Java Code Examples for com.auth0.jwt.interfaces.DecodedJWT#getIssuedAt()

The following examples show how to use com.auth0.jwt.interfaces.DecodedJWT#getIssuedAt() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TokenDecoder.java    From cf-java-logging-support with Apache License 2.0 6 votes vote down vote up 
/**
 * This method validates if a token has a valid signature as well as a valid
 * timestamp and returns the decoded token
 *
 * @throws DynamicLogLevelException
 */
public DecodedJWT validateAndDecodeToken(String token) throws DynamicLogLevelException {
    try {
        DecodedJWT jwt = verifier.verify(token);
        Date exp = jwt.getExpiresAt();
        Date iat = jwt.getIssuedAt();
        Date now = new Date();

        if (exp != null && iat != null && now.after(iat) && now.before(exp)) {
            return jwt;
        } else {
            throw new DynamicLogLevelException("Token provided to dynamically change the log-level on thread-level is outdated");
        }
    } catch (JWTVerificationException e) {
        // Exception is not attached to avoid logging of JWT token
        throw new DynamicLogLevelException("Token could not be verified");
    }
}
Example 2
Source File: AuthUtils.java    From mdw with Apache License 2.0 6 votes vote down vote up 
private static void verifyMdwJWT(String token, Map<String,String> headers) throws Exception {
    // If first call, generate verifier
    JWTVerifier tempVerifier = verifier;
    if (tempVerifier == null)
        tempVerifier = createMdwTokenVerifier();

    if (tempVerifier == null)
        throw new Exception("Cannot generate MDW JWT verifier");

    DecodedJWT jwt = tempVerifier.verify(token);  // Verifies JWT is valid

    // Verify token is not too old, if application specifies property for max token age - in seconds
    if (maxAge > 0 && jwt.getIssuedAt() != null) {
        if ((new Date().getTime() - jwt.getIssuedAt().getTime()) > maxAge)
            throw new Exception("JWT token has expired");
    }

    // Get the user JWT was created for
    if (!StringUtils.isBlank(jwt.getSubject()))
        headers.put(Listener.AUTHENTICATED_USER_HEADER, jwt.getSubject());
    else
        throw new Exception("Received valid JWT token, but cannot identify the user");
}
Example 3
Source File: JwtToken.java    From spring-boot-plus with Apache License 2.0 5 votes vote down vote up 
public static JwtToken build(String token, String username, String salt, long expireSecond) {
    DecodedJWT decodedJwt = JwtUtil.getJwtInfo(token);
    Date createDate = decodedJwt.getIssuedAt();
    Date expireDate = decodedJwt.getExpiresAt();
    return new JwtToken()
            .setUsername(username)
            .setToken(token)
            .setHost(IpUtil.getRequestIp())
            .setSalt(salt)
            .setCreateDate(createDate)
            .setExpireSecond(expireSecond)
            .setExpireDate(expireDate);

}
Example 4
Source File: JwtUtil.java    From spring-boot-plus with Apache License 2.0 5 votes vote down vote up 
/**
 * 获取创建时间
 *
 * @param token
 * @return
 */
public static Date getIssuedAt(String token) {
    DecodedJWT decodedJwt = getJwtInfo(token);
    if (decodedJwt == null) {
        return null;
    }
    return decodedJwt.getIssuedAt();
}
Example 5
Source File: JwtSessionConfigurator.java    From aceql-http with GNU Lesser General Public License v2.1 5 votes vote down vote up 
@Override
   public long getCreationTime(String sessionId) {
try {
    DecodedJWT jwt = JWT.decode(sessionId);
    Date issuedAt = jwt.getIssuedAt();
    return issuedAt.getTime();

} catch (JWTDecodeException exception) {
    System.err.println(exception);
    return 0;
}
   }
Example 6
Source File: AuthUtils.java    From mdw with Apache License 2.0 5 votes vote down vote up 
private static void verifyCustomJWT(String token, String algorithm, String issuer, Map<String,String> headers) throws Exception {
    // If first call, generate verifier
    JWTVerifier tempVerifier = verifierCustom.get(issuer);
    if (tempVerifier == null)
        tempVerifier = createCustomTokenVerifier(algorithm, issuer);

    if (tempVerifier == null)
        throw new Exception("Cannot generate Custom JWT verifier for " + issuer);

    DecodedJWT jwt = tempVerifier.verify(token);  // Verifies JWT is valid

    // Verify token is not too old, if application specifies property for max token age - in seconds
    if (maxAge > 0 && jwt.getIssuedAt() != null) {
        if ((new Date().getTime() - jwt.getIssuedAt().getTime()) > maxAge)
            throw new Exception("Custom JWT token has expired");
    }

    Properties props = customProviders.get(getCustomProviderGroupName(issuer));

