Skip to content

feat: add TokenVerifier class that can verify RS256/ES256 tokens #420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chingor13 merged 21 commits into from
Jun 24, 2020
Merged

feat: add TokenVerifier class that can verify RS256/ES256 tokens #420

chingor13 merged 21 commits into from
Jun 24, 2020

Conversation

@chingor13
Copy link
Contributor

@chingor13 chingor13 commented Apr 24, 2020
edited
Loading

Exposes interface for validating Google signed RS256/ES256 JWT tokens.

This implementation returns a JsonWebSignature instance (from google-http-client) on success and throws a VerificationException on any error.

Usage:

TokenVerifier tokenVerifier = TokenVerifier.newBuilder()
  .setAudience("audience-to-verify")
  .setIssuer("issuer-to-verify")
  .build();
try {
  JsonWebSignature jsonWebSignature = tokenVerifier.verify(tokenString);
  // optionally verify additional claims
  jsonWebSignature
} catch (TokenVerifier.VerificationException e) {
  // invalid token
}

Fixes #85

@googlebot googlebot added the cla: yes This human has signed the Contributor License Agreement. label Apr 24, 2020
@codecov
Copy link

codecov bot commented Apr 24, 2020
edited
Loading

Codecov Report

Merging #420 into master will increase coverage by 0.36%.
The diff coverage is 83.87%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #420      +/-   ##
============================================
+ Coverage     79.50%   79.86%   +0.36%     
- Complexity      397      409      +12     
============================================
  Files            27       28       +1     
  Lines          1800     1927     +127     
  Branches        186      201      +15     
============================================
+ Hits           1431     1539     +108     
- Misses          269      280      +11     
- Partials        100      108       +8
Impacted Files Coverage Δ Complexity Δ
...ttp/java/com/google/auth/oauth2/TokenVerifier.java 83.87% <83.87%> (ø) 12.00 <12.00> (?)
...tp/java/com/google/auth/oauth2/UserAuthorizer.java 77.59% <0.00%> (+0.12%) 20.00% <0.00%> (ø%)
...om/google/auth/appengine/AppEngineCredentials.java 75.47% <0.00%> (+0.96%) 16.00% <0.00%> (ø%)
..._http/java/com/google/auth/oauth2/OAuth2Utils.java 67.21% <0.00%> (+1.63%) 12.00% <0.00%> (ø%)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 662bd80...96aabab. Read the comment docs.

chingor13 added 13 commits April 24, 2020 10:34
@chingor13 chingor13 marked this pull request as ready for review May 28, 2020 19:43
@chingor13 chingor13 requested a review from a team as a code owner May 28, 2020 19:43
@chingor13 chingor13 requested a review from bshaffer May 28, 2020 19:43
elharo
elharo reviewed May 28, 2020
View reviewed changes
@chingor13 chingor13 mentioned this pull request May 28, 2020
Closed
elharo
elharo reviewed May 28, 2020
View reviewed changes
@chingor13 chingor13 requested a review from BenWhitehead May 28, 2020 21:16
bshaffer
bshaffer reviewed May 29, 2020
View reviewed changes
BenWhitehead
BenWhitehead reviewed Jun 3, 2020
View reviewed changes
bshaffer
bshaffer reviewed Jun 5, 2020
View reviewed changes
@bshaffer
Copy link
Contributor

bshaffer commented Jun 24, 2020

@BenWhitehead @elharo If you have no additional concerns can one of you approve this PR?

@chingor13 chingor13 merged commit 5014ac7 into googleapis:master Jun 24, 2020
@chingor13 chingor13 deleted the verify-id-token-instance branch June 24, 2020 19:58
gcf-merge-on-green bot pushed a commit that referenced this pull request Jun 24, 2020
@release-please
chore: release 0.21.0 (#442)
48ba24a 
🤖 I have created a release \*beep\* \*boop\* 
---
## [0.21.0](https://www.github.com/googleapis/google-auth-library-java/compare/v0.20.0...v0.21.0) (2020-06-24)


### Features

* add TokenVerifier class that can verify RS256/ES256 tokens ([#420](https://www.github.com/googleapis/google-auth-library-java/issues/420)) ([5014ac7](https://www.github.com/googleapis/google-auth-library-java/commit/5014ac72a59d877ef95c616d0b33792b9fc70c25))


### Dependencies

* update autovalue packages to v1.7.2 ([#429](https://www.github.com/googleapis/google-auth-library-java/issues/429)) ([5758364](https://www.github.com/googleapis/google-auth-library-java/commit/575836405bd5803d6202bd0018609184d6a15831))
* update dependency com.google.http-client:google-http-client-bom to v1.35.0 ([#427](https://www.github.com/googleapis/google-auth-library-java/issues/427)) ([5494ec0](https://www.github.com/googleapis/google-auth-library-java/commit/5494ec0a73319fb955b3d7ba025aea9607020c4e))
* update Guava to 29.0-android ([#426](https://www.github.com/googleapis/google-auth-library-java/issues/426)) ([0cd3c2e](https://www.github.com/googleapis/google-auth-library-java/commit/0cd3c2ec0aef3ff0f0379b32f9d05126442219b6))
---


This PR was generated with [Release Please](https://github.com/googleapis/release-please).
@release-please release-please bot mentioned this pull request Jan 4, 2022
Closed
@release-please release-please bot mentioned this pull request Aug 11, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bshaffer bshaffer bshaffer approved these changes

@BenWhitehead BenWhitehead BenWhitehead approved these changes

+1 more reviewer

@elharo elharo elharo left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes This human has signed the Contributor License Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

FR: jwt validate

5 participants

@chingor13 @bshaffer @elharo @BenWhitehead @googlebot