Merge pull request auth0#100 from auth0/custom-header-claims

lbalmaceda · web-flow · commit d8064d2ad04f · 2016-11-14T17:27:37.000-03:00
Support for custom Header claims
diff --git a/README.md b/README.md
@@ -93,8 +93,6 @@ try {
         .withIssuer("auth0")
         .build(); //Reusable verifier instance
     JWT jwt = verifier.verify(token);
-} catch (JWTDecodeException exception){
-    //Invalid token
 } catch (JWTVerificationException exception){
     //Invalid signature/claims
 }
@@ -110,14 +108,11 @@ try {
         .withIssuer("auth0")
         .build(); //Reusable verifier instance
     JWT jwt = verifier.verify(token);
-} catch (JWTDecodeException exception){
-    //Invalid token
 } catch (JWTVerificationException exception){
     //Invalid signature/claims
 }
 ```
 
-If the token has an invalid syntax or the header or payload are not JSONs, a `JWTDecodeException` will raise.
 If the token has an invalid signature or the Claim requirement is not met, a `JWTVerificationException` will raise.
 
 
@@ -148,67 +143,110 @@ JWTVerifier verifier = JWT.require(Algorithm.RSA256(key))
 ```
 
 
-### Registered Claims
+### Header Claims
+
+#### Algorithm ("alg")
+
+Returns the Algorithm value or null if it's not defined in the Header.
+
+```java
+String algorithm = jwt.getAlgorithm();
+```
+
+#### Type ("typ")
+
+Returns the Type value or null if it's not defined in the Header.
+
+```java
+String type = jwt.getType();
+```
+
+#### Content Type ("cty")
+
+Returns the Content Type value or null if it's not defined in the Header.
+
+```java
+String contentType = jwt.getContentType();
+```
+
+#### Key Id ("kid")
+
+Returns the Key Id value or null if it's not defined in the Header.
+
+```java
+String keyId = jwt.getKeyId();
+```
+
+#### Private Claims
+
+Additional Claims defined in the token's Header can be obtained by calling `getHeaderClaim()` and passing the Claim name. A Claim will always be returned, even if it can't be found. You should always check for null values.
+
+```java
+Claim claim = jwt.getHeaderClaim("owner");
+```
+
+
+### Payload Claims
 
 #### Issuer ("iss")
 
-Returns the Issuer value or null if it's not defined.
+Returns the Issuer value or null if it's not defined in the Payload.
 
 ```java
 String issuer = jwt.getIssuer();
 ```
 
 #### Subject ("sub")
 
-Returns the Subject value or null if it's not defined.
+Returns the Subject value or null if it's not defined in the Payload.
 
 ```java
 String subject = jwt.getSubject();
 ```
 
 #### Audience ("aud")
 
-Returns the Audience value in or null if it's not defined.
+Returns the Audience value in or null if it's not defined in the Payload.
 
 ```java
 String[] audience = jwt.getAudience();
 ```
 
 #### Expiration Time ("exp")
 
-Returns the Expiration Time value or null if it's not defined.
+Returns the Expiration Time value or null if it's not defined in the Payload.
 
 ```java
 Date expiresAt = jwt.getExpiresAt();
 ```
 
 #### Not Before ("nbf")
 
-Returns the Not Before value or null if it's not defined.
+Returns the Not Before value or null if it's not defined in the Payload.
 
 ```java
 Date notBefore = jwt.getNotBefore();
 ```
 
 #### Issued At ("iat")
 
-Returns the Issued At value or null if it's not defined.
+Returns the Issued At value or null if it's not defined in the Payload.
 
 ```java
 Date issuedAt = jwt.getIssuedAt();
 ```
 
 #### JWT ID ("jti")
 
-Returns the JWT ID value or null if it's not defined.
+Returns the JWT ID value or null if it's not defined in the Payload.
 
 ```java
 String id = jwt.getId();
 ```
 
