Module io.inverno.mod.security.jose
Package io.inverno.mod.security.jose.jwt

Interface JWTService

public interface JWTService

The JWT Service is the main entry point for creating and reading JSON Web token objects.

A JSON Web Token is a JSON Web Signature or JSON Web Encryption object of type JWT and whose payload is a JWT Claims set. The JWT Service allows to fluently create JWT objects using JWSBuilder, JsonJWSBuilder, JWEBuilder or JsonJWEBuilder and read JWT objects using JWSReader, JsonJWSReader, JWEReader or JsonJWEReader.

Since:
1.5
Author:
Jeremy Kuhn

  • Method Details

    • jwsBuilder

      default JWSBuilder<JWTClaimsSet,?,?> jwsBuilder()

      Returns a new JWS JWT builder.

      The returned builder will try to resolve the JWK to use to sign the JWT based on the JWS JOSE header. It will fail if it wasn't able to find a suitable key.

      Returns:
      a new JWS JWT builder

    • jwsBuilder

      default <T extends JWTClaimsSet> JWSBuilder<T,?,?> jwsBuilder(Class<T> type) throws JOSEProcessingException

      Returns a new JWS JWT builder with a custom JWT Claims set type.

      The returned builder will try to resolve the JWK to use to sign the JWT based on the JWS JOSE header. It will fail if it wasn't able to find a suitable key.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      Returns:
      a new JWS JWT builder
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jwsBuilder

      default <T extends JWTClaimsSet> JWSBuilder<T,?,?> jwsBuilder(Type type) throws JOSEProcessingException

      Returns a new JWS JWT builder with a custom JWT Claims set type.

      The returned builder will try to resolve the JWK to use to sign the JWT based on the JWS JOSE header. It will fail if it wasn't able to find a suitable key.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      Returns:
      a new JWS JWT builder
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jwsBuilder

      default JWSBuilder<JWTClaimsSet,?,?> jwsBuilder(Publisher<? extends JWK> keys)

      Returns a new JWS JWT builder using the specified keys.

      The returned builder will use the specified keys to sign the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWS JOSE header.

      Parameters:
      keys - the keys to consider to sign the JWT
      Returns:
      a new JWS JWT builder

    • jwsBuilder

      default <T extends JWTClaimsSet> JWSBuilder<T,?,?> jwsBuilder(Class<T> type, Publisher<? extends JWK> keys) throws JOSEProcessingException

      Returns a new JWS JWT builder with a custom JWT Claims set type and using the specified keys.

      The returned builder will use the specified keys to sign the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWS JOSE header.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      keys - the keys to consider to sign the JWT
      Returns:
      a new JWS JWT builder
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jwsBuilder

      <T extends JWTClaimsSet> JWSBuilder<T,?,?> jwsBuilder(Type type, Publisher<? extends JWK> keys) throws JOSEProcessingException

      Returns a new JWS JWT builder with a custom JWT Claims set type and using the specified keys.

      The returned builder will use the specified keys to sign the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWS JOSE header.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      keys - the keys to consider to sign the JWT
      Returns:
      a new JWS JWT builder
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jweBuilder

      default JWEBuilder<JWTClaimsSet,?,?> jweBuilder()

      Returns a new JWE JWT builder.

      The returned builder will try to resolve the JWK to use to sign the JWT based on the JWE JOSE header. It will fail if it wasn't able to find a suitable key.

      Returns:
      a new JWE JWT builder

    • jweBuilder

      default <T extends JWTClaimsSet> JWEBuilder<T,?,?> jweBuilder(Class<T> type) throws JOSEProcessingException

      Returns a new JWE JWT builder with a custom JWT Claims set type.

      The returned builder will try to resolve the JWK to use to sign the JWT based on the JWE JOSE header. It will fail if it wasn't able to find a suitable key.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      Returns:
      a new JWE JWT builder
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jweBuilder

      default <T extends JWTClaimsSet> JWEBuilder<T,?,?> jweBuilder(Type type) throws JOSEProcessingException

      Returns a new JWE JWT builder with a custom JWT Claims set type.

      The returned builder will try to resolve the JWK to use to sign the JWT based on the JWE JOSE header. It will fail if it wasn't able to find a suitable key.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      Returns:
      a new JWE JWT builder
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jweBuilder

      default JWEBuilder<JWTClaimsSet,?,?> jweBuilder(Publisher<? extends JWK> keys)

      Returns a new JWE JWT builder using the specified keys.

      The returned builder will use the specified keys to sign the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWE JOSE header.

      Parameters:
      keys - the keys to consider to sign the JWT
      Returns:
      a new JWE JWT builder

    • jweBuilder

      default <T extends JWTClaimsSet> JWEBuilder<T,?,?> jweBuilder(Class<T> type, Publisher<? extends JWK> keys) throws JOSEProcessingException

      Returns a new JWE JWT builder with a custom JWT Claims set type and using the specified keys.

