Class IdTokenVerifier


  • @Beta
    public class IdTokenVerifier
    extends Object
    Beta
    Thread-safe ID token verifier based on ID Token Validation.

    Call verify(IdToken) to verify a ID token. This is a light-weight object, so you may use a new instance for each configuration of expected issuer and trusted client IDs. Sample usage:

        IdTokenVerifier verifier = new IdTokenVerifier.Builder()
            .setIssuer("issuer.example.com")
            .setAudience(Arrays.asList("myClientId"))
            .build();
        ...
        if (!verifier.verify(idToken)) {...}
     

    Note that verify(IdToken) only implements a subset of the verification steps, mostly just the MUST steps. Please read Since:

    1.16
    • Field Detail

      • DEFAULT_TIME_SKEW_SECONDS

        public static final long DEFAULT_TIME_SKEW_SECONDS
        Default value for seconds of time skew to accept when verifying time (5 minutes).
        See Also:
        Constant Field Values
    • Constructor Detail

      • IdTokenVerifier

        public IdTokenVerifier()
    • Method Detail

      • getClock

        public final com.google.api.client.util.Clock getClock()
        Returns the clock.
      • getAcceptableTimeSkewSeconds

        public final long getAcceptableTimeSkewSeconds()
        Returns the seconds of time skew to accept when verifying time.
      • getIssuer

        public final String getIssuer()
        Returns the first of equivalent expected issuers or null if issuer check suppressed.
      • getIssuers

        public final Collection<String> getIssuers()
        Returns the equivalent expected issuers or null if issuer check suppressed.
        Since:
        1.21.0
      • getAudience

        public final Collection<String> getAudience()
        Returns the unmodifiable list of trusted audience client IDs or null to suppress the audience check.