Package org.springframework.security.oauth2.jwt

Class JwtTimestampValidator

java.lang.Object
org.springframework.security.oauth2.jwt.JwtTimestampValidator
All Implemented Interfaces:
org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>
public final class JwtTimestampValidator extends Object implements org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>
An implementation of OAuth2TokenValidator for verifying claims in a Jwt-based access token

Because clocks can differ between the Jwt source, say the Authorization Server, and its destination, say the Resource Server, there is a default clock leeway exercised when deciding if the current time is within the Jwt's specified operating window

Since:
5.1
See Also:

  • Constructor Details

    • JwtTimestampValidator

      public JwtTimestampValidator()
      A basic instance with no custom verification and the default max clock skew

    • JwtTimestampValidator

      public JwtTimestampValidator(Duration clockSkew)

  • Method Details

    • setAllowEmptyExpiryClaim

      public void setAllowEmptyExpiryClaim(boolean allowEmptyExpiryClaim)
      Whether to allow the exp header to be empty. The default value is true
      Since:
      7.0

    • setAllowEmptyNotBeforeClaim

      public void setAllowEmptyNotBeforeClaim(boolean allowEmptyNotBeforeClaim)
      Whether to allow the nbf header to be empty. The default value is true
      Since:
      7.0

    • validate

      public org.springframework.security.oauth2.core.OAuth2TokenValidatorResult validate(Jwt jwt)
      Specified by:
      validate in interface org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>

    • setClock

      public void setClock(Clock clock)
      Use this Clock with Instant.now() for assessing timestamp validity
      Parameters:
      clock -