JwtClaims claims = jwtConsumer.processToClaims(token);
JwtConsumer jwtConsumer = new JwtConsumer(); jwtConsumer.setValidators(validators); jwtConsumer.setVerificationKeyResolver(verificationKeyResolver); jwtConsumer.setDecryptionKeyResolver(decryptionKeyResolver); jwtConsumer.setJwsAlgorithmConstraints(jwsAlgorithmConstraints); jwtConsumer.setJweAlgorithmConstraints(jweAlgorithmConstraints); jwtConsumer.setJweContentEncryptionAlgorithmConstraints(jweContentEncryptionAlgorithmConstraints); jwtConsumer.setRequireSignature(requireSignature); jwtConsumer.setRequireEncryption(requireEncryption); jwtConsumer.setRequireIntegrity(requireIntegrity); jwtConsumer.setLiberalContentTypeHandling(liberalContentTypeHandling); jwtConsumer.setSkipSignatureVerification(skipSignatureVerification); jwtConsumer.setSkipVerificationKeyResolutionOnNone(skipVerificationKeyResolutionOnNone); jwtConsumer.setRelaxVerificationKeyValidation(relaxVerificationKeyValidation); jwtConsumer.setRelaxDecryptionKeyValidation(relaxDecryptionKeyValidation); jwtConsumer.setJwsCustomizer(jwsCustomizer); jwtConsumer.setJweCustomizer(jweCustomizer); jwtConsumer.setJwsProviderContext(jwsProviderContext); jwtConsumer.setJweProviderContext(jweProviderContext);
jwtContext = firstPassJwtConsumer.process(token); } catch (InvalidJwtException e) { throw new UnauthorizedException(e.getMessage()); try { jwtClaims = jwtConsumer.processToClaims(token); } catch (InvalidJwtException e) { throw new UnauthorizedException(e.getMessage());
final JwtContext jwtContext = jwtConsumer.process(token); final String type = jwtContext.getJoseObjects().get(0).getHeader("typ"); jwtConsumer.processContext(jwtContext); JwtClaims claimsSet = jwtContext.getJwtClaims();
if (isNestedJwt(joseObject)) processContext(jwtContext); return jwtContext;
JwtContext jwtContext = jwtConsumer.process(token); String type = jwtContext.getJoseObjects().get(0).getHeader("typ"); jwtConsumer.processContext(jwtContext); JwtClaims claimsSet = jwtContext.getJwtClaims();
public Map<String, Object> verify(String token) { try { final JwtClaims claims = consumer.processToClaims(token); return claims.getClaimsMap(); } catch (InvalidJwtException e) { throw new RuntimeException("Error parsing JWT!", e); } } }
private JwtContext verifyToken(String rawToken) throws InvalidJwtException { return consumer.process(rawToken); }
String jwt = "eyJhbGciOiJIUzI1NiJ9" + ".eyJzdWIiOiIxMjM0NTY3ODkwIiwiZXhwIjoxNDUzODE0NjA0LCJuYW1lIjoiSm9obiBEb2UifQ" + ".IXcDDLXEpGN9Po5C-Mz88jUCNYrHxu6TVJLavf0NgT8"; JwtConsumer consumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); JwtClaims claims = consumer.processToClaims(jwt); NumericDate expirationTime = claims.getExpirationTime(); if (NumericDate.now().isAfter(expirationTime)) { System.out.println("Token expired at " + expirationTime); } else { System.out.println("Token is still good until " + expirationTime); }
private JwtContext verifyToken(String rawToken) throws InvalidJwtException { return consumer.process(rawToken); }
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setVerificationKey(pk) .setRequireExpirationTime() .setExpectedAudience("https://citrixp.com:8443/") .setExpectedIssuer("https://sts.windows.net/dd9b6a3e-29d1-4254-a746-e02941444517/") .build(); JwtClaims claims = jwtConsumer.processToClaims(data + "." + signedData); System.out.println("Subject: " + claims.getSubject()); System.out.println("UPN: " + claims.getStringClaimValue("upn")); // or whatever, etc....
public JwtContext process(final String jwt) throws InvalidJwtException { lastUsed = Instant.now(); return consumer.process(jwt); }
/** * Load the credentials for the specified access token. * * @param accessToken The access token value. * @return The authentication for the access token. * @throws AuthenticationException If the access token is expired * @throws InvalidTokenException if the token isn't valid */ @Override public OAuth2Authentication loadAuthentication(final String accessToken) throws AuthenticationException, InvalidTokenException { final long start = System.nanoTime(); try { final JwtClaims claims = this.jwtConsumer.processToClaims(accessToken); log.debug("Ping Federate JWT Claims: {}", claims); return new OAuth2Authentication(this.getOAuth2Request(claims), null); } catch (final InvalidJwtException | MalformedClaimException e) { throw new InvalidTokenException(e.getMessage(), e); } finally { this.loadAuthenticationTimer.record(System.nanoTime() - start, TimeUnit.NANOSECONDS); } }
public JwtClaims processToClaims(String jwt) throws InvalidJwtException { return process(jwt).getJwtClaims(); }
protected JsonWebToken verify(JwtConsumerBuilder builder, String jwt) { try { JwtClaims claims = builder.build().processToClaims(jwt); return new JsonWebToken(claims); } catch (InvalidJwtException e) { throw new SecurityException(e); } } }
private static URI extractIssuer(final String jwt) throws InvalidJwtException, MalformedClaimException { // Parse JWT without validation final JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); final JwtContext jwtContext = jwtConsumer.process(jwt); // Resolve Json Web Key Set URI by the issuer String issuer = jwtContext.getJwtClaims().getIssuer(); if (issuer.endsWith("/")) { issuer = issuer.substring(0, issuer.length() - 1); } return URI.create(issuer); }
JwtClaims jwtDecoded = jwtConsumer.processToClaims(jwt); String username = jwtDecoded.getStringClaimValue("username"); // "MChambe4"
public static Map<String, Object> verifyJwt(String jwt) throws InvalidJwtException, MalformedClaimException { Map<String, Object> user = null; X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(certificate); x509VerificationKeyResolver.setTryAllOnNoThumbHeader(true); JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() // the JWT must have an expiration time .setAllowedClockSkewInSeconds((Integer) config.get(CLOCK_SKEW_IN_MINUTE)*60) // allow some leeway in validating time based claims to account for clock skew .setRequireSubject() // the JWT must have a subject claim .setExpectedIssuer(issuer) .setExpectedAudience(audience) .setVerificationKeyResolver(x509VerificationKeyResolver) // verify the signature with the certificates .build(); // create the JwtConsumer instance // Validate the JWT and process it to the Claims JwtClaims claims = jwtConsumer.processToClaims(jwt); if(claims != null) { user = new HashMap<String, Object>(); user.put("userId", claims.getClaimValue("userId")); user.put("clientId", claims.getClaimValue("clientId")); List roles = claims.getStringListClaimValue("roles"); user.put("roles", roles); Object host = claims.getClaimValue("host"); if(host != null) user.put("host", host); } return user; } }