-### Private Claims
+#### Private Claims
 
-Additional Claims defined in the token can be obtained by calling `getClaim()` and passing the Claim name. A Claim will always be returned, even if it can't be found. You should always check for null values.
+Additional Claims defined in the token's Payload can be obtained by calling `getClaim()` and passing the Claim name. A Claim will always be returned, even if it can't be found. You should always check for null values.
 
 ```java
 Claim claim = jwt.getClaim("isAdmin");
diff --git a/lib/src/main/java/com/auth0/jwt/JWT.java b/lib/src/main/java/com/auth0/jwt/JWT.java
@@ -91,6 +91,11 @@ public Claim getClaim(String name) {
         return jwt.getClaim(name);
     }
 
+    @Override
+    public Claim getHeaderClaim(String name) {
+        return jwt.getHeaderClaim(name);
+    }
+
     @Override
     public String getAlgorithm() {
         return jwt.getAlgorithm();
@@ -105,4 +110,9 @@ public String getType() {
     public String getContentType() {
         return jwt.getContentType();
     }
+
+    @Override
+    public String getKeyId() {
+        return jwt.getKeyId();
+    }
 }
diff --git a/lib/src/main/java/com/auth0/jwt/JWTDecoder.java b/lib/src/main/java/com/auth0/jwt/JWTDecoder.java
@@ -67,6 +67,16 @@ public String getContentType() {
         return header.getContentType();
     }
 
+    @Override
+    public String getKeyId() {
+        return header.getKeyId();
+    }
+
+    @Override
+    public Claim getHeaderClaim(String name) {
+        return header.getHeaderClaim(name);
+    }
+
     @Override
     public String getIssuer() {
         return payload.getIssuer();
diff --git a/lib/src/main/java/com/auth0/jwt/JWTVerifier.java b/lib/src/main/java/com/auth0/jwt/JWTVerifier.java
@@ -162,7 +162,7 @@ public Verification withJWTId(String jwtId) {
         /**
          * Require a specific Claim value.
          *
-         * @param name the Claim's name
+         * @param name  the Claim's name
          * @param value the Claim's value. Must be an instance of Integer, Double, Boolean, Date or String class.
          * @return this same Verification instance.
          * @throws IllegalArgumentException if the name is null or the value class is not allowed.
@@ -229,10 +229,9 @@ private void requireClaim(String name, Object value) {
      *
      * @param token the String representation of the JWT.
      * @return a verified JWT.
-     * @throws JWTDecodeException       if any part of the Token contained an invalid JWT or JSON format.
      * @throws JWTVerificationException if any of the required contents inside the JWT is invalid.
      */
-    public JWT verify(String token) throws JWTDecodeException, JWTVerificationException {
+    public JWT verify(String token) throws JWTVerificationException {
         JWT jwt = new JWT(JWTDecoder.decode(token));
         verifyAlgorithm(jwt, algorithm);
         verifySignature(TokenUtils.splitToken(token));
diff --git a/lib/src/main/java/com/auth0/jwt/exceptions/JWTDecodeException.java b/lib/src/main/java/com/auth0/jwt/exceptions/JWTDecodeException.java
@@ -1,6 +1,6 @@
 package com.auth0.jwt.exceptions;
 
-public class JWTDecodeException extends RuntimeException {
+public class JWTDecodeException extends JWTVerificationException {
     public JWTDecodeException(String message) {
         this(message, null);
     }
diff --git a/lib/src/main/java/com/auth0/jwt/impl/HeaderImpl.java b/lib/src/main/java/com/auth0/jwt/impl/HeaderImpl.java
@@ -1,5 +1,6 @@
 package com.auth0.jwt.impl;
 
+import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.Header;
 import com.fasterxml.jackson.databind.JsonNode;
 
@@ -38,4 +39,14 @@ public String getType() {
     public String getContentType() {
         return extractClaim(CONTENT_TYPE, tree).asString();
     }
+
+    @Override
+    public String getKeyId() {
+        return extractClaim(KEY_ID, tree).asString();
+    }
+
+    @Override
+    public Claim getHeaderClaim(String name) {
+        return extractClaim(name, tree);
+    }
 }
diff --git a/lib/src/main/java/com/auth0/jwt/impl/PublicClaims.java b/lib/src/main/java/com/auth0/jwt/impl/PublicClaims.java
@@ -7,6 +7,7 @@ public abstract class PublicClaims {
     public static final String ALGORITHM = "alg";
     static final String CONTENT_TYPE = "cty";
     static final String TYPE = "typ";
+    static final String KEY_ID = "kid";
 
     //Payload
     public static final String ISSUER = "iss";
diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/Header.java b/lib/src/main/java/com/auth0/jwt/interfaces/Header.java
@@ -26,4 +26,19 @@ public interface Header {
      */
     String getContentType();
 
+
+    /**
+     * Get the value of the "kid" claim, or null if it's not available.
+     *
+     * @return the Key ID value or null.
