public interface IdToken
  • Method Details

    • getJwtId

      String getJwtId()
      Returns the JWT ID of the IdToken This is not required. Case sensitive (key-id jti)
      Returns:
      JWT ID
    • getType

      String getType()
      returns the Type of IdToken, such as: Bearer This is not required. Case sensitive (key-id typ)
      Returns:
      Token Type
    • getIssuer

      String getIssuer()
      returns Issuer Identifier for the Issuer of the Response This is required Case sensitive (claim iss)
      Returns:
      Issuer
    • getSubject

      String getSubject()
      returns the Subject Identifier This is required. Case sensitive (claim sub)
      Returns:
      subject Id
    • getAudience

      List<String> getAudience()
      returns the audience(s) This is required Case sensitive (claim aud)
      Returns:
      audience(s)
    • getClientId

      String getClientId()
      returns the client Id This is not required (key-id azp2)
      Returns:
      Client Id
    • getExpirationTimeSeconds

      long getExpirationTimeSeconds()
      return the expiration time of the Id Token The time is represented as the number of seconds from 1970-01-01T0:0:0:0Z This is required (claim exp)
      Returns:
      Expiration time in seconds
    • getNotBeforeTimeSeconds

      long getNotBeforeTimeSeconds()
      return the time which Id Token is not valid before it The time is represented as the number of seconds from 1970-01-01T0:0:0:0Z This is not required (key-id nbf)
      Returns:
      Not Before Time in seconds
    • getIssuedAtTimeSeconds

      long getIssuedAtTimeSeconds()
      returns the issued time of Id Token This is required (claim iat)
      Returns:
      the issued time in seconds
    • getAuthorizationTimeSeconds

      long getAuthorizationTimeSeconds()
      returns The authorization time of the Id Token This is not required (key-id auth_time)
      Returns:
      The authorization time in seconds
    • getNonce

      String getNonce()
      returns the value of nonce This value is optional usually. But it's required when the request of a RP Client provides a nonce. In this case, the value of nonce must be the same as the one that the RP Client provides. case sensitive (claim nonce)
      Returns:
      the value of nonce
    • getAccessTokenHash

      String getAccessTokenHash()
      returns the Hash code of access token This is optional (claim at_hash)
      Returns:
      the Hash code of the access token
    • getClassReference

      String getClassReference()
      returns Authentication Context Class Reference This is optional (claim acr)
      Returns:
      Authentication Context Class Reference
    • getMethodsReferences

      List<String> getMethodsReferences()
      returns Authentication Methods References This is optional (claim amr)
      Returns:
      Authentication Methods References
    • getAuthorizedParty

      String getAuthorizedParty()
      Authorized Party This is optional Case sensitive (claim azp)
      Returns:
      Authorized Party
    • getClaim

      Object getClaim(String key)
      Using the key to get its value
      Parameters:
      key - - the claim or key-id
      Returns:
      The value
    • getAllClaims

      Map<String,Object> getAllClaims()
      get all the claims in the payload of Id Token
      Returns:
      all the claims in the payload of Id Token
    • getAccessToken

      String getAccessToken()
      Get the access token
      Returns:
      the access token string
    • getRefreshToken

      String getRefreshToken()
      Get the refresh token
      Returns:
      the refresh token string if exists, otherwise return null
    • getAllClaimsAsJson

      String getAllClaimsAsJson()
      Returns:
      all the claims in Json format
    • getRawIdToken

      String getRawIdToken() throws com.ibm.websphere.security.WSSecurityException
      Returns the raw ID token string
      Returns:
      The raw ID token string
      Throws:
      com.ibm.websphere.security.WSSecurityException - Thrown if there is an error getting the run as identity.