IdToken (google-oauth-client 1.35.0)

java.lang.Object
- com.google.api.client.json.webtoken.JsonWebToken
- - com.google.api.client.json.webtoken.JsonWebSignature
  - - com.google.api.client.auth.openidconnect.IdToken

```
@Beta
public class IdToken
extends com.google.api.client.json.webtoken.JsonWebSignature
```
Beta
ID token as described in ID Token.
Use parse(JsonFactory, String) to parse an ID token from a string. Then, use the verify methods to verify the ID token as required by the specification.
Implementation is not thread-safe.

Since:

1.14

Author:

Yaniv Inbar

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class IdToken.Payload
Beta
ID token payload.
- Nested classes/interfaces inherited from class com.google.api.client.json.webtoken.JsonWebSignature
  com.google.api.client.json.webtoken.JsonWebSignature.Header, com.google.api.client.json.webtoken.JsonWebSignature.Parser

Nested Classes
Modifier and Type	Class and Description
`static class`	`IdToken.Payload` `Beta` ID token payload.

Constructor Summary

Constructors
Constructor and Description
`IdToken(com.google.api.client.json.webtoken.JsonWebSignature.Header header, IdToken.Payload payload, byte[] signatureBytes, byte[] signedContentBytes)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`IdToken.Payload`	`getPayload()`
`static IdToken`	`parse(com.google.api.client.json.JsonFactory jsonFactory, String idTokenString)` Parses the given ID token string and returns the parsed ID token.
`boolean`	`verifyAudience(Collection<String> trustedClientIds)` Returns whether the audience in the payload contains only client IDs that are trusted as specified in step 2 of ID Token Validation.
`boolean`	`verifyExpirationTime(long currentTimeMillis, long acceptableTimeSkewSeconds)` Returns whether the `JsonWebToken.Payload.getExpirationTimeSeconds()` is valid relative to the current time, allowing for a clock skew as specified in step 5 of ID Token Validation.
`boolean`	`verifyIssuedAtTime(long currentTimeMillis, long acceptableTimeSkewSeconds)` Returns whether the `JsonWebToken.Payload.getIssuedAtTimeSeconds()` is valid relative to the current time, allowing for a clock skew as specified in step 6 of ID Token Validation.
`boolean`	`verifyIssuer(Collection<String> expectedIssuer)` Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.
`boolean`	`verifyIssuer(String expectedIssuer)` Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.
`boolean`	`verifyTime(long currentTimeMillis, long acceptableTimeSkewSeconds)` Returns whether the `JsonWebToken.Payload.getExpirationTimeSeconds()` and `JsonWebToken.Payload.getIssuedAtTimeSeconds()` are valid relative to the current time, allowing for a clock skew as specified in steps 5 and 6 of ID Token Validation.

Methods inherited from class com.google.api.client.json.webtoken.JsonWebSignature
getHeader, getSignatureBytes, getSignedContentBytes, parser, signUsingRsaSha256, verifySignature, verifySignature, verifySignature

Methods inherited from class com.google.api.client.json.webtoken.JsonWebToken
toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - IdToken
```
public IdToken(com.google.api.client.json.webtoken.JsonWebSignature.Header header,
               IdToken.Payload payload,
               byte[] signatureBytes,
               byte[] signedContentBytes)
```
    Parameters:
    
    header - header
    
    payload - payload
    
    signatureBytes - bytes of the signature
    
    signedContentBytes - bytes of the signature content
- Method Detail
  - getPayload
```
public IdToken.Payload getPayload()
```
    Overrides:
    
    getPayload in class com.google.api.client.json.webtoken.JsonWebToken
  - verifyIssuer
```
public final boolean verifyIssuer(String expectedIssuer)
```
    Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation.
    
    Parameters:
    
    expectedIssuer - expected issuer
  - verifyIssuer
```
public final boolean verifyIssuer(Collection<String> expectedIssuer)
```
    Returns whether the issuer in the payload matches the given expected issuer as specified in step 1 of ID Token Validation. When an issuer is migrating to a new issuer string the expected issuer has multiple aliases, so multiple are permitted here.
    
    Since:
    
    1.21.0
  - verifyAudience
```
public final boolean verifyAudience(Collection<String> trustedClientIds)
```
    Returns whether the audience in the payload contains only client IDs that are trusted as specified in step 2 of ID Token Validation.
    
    Parameters:
    
    trustedClientIds - list of trusted client IDs
  - verifyTime
```
public final boolean verifyTime(long currentTimeMillis,
                                long acceptableTimeSkewSeconds)
```
    Returns whether the JsonWebToken.Payload.getExpirationTimeSeconds() and JsonWebToken.Payload.getIssuedAtTimeSeconds() are valid relative to the current time, allowing for a clock skew as specified in steps 5 and 6 of ID Token Validation.
    
    Parameters:
    
    currentTimeMillis - current time in milliseconds (typically System.currentTimeMillis())
    
    acceptableTimeSkewSeconds - seconds of acceptable clock skew
  - verifyExpirationTime
```
public final boolean verifyExpirationTime(long currentTimeMillis,
                                          long acceptableTimeSkewSeconds)
```
    Returns whether the JsonWebToken.Payload.getExpirationTimeSeconds() is valid relative to the current time, allowing for a clock skew as specified in step 5 of ID Token Validation.
    
    Parameters:
    
    currentTimeMillis - current time in milliseconds (typically System.currentTimeMillis())
    
    acceptableTimeSkewSeconds - seconds of acceptable clock skew
  - verifyIssuedAtTime
```
public final boolean verifyIssuedAtTime(long currentTimeMillis,
                                        long acceptableTimeSkewSeconds)
```
    Returns whether the JsonWebToken.Payload.getIssuedAtTimeSeconds() is valid relative to the current time, allowing for a clock skew as specified in step 6 of ID Token Validation.
    
    Parameters:
    
    currentTimeMillis - current time in milliseconds (typically System.currentTimeMillis())
    
    acceptableTimeSkewSeconds - seconds of acceptable clock skew
  - parse
```
public static IdToken parse(com.google.api.client.json.JsonFactory jsonFactory,
                            String idTokenString)
                     throws IOException
```
    Parses the given ID token string and returns the parsed ID token.
    
    Parameters:
    
    jsonFactory - JSON factory
    
    idTokenString - ID token string
    
    Returns:
    
    parsed ID token
    
    Throws:
    
    IOException

Class IdToken

Nested Class Summary

Nested classes/interfaces inherited from class com.google.api.client.json.webtoken.JsonWebSignature

Constructor Summary

Method Summary

Methods inherited from class com.google.api.client.json.webtoken.JsonWebSignature

Methods inherited from class com.google.api.client.json.webtoken.JsonWebToken

Methods inherited from class java.lang.Object

Constructor Detail

IdToken

Method Detail

getPayload

verifyIssuer

verifyIssuer

verifyAudience

verifyTime

verifyExpirationTime

verifyIssuedAtTime

parse