Package io.smallrye.jwt.build

Interface JwtClaimsBuilder

  • All Superinterfaces:
    JwtSignature
    public interface JwtClaimsBuilder
extends JwtSignature
    JWT Claims Builder.

    JwtClaimsBuilder implementations must set the 'iat' (issued at time), 'exp' (expiration time) and 'jti' (unique token identifier) claims unless they have already been set. JwtClaimsBuilder must ensure a 'jti' claim value is unique when the same builder is used for building more than one token.

    By default the 'iat' claim is set to the current time in seconds and the 'exp' claim is set by adding a default token lifespan value of 5 minutes to the 'iat' claim value. The 'smallrye.jwt.new-token.lifespan' property can be used to customize a new token lifespan and its 'exp' claim values.

    The 'iss' (issuer) claim must be set if it has not already been set and the 'smallrye.jwt.new-token.issuer' property is set. The 'aud' (audience) claim must be set if it has not already been set and the 'smallrye.jwt.new-token.audience' property is set.

    Note that 'smallrye.jwt.new-token.issuer' and 'smallrye.jwt.new-token.audience' property values, if set, will override the existing `iss` and `aud` claim values if the 'smallrye.jwt.new-token.override-matching-claims' is set to 'true'. For example, it can be useful when propagating a JWT token whose 'issuer' and/or `audience` properties have to be updated without using this interface.

    Note that JwtClaimsBuilder implementations are not expected to be thread-safe.

    See Also:
    RFC7515

    • Method Detail

      • issuer

        JwtClaimsBuilder issuer​(String issuer)
        Set an issuer 'iss' claim
        Parameters:
        issuer - the issuer
        Returns:
        JwtClaimsBuilder

      • subject

        JwtClaimsBuilder subject​(String subject)
        Set a subject 'sub' claim
        Parameters:
        subject - the subject
        Returns:
        JwtClaimsBuilder

      • upn

        JwtClaimsBuilder upn​(String upn)
        Set a 'upn' claim
        Parameters:
        upn - the upn
        Returns:
        JwtClaimsBuilder

      • preferredUserName

        JwtClaimsBuilder preferredUserName​(String preferredUserName)
        Set a preferred user name 'preferred_username' claim
        Parameters:
        preferredUserName - the preferred user name
        Returns:
        JwtClaimsBuilder

      • issuedAt

        JwtClaimsBuilder issuedAt​(long issuedAt)
        Set an issuedAt 'iat' claim
        Parameters:
        issuedAt - the issuedAt time in seconds
        Returns:
        JwtClaimsBuilder

      • issuedAt

        default JwtClaimsBuilder issuedAt​(Instant issuedAt)
        Set an issuedAt 'iat' claim
        Parameters:
        issuedAt - the issuedAt time in seconds
        Returns:
        JwtClaimsBuilder

      • expiresAt

        JwtClaimsBuilder expiresAt​(long expiresAt)
        Set an expiry 'exp' claim
        Parameters:
        expiresAt - the absolute expiry time in seconds
        Returns:
        JwtClaimsBuilder

      • expiresAt

        default JwtClaimsBuilder expiresAt​(Instant expiresAt)
        Set an expiry 'exp' claim
        Parameters:
        expiresAt - the absolute expiry time in seconds
        Returns:
        JwtClaimsBuilder

      • expiresIn

        JwtClaimsBuilder expiresIn​(long expiresIn)
        Set a relative expiry time.
        Parameters:
        expiresIn - the relative expiry time in seconds which will be added to the 'iat' (issued at) claim value to calculate the value of the 'exp' (expires at) claim.
        Returns:
        JwtClaimsBuilder

      • expiresIn

        default JwtClaimsBuilder expiresIn​(Duration expiresIn)
        Set a relative expiry time.
        Parameters:
        expiresIn - the relative expiry time in seconds which will be added to the 'iat' (issued at) claim value to calculate the value of the 'exp' (expires at) claim.
        Returns:
        JwtClaimsBuilder

      • groups

        JwtClaimsBuilder groups​(String group)
        Set a single value 'groups' claim
        Parameters:
        group - the groups
        Returns:
        JwtClaimsBuilder

      • groups

        JwtClaimsBuilder groups​(Set<String> groups)
        Set a multiple value 'groups' claim
        Parameters:
        groups - the groups
        Returns:
        JwtClaimsBuilder

      • audience

        JwtClaimsBuilder audience​(String audience)
        Set a single value audience 'aud' claim
        Parameters:
        audience - the audience
        Returns:
        JwtClaimsBuilder

      • audience

        JwtClaimsBuilder audience​(Set<String> audiences)
        Set a multiple value audience 'aud' claim
        Parameters:
        audiences - the audiences
        Returns:
        JwtClaimsBuilder

      • claim

        default JwtClaimsBuilder claim​(org.eclipse.microprofile.jwt.Claims name,
                               Object value)
        Set a claim. Simple claim value are converted to String unless it is an instance of Boolean, Number or Instant. Instant values have their number of seconds from the epoch converted to long. Array claims can be set as Collection or JsonArray and complex claims can be set as Map or JsonObject. The members of the array claims can be complex claims. Types of claims directly supported by this builder are enforced. The 'iss' (issuer), 'sub' (subject), 'upn', 'preferred_username' and 'jti' (token identifier) claims must be of String type. The 'aud' (audience) and 'groups' claims must be either of String or Collection of String type. The 'iat' (issued at) and 'exp' (expires at) claims must be either of long or Instant type.
        Parameters:
        name - the claim name
        value - the claim value
        Returns:
        JwtClaimsBuilder
        Throws:
        IllegalArgumentException - - if the type of the claim directly supported by this builder is wrong

      • claim

        JwtClaimsBuilder claim​(String name,
                       Object value)
        Set a claim. Simple claim value are converted to String unless it is an instance of Boolean, Number or Instant. Instant values have their number of seconds from the epoch converted to long. Array claims can be set as Collection or JsonArray, complex claims can be set as Map or JsonObject. The members of the array claims can be complex claims. Types of the claims directly supported by this builder are enforced. The 'iss' (issuer), 'sub' (subject), 'upn', 'preferred_username' and 'jti' (token identifier) claims must be of String type. The 'aud' (audience) and 'groups' claims must be either of String or Collection of String type. The 'iat' (issued at) and 'exp' (expires at) claims must be either of long or Instant type.
        Parameters:
        name - the claim name
        value - the claim value
        Returns:
        JwtClaimsBuilder
        Throws:
        IllegalArgumentException - - if the type of the claim directly supported by this builder is wrong

      • remove

        JwtClaimsBuilder remove​(String name)
        Remove a claim.
        Parameters:
        name - the claim name
        Returns:
        JwtClaimsBuilder