com.atlassian.asap.core.validator

Interface JwtValidator

All Known Implementing Classes:

JwtValidatorImpl

public interface JwtValidator

Interface for parsing, verifying and validating a Jwt token.

Method Summary

Modifier and Type	Method and Description
Optional<String>	determineUnverifiedIssuer(String serializedJwt) Extracts the issuer, if at all possible, from the claims section by parsing the given serialized JWT.
Jwt	readAndValidate(String serializedJwt) Parses the encoded JWT message from String, verifies its signature, validates its claims and on success returns the decoded Jwt.

Method Detail

readAndValidate

Jwt readAndValidate(String serializedJwt)
             throws InvalidTokenException,
                    CannotRetrieveKeyException

Parses the encoded JWT message from String, verifies its signature, validates its claims and on success returns the decoded Jwt.

Parameters:

serializedJwt - a JSON Web Token

Returns:

a signature verified and syntactically valid Jwt

Throws:

InvalidTokenException - if the JWT string was malformed (see subclasses)

CannotRetrieveKeyException - if the public key to verify the signature of the JWT can't be retrieved

determineUnverifiedIssuer

Optional<String> determineUnverifiedIssuer(String serializedJwt)

Extracts the issuer, if at all possible, from the claims section by parsing the given serialized JWT. This will NOT validate anything in the JWT, and is only intended to be used to assist in returning useful authentication failure messages to clients, not for real issuer validation.

Parameters:

serializedJwt - a JSON Web Token

Returns:

the issuer claim from that JWT, or else empty if none could be parsed or found