      The returned builder will use the specified keys to sign the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWE JOSE header.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      keys - the keys to consider to sign the JWT
      Returns:
      a new JWE JWT builder
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jweBuilder

      <T extends JWTClaimsSet> JWEBuilder<T,?,?> jweBuilder(Type type, Publisher<? extends JWK> keys) throws JOSEProcessingException

      Returns a new JWE JWT builder with a custom JWT Claims set type and using the specified keys.

      The returned builder will use the specified keys to sign the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWE JOSE header.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      keys - the keys to consider to sign the JWT
      Returns:
      a new JWE JWT builder
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jwsReader

      default JWSReader<JWTClaimsSet,?> jwsReader()

      Returns a new JWS JWT reader.

      The returned reader will try to resolve the JWK to use to verify the JWT signature based on the JWS JOSE header. It will fail if it wasn't able to find a suitable key.

      Returns:
      a new JWS JWT reader

    • jwsReader

      default <T extends JWTClaimsSet> JWSReader<T,?> jwsReader(Class<T> type) throws JOSEProcessingException

      Returns a new JWS JWT reader with a custom JWT Claims set type.

      The returned reader will try to resolve the JWK to use to verify the JWT signature based on the JWS JOSE header. It will fail if it wasn't able to find a suitable key.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      Returns:
      a new JWS JWT reader
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jwsReader

      default <T extends JWTClaimsSet> JWSReader<T,?> jwsReader(Type type) throws JOSEProcessingException

      Returns a new JWS JWT reader with a custom JWT Claims set type.

      The returned reader will try to resolve the JWK to use to verify the JWT signature based on the JWS JOSE header. It will fail if it wasn't able to find a suitable key.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      Returns:
      a new JWS JWT reader
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jwsReader

      default JWSReader<JWTClaimsSet,?> jwsReader(Publisher<? extends JWK> keys)

      Returns a new JWS JWT reader using the specified keys.

      The returned reader will use the specified keys to verify the JWT signature, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWS JOSE header.

      Parameters:
      keys - the keys to consider to verify the JWT signature
      Returns:
      a new JWS JWT reader

    • jwsReader

      default <T extends JWTClaimsSet> JWSReader<T,?> jwsReader(Class<T> type, Publisher<? extends JWK> keys) throws JOSEProcessingException

      Returns a new JWS JWT reader with a custom JWT Claims set type and using the specified keys.

      The returned reader will use the specified keys to verify the JWT signature, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWS JOSE header.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      keys - the keys to consider to verify the JWT signature
      Returns:
      a new JWS JWT reader
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jwsReader

      <T extends JWTClaimsSet> JWSReader<T,?> jwsReader(Type type, Publisher<? extends JWK> keys) throws JOSEProcessingException

      Returns a new JWS JWT reader with a custom JWT Claims set type and using the specified keys.

      The returned reader will use the specified keys to verify the JWT signature, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWS JOSE header.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      keys - the keys to consider to verify the JWT signature
      Returns:
      a new JWS JWT reader
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jweReader

      default JWEReader<JWTClaimsSet,?> jweReader()

      Returns a new JWE JWT reader.

      The returned reader will try to resolve the JWK to use to decrypt the JWT based on the JWE JOSE header. It will fail if it wasn't able to find a suitable key.

      Returns:
      a new JWE JWT reader

    • jweReader

      default <T extends JWTClaimsSet> JWEReader<T,?> jweReader(Class<T> type) throws JOSEProcessingException

      Returns a new JWE JWT reader with a custom JWT Claims set type.

      The returned reader will try to resolve the JWK to use to decrypt the JWT based on the JWE JOSE header. It will fail if it wasn't able to find a suitable key.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      Returns:
      a new JWE JWT reader
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jweReader

      default <T extends JWTClaimsSet> JWEReader<T,?> jweReader(Type type) throws JOSEProcessingException

      Returns a new JWE JWT reader with a custom JWT Claims set type.

      The returned reader will try to resolve the JWK to use to decrypt the JWT based on the JWE JOSE header. It will fail if it wasn't able to find a suitable key.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      Returns:
      a new JWE JWT reader
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jweReader

      default JWEReader<JWTClaimsSet,?> jweReader(Publisher<? extends JWK> keys)

      Returns a new JWE JWT reader using the specified keys.

      The returned reader will use the specified keys to decrypt the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWE JOSE header.

      Parameters:
      keys - the keys to consider to decrypt the JWT
      Returns:
      a new JWE JWT reader

    • jweReader

      default <T extends JWTClaimsSet> JWEReader<T,?> jweReader(Class<T> type, Publisher<? extends JWK> keys) throws JOSEProcessingException

      Returns a new JWE JWT reader with a custom JWT Claims set type and using the specified keys.

      The returned reader will use the specified keys to decrypt the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWE JOSE header.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      keys - the keys to consider to decrypt the JWT
      Returns:
      a new JWE JWT reader
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • jweReader

      <T extends JWTClaimsSet> JWEReader<T,?> jweReader(Type type, Publisher<? extends JWK> keys) throws JOSEProcessingException

      Returns a new JWE JWT reader with a custom JWT Claims set type and using the specified keys.

