/** * Add validator of audience to the collection of validators. * * @param validators collection of validators * @param audience audience expected to be in the token * @param mandatory whether the audience field is mandatory in the token */ public static void addAudienceValidator(Collection<Validator<Jwt>> validators, String audience, boolean mandatory) { validators.add((jwt, collector) -> { Optional<List<String>> jwtAudiences = jwt.audience(); if (jwtAudiences.isPresent()) { if (jwtAudiences.get().contains(audience)) { return; } collector.fatal(jwt, "Audience must contain " + audience + ", yet it is: " + jwtAudiences); } else { if (mandatory) { collector.fatal(jwt, "Audience is expected to be: " + audience + ", yet no audience in JWT"); } } }); }
private Object getClaim(Claims claims) { switch (claims) { case raw_token: return signed.tokenContent(); case groups: return jwt.userGroups().map(HashSet::new).orElse(null); case aud: return jwt.audience().map(HashSet::new).orElse(null); case email_verified: return jwt.emailVerified().orElse(null); case phone_number_verified: return jwt.phoneNumberVerified().orElse(null); case upn: return jwt.userPrincipal().orElse(null); default: //do nothing, just continue to processing based on type } String claimName = claims.name(); Optional<JsonValue> json = getJsonValue(claimName); return json.map(value -> convert(claims, value)).orElse(null); }
/** * Add validator of audience to the collection of validators. * * @param validators collection of validators * @param audience audience expected to be in the token * @param mandatory whether the audience field is mandatory in the token */ public static void addAudienceValidator(Collection<Validator<Jwt>> validators, String audience, boolean mandatory) { validators.add((jwt, collector) -> { Optional<List<String>> jwtAudiences = jwt.audience(); if (jwtAudiences.isPresent()) { if (jwtAudiences.get().contains(audience)) { return; } collector.fatal(jwt, "Audience must contain " + audience + ", yet it is: " + jwtAudiences); } else { if (mandatory) { collector.fatal(jwt, "Audience is expected to be: " + audience + ", yet no audience in JWT"); } } }); }
private Object getClaim(Claims claims) { switch (claims) { case raw_token: return signed.tokenContent(); case groups: return jwt.userGroups().map(HashSet::new).orElse(null); case aud: return jwt.audience().map(HashSet::new).orElse(null); case email_verified: return jwt.emailVerified().orElse(null); case phone_number_verified: return jwt.phoneNumberVerified().orElse(null); case upn: return jwt.userPrincipal().orElse(null); default: //do nothing, just continue to processing based on type } String claimName = claims.name(); Optional<JsonValue> json = getJsonValue(claimName); return json.map(value -> convert(claims, value)).orElse(null); }