**
     * Returns {@code true} if the users e-mail address has been verified by Google.
     *
     * 
Requires the {@code "https://www.googleapis.com/auth/userinfo.email"} scope.
     *
     * @since 1.10
     *     
Upgrade warning: in prior version 1.16 this method accessed {@code "verified_email"}
     *     and returns a boolean, but starting with version 1.17, it now accesses {@code
     *     "email_verified"} and returns a Boolean. Previously, if this value was not specified,
     *     this method would return {@code false}, but now it returns {@code null}.
     */
    public Boolean getEmailVerified() {
      if (emailVerified == null) {
        return null;
      }
      if (emailVerified instanceof Boolean) {
        return (Boolean) emailVerified;
      }

      return Boolean.valueOf((String) emailVerified);
    }

    /**
     * Sets whether the users e-mail address has been verified by Google or not.
     *
     * 
Used in conjunction with the {@code "https://www.googleapis.com/auth/userinfo.email"}
     * scope.
     *
     * @since 1.10
     *     
Upgrade warning: in prior version 1.16 this method accessed {@code "verified_email"}
     *     and required a boolean parameter, but starting with version 1.17, it now accesses {@code
     *     "email_verified"} and requires a Boolean parameter.
     */
    public Payload setEmailVerified(Boolean emailVerified) {
      this.emailVerified = emailVerified;
      return this;
    }

    @Override
    public Payload setAuthorizationTimeSeconds(Long authorizationTimeSeconds) {
      return (Payload) super.setAuthorizationTimeSeconds(authorizationTimeSeconds);
    }

    @Override
    public Payload setAuthorizedParty(String authorizedParty) {
      return (Payload) super.setAuthorizedParty(authorizedParty);
    }

    @Override
    public Payload setNonce(String nonce) {
      return (Payload) super.setNonce(nonce);
    }

    @Override
    public Payload setAccessTokenHash(String accessTokenHash) {
      return (Payload) super.setAccessTokenHash(accessTokenHash);
    }

    @Override
    public Payload setClassReference(String classReference) {
      return (Payload) super.setClassReference(classReference);
    }

    @Override
    public Payload setMethodsReferences(List methodsReferences) {
      return (Payload) super.setMethodsReferences(methodsReferences);
    }

    @Override
    public Payload setExpirationTimeSeconds(Long expirationTimeSeconds) {
      return (Payload) super.setExpirationTimeSeconds(expirationTimeSeconds);
    }

    @Override
    public Payload setNotBeforeTimeSeconds(Long notBeforeTimeSeconds) {
      return (Payload) super.setNotBeforeTimeSeconds(notBeforeTimeSeconds);
    }

    @Override
    public Payload setIssuedAtTimeSeconds(Long issuedAtTimeSeconds) {
      return (Payload) super.setIssuedAtTimeSeconds(issuedAtTimeSeconds);
    }

    @Override
    public Payload setIssuer(String issuer) {
      return (Payload) super.setIssuer(issuer);
    }

    @Override
    public Payload setAudience(Object audience) {
      return (Payload) super.setAudience(audience);
    }

    @Override
    public Payload setJwtId(String jwtId) {
      return (Payload) super.setJwtId(jwtId);
    }

    @Override
    public Payload setType(String type) {
      return (Payload) super.setType(type);
    }

    @Override
    public Payload setSubject(String subject) {
      return (Payload) super.setSubject(subject);
    }

    @Override
    public Payload set(String fieldName, Object value) {
      return (Payload) super.set(fieldName, value);
    }

    @Override
    public Payload clone() {
      return (Payload) super.clone();
    }
  }
}