    // Get the user JWT was created for (Claim specified in Property) - Check payload and header for the claim
    String user = jwt.getClaim(props.getProperty(PropertyNames.MDW_JWT_USER_CLAIM)).asString();
    if (StringUtils.isBlank(user))
        user = jwt.getHeaderClaim(props.getProperty(PropertyNames.MDW_JWT_USER_CLAIM)).asString();

    if (!StringUtils.isBlank(user))
        headers.put(Listener.AUTHENTICATED_USER_HEADER, user);
    else
        throw new Exception("Received valid Custom JWT token, but cannot identify the user");
}
Example 7
Source File: IdTokenVerifier.java    From auth0-java-mvc-common with MIT License 4 votes vote down vote up 
/**
 * Verifies a provided ID Token follows the OIDC specification.
 * See https://openid.net/specs/openid-connect-core-1_0-final.html#IDTokenValidation
 *
 * @param token         the ID Token to verify.
 * @param verifyOptions the verification options, like audience, issuer, algorithm.
 * @throws TokenValidationException If the ID Token is null, its signing algorithm not supported, its signature invalid or one of its claim invalid.
 */
void verify(String token, Options verifyOptions) throws TokenValidationException {
    Validate.notNull(verifyOptions);

    if (isEmpty(token)) {
        throw new TokenValidationException("ID token is required but missing");
    }

    DecodedJWT decoded = verifyOptions.verifier.verifySignature(token);

    if (isEmpty(decoded.getIssuer())) {
        throw new TokenValidationException("Issuer (iss) claim must be a string present in the ID token");
    }
    if (!decoded.getIssuer().equals(verifyOptions.issuer)) {
        throw new TokenValidationException(String.format("Issuer (iss) claim mismatch in the ID token, expected \"%s\", found \"%s\"", verifyOptions.issuer, decoded.getIssuer()));
    }

    if (isEmpty(decoded.getSubject())) {
        throw new TokenValidationException("Subject (sub) claim must be a string present in the ID token");
    }

    final List<String> audience = decoded.getAudience();
    if (audience == null) {
        throw new TokenValidationException("Audience (aud) claim must be a string or array of strings present in the ID token");
    }
    if (!audience.contains(verifyOptions.audience)) {
        throw new TokenValidationException(String.format("Audience (aud) claim mismatch in the ID token; expected \"%s\" but found \"%s\"", verifyOptions.audience, decoded.getAudience()));
    }

    final Calendar cal = Calendar.getInstance();
    final Date now = verifyOptions.clock != null ? verifyOptions.clock : cal.getTime();
    final int clockSkew = verifyOptions.clockSkew != null ? verifyOptions.clockSkew : DEFAULT_CLOCK_SKEW;

    if (decoded.getExpiresAt() == null) {
        throw new TokenValidationException("Expiration Time (exp) claim must be a number present in the ID token");
    }

    cal.setTime(decoded.getExpiresAt());
    cal.add(Calendar.SECOND, clockSkew);
    Date expDate = cal.getTime();

    if (now.after(expDate)) {
        throw new TokenValidationException(String.format("Expiration Time (exp) claim error in the ID token; current time (%d) is after expiration time (%d)", now.getTime() / 1000, expDate.getTime() / 1000));
    }

    if (decoded.getIssuedAt() == null) {
        throw new TokenValidationException("Issued At (iat) claim must be a number present in the ID token");
    }

    cal.setTime(decoded.getIssuedAt());
    cal.add(Calendar.SECOND, -1 * clockSkew);

    if (verifyOptions.nonce != null) {
        String nonceClaim = decoded.getClaim(NONCE_CLAIM).asString();
        if (isEmpty(nonceClaim)) {
            throw new TokenValidationException("Nonce (nonce) claim must be a string present in the ID token");
        }
        if (!verifyOptions.nonce.equals(nonceClaim)) {
            throw new TokenValidationException(String.format("Nonce (nonce) claim mismatch in the ID token; expected \"%s\", found \"%s\"", verifyOptions.nonce, nonceClaim));
        }
    }

    if (audience.size() > 1) {
        String azpClaim = decoded.getClaim(AZP_CLAIM).asString();
        if (isEmpty(azpClaim)) {
            throw new TokenValidationException("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");
        }
        if (!verifyOptions.audience.equals(azpClaim)) {
            throw new TokenValidationException(String.format("Authorized Party (azp) claim mismatch in the ID token; expected \"%s\", found \"%s\"", verifyOptions.audience, azpClaim));
        }
    }

    if (verifyOptions.maxAge != null) {
        Date authTime = decoded.getClaim(AUTH_TIME_CLAIM).asDate();
        if (authTime == null) {
            throw new TokenValidationException("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
        }

        cal.setTime(authTime);
        cal.add(Calendar.SECOND, verifyOptions.maxAge);
        cal.add(Calendar.SECOND, clockSkew);
        Date authTimeDate = cal.getTime();

        if (now.after(authTimeDate)) {
            throw new TokenValidationException(String.format("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (%d) is after last auth at (%d)", now.getTime() / 1000, authTimeDate.getTime() / 1000));
        }
    }
}