Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add TokenVerifier class that can verify RS256/ES256 tokens #420

Merged
merged 21 commits into from Jun 24, 2020
Merged

feat: add TokenVerifier class that can verify RS256/ES256 tokens #420

Show file tree
Hide file tree
Changes from 20 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
282bc14
feat: add TokenVerifier class that can verify RS256/ES256 tokens
chingor13 Apr 24, 2020
cc54919
test: inject HttpTransportFactory for testing
chingor13 Apr 24, 2020
b32e57b
test: inject HttpTransportFactory for testing
chingor13 Apr 24, 2020
141686a
fix: use google-http-client for actual signature verification
chingor13 Apr 27, 2020
5464115
Merge branch 'master' into verify-id-token-instance
chingor13 Apr 27, 2020
1d08829
Merge branch 'master' into verify-id-token-instance
chingor13 Apr 27, 2020
261c7c2
chore: lint
chingor13 Apr 27, 2020
59bfcd0
test: split test into unit and integration
chingor13 Apr 27, 2020
5dd6b44
chore: lint
chingor13 Apr 27, 2020
48aea1d
fix: return the JsonWebSignature instance on verify
chingor13 May 1, 2020
5709b80
test: remove IT test as the signature keys can/will change over time
chingor13 May 28, 2020
d3ab6ea
docs: add javadoc for TokenVerifier
chingor13 May 28, 2020
96ab0db
docs: add guide for verifying tokens in the README
chingor13 May 28, 2020
a94672a
chore: remove auto-value config changes
chingor13 May 28, 2020
b79e90d
chore: tense, lower-case first word, no period
chingor13 May 28, 2020
c57fdb1
chore: run formatter
chingor13 May 28, 2020
7e3234d
chore: more javadoc fixes
chingor13 May 28, 2020
9755703
Merge branch 'master' into verify-id-token-instance
chingor13 May 28, 2020
24e1ec6
chore: remove line from README example
chingor13 May 28, 2020
cdedabc
sample: add snippet showing check for additional claim
chingor13 May 29, 2020
96aabab
fix: remove default constructor - users should always use builder
chingor13 Jun 24, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
51 changes: 51 additions & 0 deletions README.md
View file
Open in desktop
Expand Up @@ -243,6 +243,55 @@ Bigquery bq = new Bigquery.Builder(HTTP_TRANSPORT, JSON_FACTORY, requestInitiali
.build();
```

## Verifying JWT Tokens (Beta)

To verify a JWT token, use the [`TokenVerifier`][token-verifier] class.

### Verifying a Signature

To verify a signature, use the default [`TokenVerifier`][token-verifier]:

```java
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.auth.oauth2.TokenVerifier;

TokenVerifier tokenVerifier = new TokenVerifier();
try {
JsonWebSignature jsonWebSignature = tokenVerifier.verify(tokenString);
// optionally verify additional claims
chingor13 marked this conversation as resolved.
Show resolved Hide resolved
if (!"expected-value".equals(jsonWebSignature.getPayload().get("additional-claim"))) {
// handle custom verification error
}
} catch (TokenVerifier.VerificationException e) {
// invalid token
}
```

### Customizing the TokenVerifier

To customize a [`TokenVerifier`][token-verifier], instantiate it via its builder:

```java
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.auth.oauth2.TokenVerifier;

TokenVerifier tokenVerifier = TokenVerifier.newBuilder()
.setAudience("audience-to-verify")
.setIssuer("issuer-to-verify")
.build();
try {
JsonWebSignature jsonWebSignature = tokenVerifier.verify(tokenString);
// optionally verify additional claims
if (!"expected-value".equals(jsonWebSignature.getPayload().get("additional-claim"))) {
// handle custom verification error
}
} catch (TokenVerifier.VerificationException e) {
// invalid token
}
```

For more options, see the [`TokenVerifier.Builder`][token-verifier-builder] documentation.

## CI Status

Java Version | Status
Expand Down Expand Up @@ -283,5 +332,7 @@ BSD 3-Clause - See [LICENSE](LICENSE) for more information.
[apiary-clients]: https://search.maven.org/search?q=g:com.google.apis
[http-credentials-adapter]: https://googleapis.dev/java/google-auth-library/latest/index.html?com/google/auth/http/HttpCredentialsAdapter.html
[http-request-initializer]: https://googleapis.dev/java/google-http-client/latest/index.html?com/google/api/client/http/HttpRequestInitializer.html
[token-verifier]: https://googleapis.dev/java/google-auth-library/latest/index.html?com/google/auth/oauth2/TokenVerifier.html
[token-verifier-builder]: https://googleapis.dev/java/google-auth-library/latest/index.html?com/google/auth/oauth2/TokenVerifier.Builder.html
[http-transport-factory]: https://googleapis.dev/java/google-auth-library/latest/index.html?com/google/auth/http/HttpTransportFactory.html
[google-credentials]: https://googleapis.dev/java/google-auth-library/latest/index.html?com/google/auth/oauth2/GoogleCredentials.html