com.google.api.client.auth.openidconnect.IdTokenVerifier Maven / Gradle / Ivy
Show all versions of google-oauth-client Show documentation
/*
* Copyright (c) 2013 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package com.google.api.client.auth.openidconnect;
import com.google.api.client.util.Beta;
import com.google.api.client.util.Clock;
import com.google.api.client.util.Preconditions;
import java.util.Collection;
import java.util.Collections;
/**
* {@link Beta}
* Thread-safe ID token verifier based on ID Token
* Validation.
*
* Call {@link #verify(IdToken)} to verify a ID token. This is a light-weight object, so you may
* use a new instance for each configuration of expected issuer and trusted client IDs. Sample
* usage:
*
*
* IdTokenVerifier verifier = new IdTokenVerifier.Builder()
* .setIssuer("issuer.example.com")
* .setAudience(Arrays.asList("myClientId"))
* .build();
* ...
* if (!verifier.verify(idToken)) {...}
*
*
* Note that {@link #verify(IdToken)} only implements a subset of the verification steps, mostly
* just the MUST steps. Please read getAudience() {
return audience;
}
/**
* Sets the list of trusted audience client IDs or {@code null} to suppress the audience check.
*
* Overriding is only supported for the purpose of calling the super implementation and
* changing the return type, but nothing else.
*/
public Builder setAudience(Collection audience) {
this.audience = audience;
return this;
}
/** Returns the seconds of time skew to accept when verifying time. */
public final long getAcceptableTimeSkewSeconds() {
return acceptableTimeSkewSeconds;
}
/**
* Sets the seconds of time skew to accept when verifying time (default is {@link
* #DEFAULT_TIME_SKEW_SECONDS}).
*
* It must be greater or equal to zero.
*
*
Overriding is only supported for the purpose of calling the super implementation and
* changing the return type, but nothing else.
*/
public Builder setAcceptableTimeSkewSeconds(long acceptableTimeSkewSeconds) {
Preconditions.checkArgument(acceptableTimeSkewSeconds >= 0);
this.acceptableTimeSkewSeconds = acceptableTimeSkewSeconds;
return this;
}
}
}