Package org.springframework.security.oauth2.jwt

Class JwtTimestampValidator

  • All Implemented Interfaces:
    OAuth2TokenValidator<Jwt>
    public final class JwtTimestampValidator
extends java.lang.Object
implements OAuth2TokenValidator<Jwt>
    An implementation of OAuth2TokenValidator for verifying claims in a Jwt-based access token

    Because clocks can differ between the Jwt source, say the Authorization Server, and its destination, say the Resource Server, there is a default clock leeway exercised when deciding if the current time is within the Jwt's specified operating window

    Since:
    5.1
    See Also:
    Jwt, OAuth2TokenValidator, JSON Web Token (JWT)

    • Constructor Summary

      Constructors 
      Constructor Description
      JwtTimestampValidator()
      A basic instance with no custom verification and the default max clock skew
      JwtTimestampValidator​(java.time.Duration clockSkew)  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void setClock​(java.time.Clock clock)
      Use this Clock with Instant.now() for assessing timestamp validity
      OAuth2TokenValidatorResult validate​(Jwt jwt)
      Verify the validity and/or constraints of the provided OAuth 2.0 Token.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • JwtTimestampValidator

        public JwtTimestampValidator()
        A basic instance with no custom verification and the default max clock skew

      • JwtTimestampValidator

        public JwtTimestampValidator​(java.time.Duration clockSkew)

    • Method Detail

      • setClock

        public void setClock​(java.time.Clock clock)
        Use this Clock with Instant.now() for assessing timestamp validity
        Parameters:
        clock -