Class OidcTokens

java.lang.Object
com.codename1.io.oidc.OidcTokens
public final class OidcTokens extends Object

The tokens returned by an OpenID Connect token endpoint, with convenience accessors for the OIDC ID token claims. Immutable.

To bridge into the older AccessToken API used by Login, call toAccessToken().

Since:
7.0.245

  • Method Details

    • fromTokenResponse

      public static OidcTokens fromTokenResponse(Map<String,Object> json, String refreshTokenFallback)
      Builds an OidcTokens from a parsed JSON token-endpoint response, optionally merging in a refresh token from a previous response (token endpoints are allowed to omit refresh_token on a refresh call).

    • decodeIdTokenClaims

      public static Map<String,Object> decodeIdTokenClaims(String compactJwt)
      Decodes the payload of a compact JWS without verifying the signature. Suitable for reading OIDC ID-token claims; do NOT use the returned values for authorization decisions on the server.

    • getAccessToken

      public String getAccessToken()

    • getIdToken

      public String getIdToken()

    • getRefreshToken

      public String getRefreshToken()

    • getTokenType

      public String getTokenType()

    • getScope

      public String getScope()

    • getExpiresAt

      public Date getExpiresAt()
      Absolute expiry instant, or null if the token endpoint did not return expires_in.

    • isExpired

      public boolean isExpired()
      true if getExpiresAt() is non-null and in the past.

    • isExpiringWithin

      public boolean isExpiringWithin(int leewaySeconds)
      true if getExpiresAt() is non-null and within leewaySeconds of the current time. Pass a small leeway (60 -- 120 seconds) when deciding whether to refresh proactively.

    • getIdTokenClaims

      public Map<String,Object> getIdTokenClaims()
      Read-only view of the ID token claims (empty if no ID token was returned).

    • getClaim

      public Object getClaim(String name)
      Convenience accessor for a single ID-token claim. Returns null when the claim is absent or the ID token is missing.

    • getStringClaim

      public String getStringClaim(String name)
      Convenience accessor for a string-valued claim.

    • getRawResponse

      public Map<String,Object> getRawResponse()
      The full, unmodified token-endpoint JSON. Useful for inspecting provider-specific fields (e.g. nonce_supported from Apple).

    • getSubject

      public String getSubject()
      sub claim from the ID token -- the stable, opaque user identifier within the issuer.

    • getEmail

      public String getEmail()
      email claim from the ID token, when present.

    • getName

      public String getName()
      name claim from the ID token, when present.

    • toAccessToken

      public AccessToken toAccessToken()
      Bridges into the legacy AccessToken API used by Login. The expiry is the absolute instant from getExpiresAt().