Package com.sap.cloud.security.token

Interface Token

    • Method Detail

      • create

        static Token create​(String jwt)
        Creates a token instance based on TokenFactory implementation.
        Parameters:
        jwt - encoded JWT token
        Returns:
        token instance

      • getHeaderParameterAsString

        @Nullable
String getHeaderParameterAsString​(@Nonnull
                                  String headerName)
        Returns the header parameter value as string for the given header parameter name.
        Parameters:
        headerName - the name of the header parameter as defined here TokenHeader
        Returns:
        the value for the given header name or null, if the header is not provided.

      • hasHeaderParameter

        boolean hasHeaderParameter​(@Nonnull
                           String headerName)
        Checks whether the token contains a given header parameter.
        Parameters:
        headerName - the name of the header parameter as defined here TokenHeader
        Returns:
        true when the given header name is found.

      • hasClaim

        boolean hasClaim​(@Nonnull
                 String claimName)
        Checks whether the token contains a given claim.
        Parameters:
        claimName - the name of the claim as defined here TokenClaims.
        Returns:
        true when the claim with the given name is found.

      • getClaimAsString

        @Nullable
String getClaimAsString​(@Nonnull
                        String claimName)
        Extracts the value as string for the given claim. If the claim is not found, it will return null. If the given claim is not a string, it will throw a JsonParsingException.
        Parameters:
        claimName - the name of the claim as defined here TokenClaims.
        Returns:
        the corresponding string value of the given claim or null.
        Throws:
        JsonParsingException - if the json object identified by the given claim is not a string.

      • getClaimAsStringList

        @Nonnull
List<String> getClaimAsStringList​(@Nonnull
                                  String claimName)
        Extracts the value as a list of strings for the given claim. If the claim is not found, it will return null. If the given claim is not a list of strings, it will throw a JsonParsingException.
        Parameters:
        claimName - the name of the claim as defined here TokenClaims.
        Returns:
        the data of the given claim as a list of strings or an empty list.

      • getClaimAsJsonObject

        @Nullable
JsonObject getClaimAsJsonObject​(@Nonnull
                                String claimName)
        Extracts the value of the given as a JsonObject. Use this to extract nested objects. If the claim is not found, it will return null. If the vale for the given claim is not an object, it will throw a JsonParsingException.
        Parameters:
        claimName - the name of the claim for which the object should be extracted.
        Returns:
        the corresponding JsonObject for the given claim.

      • getExpiration

        @Nullable
Instant getExpiration()
        Returns the moment in time when the token will be expired.
        Returns:
        the expiration point in time if present.

      • isExpired

        boolean isExpired()
        Returns true if the token is expired.
        Returns:
        true if the token is expired.

      • getNotBefore

        @Nullable
Instant getNotBefore()
        Returns the moment in time before which the token must not be accepted.
        Returns:
        the not before point in time if present.

      • getTokenValue

        String getTokenValue()
        Get the encoded jwt token, e.g. for token forwarding to another app.

        Never expose this token via log or via HTTP.

        Returns:
        the encoded token.

      • getPrincipal

        Principal getPrincipal()
        Returns a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id.
        Returns:
        the principal or null if not yet implemented.

      • getService

        Service getService()
        Returns the identity service, the token is issued by.
        Returns:
        the service.

      • getAudiences

        default Set<String> getAudiences()
        Returns the (empty) list of audiences the token is issued for.
        Returns:
        the audiences.

      • getZoneId

        String getZoneId()
        Returns the Zone identifier, which can be used as tenant discriminator (tenant guid).
        Returns:
        the unique Zone identifier.

      • getClientId

        default String getClientId()
        Returns the OAuth2 client identifier of the authentication token if present. Following OpenID Connect 1.0 standard specifications, client identifier is obtained from "azp" claim if present or when "azp" is not present from "aud" claim, but only in case there is one audience.
        Returns:
        the OAuth client ID.
        See Also:
        https://openid.net/specs/openid-connect-core-1_0.html

      • getIssuer

        default String getIssuer()
        Returns the identifier for the Issuer of the token. Its a URL that contains scheme, host, and optionally, port number and path components but no query or fragment components. This one is validated in the JwtIssuerValidator and used as base url to discover jwks_uri endpoint for downloading the token keys.
        Returns:
        the issuer.

      • getGrantType

        @Nullable
default GrantType getGrantType()
        Returns the grant type of the jwt token.
        Returns:
        the grant type

      • getHeaders

        default Map<String,​Object> getHeaders()
        Returns the header(s).
        Returns:
        a Map of the header(s)

      • getClaims

        default Map<String,​Object> getClaims()
        Returns the jwt claim set.
        Returns:
        a Map of the jwt claim set

      • getAttributeFromClaimAsString

        @Nullable
default String getAttributeFromClaimAsString​(String claimName,
                                             String attributeName)
        Returns the String value of a claim attribute.
        "claimName": { "attributeName": "attributeValueAsString" },

        Example:
        import static com.sap.cloud.security.token.TokenClaims.XSUAA.*; token.getAttributeFromClaimAsString(EXTERNAL_ATTRIBUTE, EXTERNAL_ATTRIBUTE_SUBACCOUNTID);
        Returns:
        the String value of a claim attribute or null if claim or its attribute does not exist.

      • getAttributeFromClaimAsStringList

        default List<String> getAttributeFromClaimAsStringList​(String claimName,
                                                       String attributeName)
        Returns the String list of a claim attribute.
        "claimName": { "attributeName": ["attributeValueAsString", "attributeValue2AsString"] },

        Example:
        import static com.sap.cloud.security.token.TokenClaims.XSUAA.*; token.getAttributeFromClaimAsString(XS_USER_ATTRIBUTES, "custom_role");
        Returns:
        the String value of a claim attribute or empty List if claim or its attribute does not exist.