+     */
+    String getKeyId();
+
+    /**
+     * Get a Private Claim given it's name. If the Claim wasn't specified in the Header, a BaseClaim will be returned.
+     *
+     * @param name the name of the Claim to retrieve.
+     * @return a non-null Claim.
+     */
+    Claim getHeaderClaim(String name);
 }
diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/Payload.java b/lib/src/main/java/com/auth0/jwt/interfaces/Payload.java
@@ -52,7 +52,7 @@ public interface Payload {
     /**
      * Get the value of the "jti" claim, or null if it's not available.
      *
-     * @return the Payload ID value or null.
+     * @return the JWT ID value or null.
      */
     String getId();
 
diff --git a/lib/src/test/java/com/auth0/jwt/JWTTest.java b/lib/src/test/java/com/auth0/jwt/JWTTest.java
@@ -307,6 +307,30 @@ public void shouldGetType() throws Exception {
         assertThat(jwt.getType(), is("JWS"));
     }
 
+    @Test
+    public void shouldGetKeyId() throws Exception {
+        String token = "eyJhbGciOiJIUzI1NiIsImtpZCI6ImtleSJ9.e30.von1Vt9tq9cn5ZYdX1f4cf2EE7fUvb5BCBlKOTm9YWs";
+        JWT jwt = JWT.require(Algorithm.HMAC256("secret"))
+                .build()
+                .verify(token);
+
+        assertThat(jwt, is(notNullValue()));
+        assertThat(jwt.getKeyId(), is("key"));
+    }
+
+    @Test
+    public void shouldGetCustomClaims() throws Exception {
+        String token = "eyJhbGciOiJIUzI1NiIsImlzQWRtaW4iOnRydWV9.eyJpc0FkbWluIjoibm9wZSJ9.YDKBAgUDbh0PkhioDcLNzdQ8c2Gdf_yS6zdEtJQS3F0";
+        JWT jwt = JWT.require(Algorithm.HMAC256("secret"))
+                .build()
+                .verify(token);
+
+        assertThat(jwt, is(notNullValue()));
+        assertThat(jwt.getHeaderClaim("isAdmin"), notNullValue());
+        assertThat(jwt.getHeaderClaim("isAdmin").asBoolean(), is(true));
+        assertThat(jwt.getClaim("isAdmin"), notNullValue());
+        assertThat(jwt.getClaim("isAdmin").asString(), is("nope"));
+    }
 
     // Sign
 
diff --git a/lib/src/test/java/com/auth0/jwt/impl/HeaderImplTest.java b/lib/src/test/java/com/auth0/jwt/impl/HeaderImplTest.java
@@ -9,6 +9,7 @@
 import org.junit.rules.ExpectedException;
 
 import java.util.HashMap;
+import java.util.Map;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
@@ -178,4 +179,46 @@ public void shouldGetNullContentTypeIfMissing() throws Exception {
         assertThat(header, is(notNullValue()));
         assertThat(header.getContentType(), is(nullValue()));
     }
+
+    @Test
+    public void shouldGetKeyId() throws Exception {
+        JsonNode kidNode = new TextNode("key");
+        HashMap<String, JsonNode> tree = new HashMap<>();
+        tree.put("kid", kidNode);
+        HeaderImpl header = new HeaderImpl(tree);
+
+        assertThat(header, is(notNullValue()));
+        assertThat(header.getKeyId(), is(notNullValue()));
+        assertThat(header.getKeyId(), is("key"));
+    }
+
+    @Test
+    public void shouldGetNullKeyIdIfMissing() throws Exception {
+        HashMap<String, JsonNode> tree = new HashMap<>();
+        HeaderImpl header = new HeaderImpl(tree);
+
+        assertThat(header, is(notNullValue()));
+        assertThat(header.getKeyId(), is(nullValue()));
+    }
+
+    @Test
+    public void shouldGetExtraClaim() throws Exception {
+        Map<String, JsonNode> tree = new HashMap<>();
+        tree.put("extraClaim", new TextNode("extraValue"));
+        HeaderImpl header = new HeaderImpl(tree);
+
+        assertThat(header, is(notNullValue()));
+        assertThat(header.getHeaderClaim("extraClaim"), is(instanceOf(ClaimImpl.class)));
+        assertThat(header.getHeaderClaim("extraClaim").asString(), is("extraValue"));
+    }
+
+    @Test
+    public void shouldGetNotNullExtraClaimIfMissing() throws Exception {
+        Map<String, JsonNode> tree = new HashMap<>();
+        HeaderImpl header = new HeaderImpl(tree);
+
+        assertThat(header, is(notNullValue()));
+        assertThat(header.getHeaderClaim("missing"), is(notNullValue()));
+        assertThat(header.getHeaderClaim("missing"), is(instanceOf(BaseClaim.class)));
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`package com.auth0.jwt.exceptions;`
`2`	`2`
`3`		`-public class JWTDecodeException extends RuntimeException {`
	`3`	`+public class JWTDecodeException extends JWTVerificationException {`
`4`	`4`	`public JWTDecodeException(String message) {`
`5`	`5`	`this(message, null);`
`6`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public interface Payload {`
`52`	`52`	`/**`
`53`	`53`	`* Get the value of the "jti" claim, or null if it's not available.`
`54`	`54`	`*`
`55`		`- * @return the Payload ID value or null.`
	`55`	`+ * @return the JWT ID value or null.`
`56`	`56`	`*/`
`57`	`57`	`String getId();`
`58`	`58`