Class JwtTimestampValidator

java.lang.Object
org.springframework.security.oauth2.jwt.JwtTimestampValidator
All Implemented Interfaces:
OAuth2TokenValidator<Jwt>

public final class JwtTimestampValidator extends Object implements OAuth2TokenValidator<Jwt>
An implementation of OAuth2TokenValidator for verifying claims in a Jwt-based access token

Because clocks can differ between the Jwt source, say the Authorization Server, and its destination, say the Resource Server, there is a default clock leeway exercised when deciding if the current time is within the Jwt's specified operating window

Since:
5.1
See Also:
  • Constructor Details

    • JwtTimestampValidator

      public JwtTimestampValidator()
      A basic instance with no custom verification and the default max clock skew
    • JwtTimestampValidator

      public JwtTimestampValidator(Duration clockSkew)
  • Method Details

    • setAllowEmptyExpiryClaim

      public void setAllowEmptyExpiryClaim(boolean allowEmptyExpiryClaim)
      Whether to allow the exp header to be empty. The default value is true
      Since:
      7.0
    • setAllowEmptyNotBeforeClaim

      public void setAllowEmptyNotBeforeClaim(boolean allowEmptyNotBeforeClaim)
      Whether to allow the nbf header to be empty. The default value is true
      Since:
      7.0
    • validate

      public OAuth2TokenValidatorResult validate(Jwt jwt)
      Description copied from interface: OAuth2TokenValidator
      Verify the validity and/or constraints of the provided OAuth 2.0 Token.
      Specified by:
      validate in interface OAuth2TokenValidator<Jwt>
      Parameters:
      jwt - an OAuth 2.0 token
      Returns:
      OAuth2TokenValidationResult the success or failure detail of the validation
    • setClock

      public void setClock(Clock clock)
      Use this Clock with Instant.now() for assessing timestamp validity
      Parameters:
      clock -