View Javadoc

1   package com.atlassian.asap.core.parser;
2   
3   import com.atlassian.asap.core.exception.JwtParseException;
4   import com.atlassian.asap.core.exception.UnsupportedAlgorithmException;
5   
6   import java.util.Optional;
7   
8   /**
9    * Parses a JWT token without verifying its signature or checking the validity of its claims.
10   */
11  public interface JwtParser {
12      /**
13       * Parses the encoded JWT message from {@link String}, and returns a verifiable JWT object without
14       * verifying its signature or validating its claims. All the required headers and claims must be present.
15       *
16       * @param serializedJwt a JSON Web Token
17       * @return a {@link VerifiableJwt} that has all the required claims and headers
18       * @throws JwtParseException             if the JWT string was malformed (see subclasses)
19       * @throws UnsupportedAlgorithmException if the signature algorithm is not recognised
20       */
21      VerifiableJwt parse(String serializedJwt) throws JwtParseException, UnsupportedAlgorithmException;
22  
23      /**
24       * Extracts the issuer, if at all possible, from the claims section of the given serialized JWT.
25       * This will NOT validate anything in the JWT, and is only intended to be used to assist in returning useful
26       * authentication failure messages to clients, not for real issuer validation.
27       *
28       * @param serializedJwt a JSON Web Token
29       * @return the issuer claim from that JWT, or else empty if none could be parsed or found
30       */
31      Optional<String> determineUnverifiedIssuer(String serializedJwt);
32  }