com.sap.cloud.security.token

Interface Token

All Superinterfaces:

Serializable

All Known Subinterfaces:

AccessToken

public interface Token
extends Serializable

Represents a JSON Web Token (JWT).

Field Summary

Fields

Modifier and Type	Field and Description
static List<TokenFactory>	services

Method Summary

Modifier and Type	Method and Description
static Token	create(String jwt) Creates a token instance based on TokenFactory implementation.
default String	getAttributeFromClaimAsString(String claimName, String attributeName) Returns the String value of a claim attribute.
default List<String>	getAttributeFromClaimAsStringList(String claimName, String attributeName) Returns the String list of a claim attribute.
Set<String>	getAudiences() Returns the (empty) list of audiences the token is issued for.
JsonObject	getClaimAsJsonObject(String claimName) Extracts the value of the given as a JsonObject.
String	getClaimAsString(String claimName) Extracts the value as string for the given claim.
List<String>	getClaimAsStringList(String claimName) Extracts the value as a list of strings for the given claim.
default Map<String,Object>	getClaims() Returns the jwt claim set.
String	getClientId() Returns the OAuth2 client identifier of the authentication token if present.
Instant	getExpiration() Returns the moment in time when the token will be expired.
default GrantType	getGrantType() Returns the grant type of the jwt token.
String	getHeaderParameterAsString(String headerName) Returns the header parameter value as string for the given header parameter name.
default Map<String,Object>	getHeaders() Returns the header(s).
Instant	getNotBefore() Returns the moment in time before which the token must not be accepted.
Principal	getPrincipal() Returns a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id.
Service	getService() Returns the identity service, the token is issued by.
String	getTokenValue() Get the encoded jwt token, e.g.
String	getZoneId() Returns the Zone identifier, which can be used as tenant discriminator (tenant guid).
boolean	hasClaim(String claimName) Checks whether the token contains a given claim.
boolean	hasHeaderParameter(String headerName) Checks whether the token contains a given header parameter.
boolean	isExpired() Returns true if the token is expired.

Field Detail

services

static final List<TokenFactory> services

Method Detail

create

static Token create(String jwt)

Creates a token instance based on TokenFactory implementation.

Parameters:

jwt - encoded JWT token

Returns:

token instance

getHeaderParameterAsString

@Nullable
String getHeaderParameterAsString(@Nonnull
                                            String headerName)

Returns the header parameter value as string for the given header parameter name.

Parameters:

headerName - the name of the header parameter as defined here TokenHeader

Returns:

the value for the given header name or null, if the header is not provided.

hasHeaderParameter

boolean hasHeaderParameter(@Nonnull
                           String headerName)

Checks whether the token contains a given header parameter.

Parameters:

headerName - the name of the header parameter as defined here TokenHeader

Returns:

true when the given header name is found.

hasClaim

boolean hasClaim(@Nonnull
                 String claimName)

Checks whether the token contains a given claim.

Parameters:

claimName - the name of the claim as defined here TokenClaims.

Returns:

true when the claim with the given name is found.

getClaimAsString

@Nullable
String getClaimAsString(@Nonnull
                                  String claimName)

Extracts the value as string for the given claim. If the claim is not found, it will return null. If the given claim is not a string, it will throw a JsonParsingException.

Parameters:

claimName - the name of the claim as defined here TokenClaims.

Returns:

the corresponding string value of the given claim or null.

Throws:

JsonParsingException - if the json object identified by the given claim is not a string.

getClaimAsStringList

List<String> getClaimAsStringList(@Nonnull
                                  String claimName)

Extracts the value as a list of strings for the given claim. If the claim is not found, it will return null. If the given claim is not a list of strings, it will throw a JsonParsingException.

Parameters:

claimName - the name of the claim as defined here TokenClaims.

Returns:

the data of the given claim as a list of strings or an empty list.

getClaimAsJsonObject

@Nullable
JsonObject getClaimAsJsonObject(@Nonnull
                                          String claimName)

Extracts the value of the given as a JsonObject. Use this to extract nested objects. If the claim is not found, it will return null. If the vale for the given claim is not an object, it will throw a JsonParsingException.

Parameters:

claimName - the name of the claim for which the object should be extracted.

Returns:

the corresponding JsonObject for the given claim.

getExpiration

@Nullable
Instant getExpiration()

Returns the moment in time when the token will be expired.

Returns:

the expiration point in time if present.

isExpired

boolean isExpired()

Returns true if the token is expired.

Returns:

true if the token is expired.

getNotBefore

@Nullable
Instant getNotBefore()

Returns the moment in time before which the token must not be accepted.

Returns:

the not before point in time if present.

getTokenValue

String getTokenValue()

Get the encoded jwt token, e.g. for token forwarding to another app.

Never expose this token via log or via HTTP.

Returns:

the encoded token.

getPrincipal

Principal getPrincipal()

Returns a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id.

Returns:

the principal or null if not yet implemented.

getService

Service getService()

Returns the identity service, the token is issued by.

Returns:

the service.

getAudiences

Set<String> getAudiences()

Returns the (empty) list of audiences the token is issued for.

Returns:

the audiences.

getZoneId

String getZoneId()

Returns the Zone identifier, which can be used as tenant discriminator (tenant guid).

Returns:

the unique Zone identifier.

getClientId

String getClientId()

Returns the OAuth2 client identifier of the authentication token if present. Following OpenID Connect 1.0 standard specifications, client identifier is obtained from "azp" claim if present or when "azp" is not present from "aud" claim, but only in case there is one audience.

Returns:

the OAuth client ID.

getGrantType

@Nullable
default GrantType getGrantType()

Returns the grant type of the jwt token.

Returns:

the grant type

getHeaders

default Map<String,Object> getHeaders()

Returns the header(s).

Returns:

a Map of the header(s)

getClaims

default Map<String,Object> getClaims()

Returns the jwt claim set.

Returns:

a Map of the jwt claim set

getAttributeFromClaimAsString

@Nullable
default String getAttributeFromClaimAsString(String claimName,
                                                       String attributeName)

Returns the String value of a claim attribute.
"claimName": { "attributeName": "attributeValueAsString" },

Example:
import static com.sap.cloud.security.token.TokenClaims.XSUAA.*; token.getAttributeFromClaimAsString(EXTERNAL_ATTRIBUTE, EXTERNAL_ATTRIBUTE_SUBACCOUNTID);

Returns:

the String value of a claim attribute or null if claim or its attribute does not exist.

getAttributeFromClaimAsStringList

@Nullable
default List<String> getAttributeFromClaimAsStringList(String claimName,
                                                                 String attributeName)

Returns the String list of a claim attribute.
"claimName": { "attributeName": ["attributeValueAsString", "attributeValue2AsString"] },

Example:
import static com.sap.cloud.security.token.TokenClaims.XSUAA.*; token.getAttributeFromClaimAsString(XS_USER_ATTRIBUTES, "custom_role");

Returns:

the String value of a claim attribute or null if claim or its attribute does not exist.