Examples with Claim com.auth0.android.jwt.Claim used on opensource projects

Example 91 with Claim

use of com.auth0.android.jwt.Claim in project opencast by opencast.

the class JWTVerifier method verify.

/**
 * Verifies a given decoded JWT with the given claim constraints and algorithms. The verification has to be
 * successful with at least one provided algorithm. Otherwise a {@link JWTVerificationException} is thrown.
 *
 * @param jwt The decoded JWT.
 * @param claimConstraints The claim constraints.
 * @param algorithms The algorithms.
 * @return The decoded and verified JWT.
 * @throws JWTVerificationException If the JWT cannot be verified successfully.
 */
public static DecodedJWT verify(DecodedJWT jwt, List<String> claimConstraints, Algorithm... algorithms) throws JWTVerificationException {
    Assert.notNull(jwt, "A decoded JWT must be set");
    Assert.notEmpty(claimConstraints, "Claim constraints must be set");
    Assert.notEmpty(algorithms, "Algorithms must be set");
    Assert.isTrue(algorithmsMatch(algorithms), "Algorithms must be of same class");
    boolean verified = false;
    Exception lastException = new JWTVerificationException("JWT could not be verified");
    for (Algorithm algorithm : algorithms) {
        try {
            // General verification
            JWT.require(algorithm).build().verify(jwt);
            // Claim constraints verification
            ExpressionParser parser = new SpelExpressionParser();
            for (String constraint : claimConstraints) {
                Expression exp = parser.parseExpression(constraint);
                if (!exp.getValue(jwt.getClaims(), Boolean.class)) {
                    throw new JWTVerificationException("The claims did not fulfill constraint '" + constraint + "'");
                }
            }
            // Verification was successful if no exception has been thrown
            verified = true;
            break;
        } catch (JWTVerificationException | EvaluationException | ParseException e) {
            // Ignore for now and try next algorithm
            lastException = e;
        }
    }
    // If verification was not successful until here, throw last known exception
    if (!verified) {
        throw new JWTVerificationException(lastException.getMessage());
    }
    return jwt;
}

Example 92 with Claim

use of com.auth0.android.jwt.Claim in project opencast by opencast.

the class JWTVerifier method verify.

/**
 * Verifies a given JWT string with a given JWK provider and given claim constraints.
 *
 * @param token The JWT string.
 * @param provider The JWK provider.
 * @param claimConstraints The claim constraints.
 * @return The decoded and verified JWT.
 * @throws JwkException If the JWT cannot be verified successfully.
 */
public static DecodedJWT verify(String token, GuavaCachedUrlJwkProvider provider, List<String> claimConstraints) throws JwkException {
    Assert.notNull(token, "A token must be set");
    Assert.notNull(provider, "A JWKS provider must be set");
    DecodedJWT jwt = JWT.decode(token);
    // First try with cache...
    List<Algorithm> algorithms = provider.getAlgorithms(jwt, false);
    try {
        return verify(jwt, claimConstraints, algorithms);
    } catch (JWTVerificationException e) {
        // ...then try again with forced fetch
        // (recommended by e.g. https://openid.net/specs/openid-connect-core-1_0.html#RotateSigKeys)
        algorithms = provider.getAlgorithms(jwt, true);
        return verify(jwt, claimConstraints, algorithms);
    }
}

Example 93 with Claim

use of com.auth0.android.jwt.Claim in project cadence-client by uber-java.

the class AdminJwtAuthorizationProviderTest method testCreateAuthToken.

@Test
public void testCreateAuthToken() throws NoSuchAlgorithmException, InvalidKeySpecException {
    Base64 b64 = new Base64();
    byte[] decodedPub = b64.decode(testPublicKey.getBytes(StandardCharsets.UTF_8));
    byte[] decodedPri = b64.decode(testPrivateKey.getBytes(StandardCharsets.UTF_8));
    KeyFactory rsaKeyFactory = KeyFactory.getInstance("RSA");
    final RSAPublicKey rsaPublicKey = (RSAPublicKey) rsaKeyFactory.generatePublic(new X509EncodedKeySpec(decodedPub));
    final RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) rsaKeyFactory.generatePrivate(new PKCS8EncodedKeySpec(decodedPri));
    final AdminJwtAuthorizationProvider authProvider = new AdminJwtAuthorizationProvider(rsaPublicKey, rsaPrivateKey);
    final String jwt = new String(authProvider.getAuthToken(), StandardCharsets.UTF_8);
    final DecodedJWT decodedJwt = JWT.decode(jwt);
    final Claim adminClaim = decodedJwt.getClaim("admin");
    assertTrue(adminClaim.asBoolean());
    final Claim ttlClaim = decodedJwt.getClaim("ttl");
    assertEquals((int) (60 * 10), (int) ttlClaim.asInt());
}

Example 94 with Claim

use of com.auth0.android.jwt.Claim in project structr by structr.

the class JWTHelper method validateTokenWithSecret.

private static Map<String, Claim> validateTokenWithSecret(String token, String secret) {
    try {
        Algorithm alg = Algorithm.HMAC256(secret.getBytes(StandardCharsets.UTF_8));
        JWTVerifier verifier = JWT.require(alg).build();
        DecodedJWT decodedJWT = verifier.verify(token);
        return decodedJWT.getClaims();
    } catch (JWTVerificationException e) {
        logger.debug("Invalid token", e);
    }
    return null;
}

Example 95 with Claim

use of com.auth0.android.jwt.Claim in project structr by structr.

the class JWTHelper method validateTokenWithKeystore.

private static Map<String, Claim> validateTokenWithKeystore(String token, Algorithm alg) {
    try {
        JWTVerifier verifier = JWT.require(alg).build();
        DecodedJWT decodedJWT = verifier.verify(token);
        return decodedJWT.getClaims();
    } catch (JWTVerificationException e) {
        logger.debug("Invalid token", e);
    }
    return null;
}