Source code

001/*
002 * (C) Copyright 2018 Nuxeo (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Florent Guillaume
018 */
019package org.nuxeo.ecm.jwt;
020
021import java.util.Map;
022
023/**
024 * The JSON Web Token (JWT) Service.
025 *
026 * @since 10.3
027 */
028public interface JWTService {
029
030    /**
031     * A builder for a JSON Web Token (JWT).
032     *
033     * @since 10.3
034     */
035    interface JWTBuilder {
036
037        /**
038         * Adds a TTL (in seconds) to the token to be built.
039         * <p>
040         * A negative or zero TTL means to use the platform default.
041         *
042         * @param ttlSeconds the TTL, in seconds
043         */
044        JWTBuilder withTTL(int ttlSeconds);
045
046        /**
047         * Adds a claim to the token to be built. The standard claim names are available in {@link JWTClaims}.
048         *
049         * @param name the claim name
050         * @param value the claim value
051         */
052        JWTBuilder withClaim(String name, Object value);
053
054        /**
055         * Builds and returns the token.
056         * <p>
057         * The {@link JWTClaims#CLAIM_SUBJECT} of the token is set to the current user id. The
058         * {@link JWTClaims#CLAIM_ISSUER} of the token is set to the string {@code "nuxeo"}.
059         * <p>
060         * The token hash algorithm is based on a secret provided by the service configuration.
061         *
062         * @return the token
063         */
064        String build();
065
066    }
067
068    /**
069     * Creates a new builder for a JSON Web Token.
070     *
071     * @return the new builder
072     */
073    JWTBuilder newBuilder();
074
075    /**
076     * Verifies the token and returns its claims, or {@code null} if the token is invalid (corrupted, constructed from
077     * an invalid secret, or expired).
078     * <p>
079     * The claim {@link JWTClaims#CLAIM_SUBJECT} contains the token's creator user id.
080     * <p>
081     * The token hash algorithm is based on a secret provided by the service configuration.
082     *
083     * @param token the token
084     * @return the claims if the token is valid, or {@code null} if the token is invalid
085     */
086    Map<String, Object> verifyToken(String token);
087
088}