      The returned reader will use the specified keys to decrypt the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JWE JOSE header.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      type - The JWT Claims set type
      keys - the keys to consider to decrypt the JWT
      Returns:
      a new JWE JWT reader
      Throws:
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • readerFor

      default JOSEObjectReader<JWTClaimsSet,?,? extends JOSEObject<JWTClaimsSet,?>,?> readerFor(String compact) throws JWTReadException

      Returns a JOSE JWT Object reader to read the specified compact representation.

      This method shall returned a JWS reader or a JWE reader based on the compact representation format.

      The returned reader will try to resolve the JWK to use to verify or decrypt the JWT based on the JOSE header. It will fail if it wasn't able to find a suitable key.

      Parameters:
      compact - the compact representation to read
      Returns:
      a new JOSE JWT reader
      Throws:
      JWTReadException - if the specified compact representation is invalid or not supported

    • readerFor

      default <T extends JWTClaimsSet> JOSEObjectReader<T,?,? extends JOSEObject<T,?>,?> readerFor(String compact, Class<T> type) throws JWTReadException, JOSEProcessingException

      Returns a JOSE JWT Object reader to read the specified compact representation with a custom JWT Claims set type.

      This method shall returned a JWS reader or a JWE reader based on the compact representation format.

      The returned reader will try to resolve the JWK to use to verify or decrypt the JWT based on the JOSE header. It will fail if it wasn't able to find a suitable key.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      compact - the compact representation to read
      type - The JWT Claims set type
      Returns:
      a new JOSE JWT reader
      Throws:
      JWTReadException - if the specified compact representation is invalid or not supported
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • readerFor

      default <T extends JWTClaimsSet> JOSEObjectReader<T,?,? extends JOSEObject<T,?>,?> readerFor(String compact, Type type) throws JWTReadException, JOSEProcessingException

      Returns a JOSE JWT Object reader to read the specified compact representation with a custom JWT Claims set type.

      This method shall returned a JWS reader or a JWE reader based on the compact representation format.

      The returned reader will try to resolve the JWK to use to verify or decrypt the JWT based on the JOSE header. It will fail if it wasn't able to find a suitable key.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      compact - the compact representation to read
      type - The JWT Claims set type
      Returns:
      a new JOSE JWT reader
      Throws:
      JWTReadException - if the specified compact representation is invalid or not supported
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • readerFor

      default JOSEObjectReader<JWTClaimsSet,?,? extends JOSEObject<JWTClaimsSet,?>,?> readerFor(String compact, Publisher<? extends JWK> keys) throws JWTReadException, JOSEProcessingException

      Returns a JOSE JWT Object reader to read the specified compact representation using the specified keys.

      This method shall returned a JWS reader or a JWE reader based on the compact representation format.

      The returned reader will use the specified keys to verify or decrypt the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JOSE header.

      Parameters:
      compact - the compact representation to read
      keys - the keys to consider to verify or decrypt the JWT
      Returns:
      a new JOSE JWT reader
      Throws:
      JWTReadException - if the specified compact representation is invalid or not supported
      JOSEProcessingException

    • readerFor

      default <T extends JWTClaimsSet> JOSEObjectReader<T,?,? extends JOSEObject<T,?>,?> readerFor(String compact, Class<T> type, Publisher<? extends JWK> keys) throws JWTReadException, JOSEProcessingException

      Returns a JOSE JWT Object reader to read the specified compact representation with a custom JWT Claims set type using the specified keys.

      This method shall returned a JWS reader or a JWE reader based on the compact representation format.

      The returned reader will use the specified keys to verify or decrypt the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JOSE header.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      compact - the compact representation to read
      type - The JWT Claims set type
      keys - the keys to consider to verify or decrypt the JWT
      Returns:
      a new JOSE JWT reader
      Throws:
      JWTReadException - if the specified compact representation is invalid or not supported
      JOSEProcessingException - if the specified JWT Claims set type is invalid

    • readerFor

      <T extends JWTClaimsSet> JOSEObjectReader<T,?,? extends JOSEObject<T,?>,?> readerFor(String compact, Type type, Publisher<? extends JWK> keys) throws JWTReadException, JOSEProcessingException

      Returns a JOSE JWT Object reader to read the specified compact representation with a custom JWT Claims set type using the specified keys.

      This method shall returned a JWS reader or a JWE reader based on the compact representation format.

      The returned reader will use the specified keys to verify or decrypt the JWT, the first succeeding key will be retained and remaining keys will be ignored. It will fail if no suitable key have been specified or if they are not consistent with the JOSE header.

      Type Parameters:
      T - the JWT Claims set type
      Parameters:
      compact - the compact representation to read
      type - The JWT Claims set type
      keys - the keys to consider to verify or decrypt the JWT
      Returns:
      a new JOSE JWT reader
      Throws:
      JWTReadException - if the specified compact representation is invalid or not supported
      JOSEProcessingException - if the specified JWT Claims set type is invalid