Package org.rapidcontext.core.security

Class Token

java.lang.Object
org.rapidcontext.core.security.Token
public final class Token extends Object
A set of utility methods for handling authentication tokens.

  • Method Summary

    Modifier and Type
    Method
    Description
    static String
    createAuthToken(String secret, long expiry, String id)
    Deprecated, for removal: This API element is subject to removal in a future version.
    Use createLoginToken(User, long) instead
    static String
    createAuthToken(User user, long expiry)
    Deprecated, for removal: This API element is subject to removal in a future version.
    Use createLoginToken(User, long) instead
    static String
    createJwt(String secret, long expiry, Dict payload)
    Creates a JWT (JSON Web Token) with the specified payload.
    static String[]
    decodeAuthToken(String token)
    Deprecated, for removal: This API element is subject to removal in a future version.
    Use validateLoginToken(String) instead
    static Dict
    decodeJwt(String token)
    Decodes a JWT token payload without validation.
    static void
    validateAuthToken(User user, String token)
    Deprecated, for removal: This API element is subject to removal in a future version.
    Use validateLoginToken(String) instead
    static Dict
    validateJwt(String secret, String token)
    Validates a JWT (JSON Web Token) and returns the payload.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • createJwt

      public static String createJwt(String secret, long expiry, Dict payload)
      Creates a JWT (JSON Web Token) with the specified payload.
      Parameters:
      secret - the secret key to sign with
      expiry - the expiry timestamp (in millis)
      payload - the payload dictionary
      Returns:
      the JWT string
      Throws:
      SecurityException - if the token creation fails

    • decodeJwt

      public static Dict decodeJwt(String token)
      Decodes a JWT token payload without validation.
      Parameters:
      token - the JWT token string
      Returns:
      the token payload, or an empty dictionary on error

    • validateJwt

      public static Dict validateJwt(String secret, String token)
      Validates a JWT (JSON Web Token) and returns the payload.
      Parameters:
      secret - the secret key to verify with
      token - the JWT string
      Returns:
      the payload dictionary
      Throws:
      SecurityException - if the token is invalid or expired

    • createAuthToken

      @Deprecated(forRemoval=true) public static String createAuthToken(User user, long expiry)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use createLoginToken(User, long) instead
      Creates an authentication token for a user. The token contains the user id, an expiry timestamp and a validation hash based on both of these and the user password hash.
      Parameters:
      user - the user to create the token for
      expiry - the expiry timestamp (in millis)
      Returns:
      the authentication token
      Throws:
      SecurityException - if user isn't enabled or password isn't set
      See Also:

    • createAuthToken

      @Deprecated(forRemoval=true) public static String createAuthToken(String secret, long expiry, String id)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use createLoginToken(User, long) instead
      Creates a user authentication token. The token contains the user id, an expiry timestamp and a validation hash based on both of these and the secret.
      Parameters:
      secret - the secret key (password hash)
      expiry - the expiry timestamp (in millis)
      id - the user id
      Returns:
      the authentication token
      Throws:
      SecurityException - if the token secret or user id aren't valid
      See Also:

    • decodeAuthToken

      @Deprecated(forRemoval=true) public static String[] decodeAuthToken(String token)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use validateLoginToken(String) instead
      Decodes a user authentication token. This method always returns an array of length 3, even for syntactically incorrect tokens. It also guarantees that the expiry time is a valid long value.
      Parameters:
      token - the token string
      Returns:
      an array of user id, expiry time and validation hash
      See Also:

    • validateAuthToken

      @Deprecated(forRemoval=true) public static void validateAuthToken(User user, String token)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use validateLoginToken(String) instead
      Validates a user authentication token.
      Parameters:
      user - the user to validate the token for
      token - the authentication token
      Throws:
      SecurityException - if the token is invalid or expired
      See Also: