java.lang.Object
- com.google.api.client.auth.openidconnect.IdTokenVerifier

```
@Beta
public class IdTokenVerifier
extends java.lang.Object
```
Beta
Thread-safe ID token verifier based on ID Token Validation.
Call verify(IdToken) to verify a ID token. This is a light-weight object, so you may use a new instance for each configuration of expected issuer and trusted client IDs. Sample usage:
```
    IdTokenVerifier verifier = new IdTokenVerifier.Builder()
        .setIssuer("issuer.example.com")
        .setAudience(Arrays.asList("myClientId"))
        .build();
    ...
    if (!verifier.verify(idToken)) {...}
 
```
Note that verify(IdToken) only implements a subset of the verification steps, mostly just the MUST steps. Please read Since:
1.16

Nested Class Summary

Nested Classes
Modifier and Type Class Description

static class IdTokenVerifier.Builder
Beta
Builder for IdTokenVerifier.

Field Summary

Fields
Modifier and Type Field Description

private long acceptableTimeSkewSeconds
Seconds of time skew to accept when verifying time.

private java.util.Collection<java.lang.String> audience
Unmodifiable list of trusted audience client IDs or null to suppress the audience check.

private com.google.api.client.util.Clock clock
Clock to use for expiration checks.

static long DEFAULT_TIME_SKEW_SECONDS
Default value for seconds of time skew to accept when verifying time (5 minutes).

private java.util.Collection<java.lang.String> issuers
Unmodifiable collection of equivalent expected issuers or null to suppress the issuer check.

Constructor Summary

Constructors
Modifier Constructor Description

IdTokenVerifier()

protected IdTokenVerifier(IdTokenVerifier.Builder builder)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type Method Description

long getAcceptableTimeSkewSeconds()
Returns the seconds of time skew to accept when verifying time.

java.util.Collection<java.lang.String> getAudience()
Returns the unmodifiable list of trusted audience client IDs or null to suppress the audience check.

com.google.api.client.util.Clock getClock()
Returns the clock.

java.lang.String getIssuer()
Returns the first of equivalent expected issuers or null if issuer check suppressed.

java.util.Collection<java.lang.String> getIssuers()
Returns the equivalent expected issuers or null if issuer check suppressed.

boolean verify(IdToken idToken)
Verifies that the given ID token is valid using the cached public keys.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - DEFAULT_TIME_SKEW_SECONDS
```
public static final long DEFAULT_TIME_SKEW_SECONDS
```
    Default value for seconds of time skew to accept when verifying time (5 minutes).
    
    See Also:
    
    Constant Field Values
  - clock
```
private final com.google.api.client.util.Clock clock
```
    Clock to use for expiration checks.
  - acceptableTimeSkewSeconds
```
private final long acceptableTimeSkewSeconds
```
    Seconds of time skew to accept when verifying time.
  - issuers
```
private final java.util.Collection<java.lang.String> issuers
```
    Unmodifiable collection of equivalent expected issuers or null to suppress the issuer check.
  - audience
```
private final java.util.Collection<java.lang.String> audience
```
    Unmodifiable list of trusted audience client IDs or null to suppress the audience check.
- Constructor Detail
  - IdTokenVerifier
```
public IdTokenVerifier()
```
  - IdTokenVerifier
```
protected IdTokenVerifier(IdTokenVerifier.Builder builder)
```
    Parameters:
    
    builder - builder
- Method Detail
  - getClock
```
public final com.google.api.client.util.Clock getClock()
```
    Returns the clock.
  - getAcceptableTimeSkewSeconds
```
public final long getAcceptableTimeSkewSeconds()
```
    Returns the seconds of time skew to accept when verifying time.
  - getIssuer
```
public final java.lang.String getIssuer()
```
    Returns the first of equivalent expected issuers or null if issuer check suppressed.
  - getIssuers
```
public final java.util.Collection<java.lang.String> getIssuers()
```
    Returns the equivalent expected issuers or null if issuer check suppressed.
    
    Since:
    
    1.21.0
  - getAudience
```
public final java.util.Collection<java.lang.String> getAudience()
```
    Returns the unmodifiable list of trusted audience client IDs or null to suppress the audience check.
  - verify
```
public boolean verify(IdToken idToken)
```
    Verifies that the given ID token is valid using the cached public keys. It verifies:
    
    The issuer is one of getIssuers() by calling IdToken.verifyIssuer(String).
    
    The audience is one of getAudience() by calling IdToken.verifyAudience(Collection).
    
    The current time against the issued at and expiration time, using the getClock() and allowing for a time skew specified in {#link getAcceptableTimeSkewSeconds() , by calling IdToken.verifyTime(long, long).
    
    Overriding is allowed, but it must call the super implementation.
    Parameters:
    
    idToken - ID token
    
    Returns:
    
    true if verified successfully or false if failed

Modifier and Type	Field	Description
`private long`	`acceptableTimeSkewSeconds`	Seconds of time skew to accept when verifying time.
`private java.util.Collection<java.lang.String>`	`audience`	Unmodifiable list of trusted audience client IDs or `null` to suppress the audience check.
`private com.google.api.client.util.Clock`	`clock`	Clock to use for expiration checks.
`static long`	`DEFAULT_TIME_SKEW_SECONDS`	Default value for seconds of time skew to accept when verifying time (5 minutes).
`private java.util.Collection<java.lang.String>`	`issuers`	Unmodifiable collection of equivalent expected issuers or `null` to suppress the issuer check.

Modifier	Constructor	Description
	`IdTokenVerifier()`
`protected`	`IdTokenVerifier(IdTokenVerifier.Builder builder)`

Modifier and Type	Method	Description
`long`	`getAcceptableTimeSkewSeconds()`	Returns the seconds of time skew to accept when verifying time.
`java.util.Collection<java.lang.String>`	`getAudience()`	Returns the unmodifiable list of trusted audience client IDs or `null` to suppress the audience check.
`com.google.api.client.util.Clock`	`getClock()`	Returns the clock.
`java.lang.String`	`getIssuer()`	Returns the first of equivalent expected issuers or `null` if issuer check suppressed.
`java.util.Collection<java.lang.String>`	`getIssuers()`	Returns the equivalent expected issuers or `null` if issuer check suppressed.
`boolean`	`verify(IdToken idToken)`	Verifies that the given ID token is valid using the cached public keys.

Class IdTokenVerifier

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

DEFAULT_TIME_SKEW_SECONDS

clock

acceptableTimeSkewSeconds

issuers

audience

Constructor Detail

IdTokenVerifier

IdTokenVerifier

Method Detail

getClock

getAcceptableTimeSkewSeconds

getIssuer

getIssuers

getAudience

verify