auth0 · jimmyjames · Apr 13, 2022 · Apr 13, 2022 · Apr 13, 2022 · Apr 13, 2022
diff --git a/lib/src/main/java/com/auth0/jwt/HeaderParams.java b/lib/src/main/java/com/auth0/jwt/HeaderParams.java
@@ -0,0 +1,29 @@
+package com.auth0.jwt;
+
+/**
+ * Contains constants representing the JWT header parameter names.
+ */
+public final class HeaderParams {
+
+    private HeaderParams() {}
+
+    /**
+     * The algorithm used to sign a JWT.
+     */
+    public static String ALGORITHM = "alg";
+
+    /**
+     * The content type of a JWT.
+     */
+    public static String CONTENT_TYPE = "cty";
+
+    /**
+     * The media type of a JWT.
+     */
+    public static String TYPE = "typ";
+
+    /**
+     * The key ID of a JWT used to specify the key for signature validation.
+     */
+    public static String KEY_ID = "kid";
+}
diff --git a/lib/src/main/java/com/auth0/jwt/JWTCreator.java b/lib/src/main/java/com/auth0/jwt/JWTCreator.java
@@ -104,7 +104,7 @@ public Builder withHeader(Map<String, Object> headerClaims) {
          * @return this same Builder instance.
          */
         public Builder withKeyId(String keyId) {
-            this.headerClaims.put(PublicClaims.KEY_ID, keyId);
+            this.headerClaims.put(HeaderParams.KEY_ID, keyId);
             return this;
         }
 
@@ -115,7 +115,7 @@ public Builder withKeyId(String keyId) {
          * @return this same Builder instance.
          */
         public Builder withIssuer(String issuer) {
-            addClaim(PublicClaims.ISSUER, issuer);
+            addClaim(RegisteredClaims.ISSUER, issuer);
             return this;
         }
 
@@ -126,7 +126,7 @@ public Builder withIssuer(String issuer) {
          * @return this same Builder instance.
          */
         public Builder withSubject(String subject) {
-            addClaim(PublicClaims.SUBJECT, subject);
+            addClaim(RegisteredClaims.SUBJECT, subject);
             return this;
         }
 
@@ -137,7 +137,7 @@ public Builder withSubject(String subject) {
          * @return this same Builder instance.
          */
         public Builder withAudience(String... audience) {
-            addClaim(PublicClaims.AUDIENCE, audience);
+            addClaim(RegisteredClaims.AUDIENCE, audience);
             return this;
         }
 
@@ -149,7 +149,7 @@ public Builder withAudience(String... audience) {
          * @return this same Builder instance.
          */
         public Builder withExpiresAt(Date expiresAt) {
-            addClaim(PublicClaims.EXPIRES_AT, expiresAt);
+            addClaim(RegisteredClaims.EXPIRES_AT, expiresAt);
             return this;
         }
 
@@ -161,7 +161,7 @@ public Builder withExpiresAt(Date expiresAt) {
          * @return this same Builder instance.
          */
         public Builder withExpiresAt(Instant expiresAt) {
-            addClaim(PublicClaims.EXPIRES_AT, expiresAt);
+            addClaim(RegisteredClaims.EXPIRES_AT, expiresAt);
             return this;
         }
 
@@ -173,7 +173,7 @@ public Builder withExpiresAt(Instant expiresAt) {
          * @return this same Builder instance.
          */
         public Builder withNotBefore(Date notBefore) {
-            addClaim(PublicClaims.NOT_BEFORE, notBefore);
+            addClaim(RegisteredClaims.NOT_BEFORE, notBefore);
             return this;
         }
 
@@ -185,7 +185,7 @@ public Builder withNotBefore(Date notBefore) {
          * @return this same Builder instance.
          */
         public Builder withNotBefore(Instant notBefore) {
-            addClaim(PublicClaims.NOT_BEFORE, notBefore);
+            addClaim(RegisteredClaims.NOT_BEFORE, notBefore);
             return this;
         }
 
@@ -197,7 +197,7 @@ public Builder withNotBefore(Instant notBefore) {
          * @return this same Builder instance.
          */
         public Builder withIssuedAt(Date issuedAt) {
-            addClaim(PublicClaims.ISSUED_AT, issuedAt);
+            addClaim(RegisteredClaims.ISSUED_AT, issuedAt);
             return this;
         }
 
@@ -209,7 +209,7 @@ public Builder withIssuedAt(Date issuedAt) {
          * @return this same Builder instance.
          */
         public Builder withIssuedAt(Instant issuedAt) {
-            addClaim(PublicClaims.ISSUED_AT, issuedAt);
+            addClaim(RegisteredClaims.ISSUED_AT, issuedAt);
             return this;
         }
 
@@ -220,7 +220,7 @@ public Builder withIssuedAt(Instant issuedAt) {
          * @return this same Builder instance.
          */
         public Builder withJWTId(String jwtId) {
-            addClaim(PublicClaims.JWT_ID, jwtId);
+            addClaim(RegisteredClaims.JWT_ID, jwtId);
             return this;
         }
 
@@ -543,9 +543,9 @@ public String sign(Algorithm algorithm) throws IllegalArgumentException, JWTCrea
             if (algorithm == null) {
                 throw new IllegalArgumentException("The Algorithm cannot be null.");
             }
-            headerClaims.put(PublicClaims.ALGORITHM, algorithm.getName());
-            if (!headerClaims.containsKey(PublicClaims.TYPE)) {
-                headerClaims.put(PublicClaims.TYPE, "JWT");
+            headerClaims.put(HeaderParams.ALGORITHM, algorithm.getName());
+            if (!headerClaims.containsKey(HeaderParams.TYPE)) {
+                headerClaims.put(HeaderParams.TYPE, "JWT");
             }
             String signingKeyId = algorithm.getSigningKeyId();
             if (signingKeyId != null) {

diff --git a/lib/src/main/java/com/auth0/jwt/JWTVerifier.java b/lib/src/main/java/com/auth0/jwt/JWTVerifier.java
@@ -3,7 +3,6 @@
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.*;
 import com.auth0.jwt.impl.JWTParser;
-import com.auth0.jwt.impl.PublicClaims;
 import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.auth0.jwt.impl.ExpectedCheckHolder;
@@ -71,13 +70,13 @@ public static class BaseVerification implements Verification {
         @Override
         public Verification withIssuer(String... issuer) {
             List<String> value = isNullOrEmpty(issuer) ? null : Arrays.asList(issuer);
-            addCheck(PublicClaims.ISSUER, ((claim, decodedJWT) -> {
+            addCheck(RegisteredClaims.ISSUER, ((claim, decodedJWT) -> {
                 if (verifyNull(claim, value)) {
                     return true;
                 }
                 if (value == null || !value.contains(claim.asString())) {
                     throw new IncorrectClaimException(
-                            "The Claim 'iss' value doesn't match the required issuer.", PublicClaims.ISSUER, claim);
+                            "The Claim 'iss' value doesn't match the required issuer.", RegisteredClaims.ISSUER, claim);
                 }
                 return true;
             }));
@@ -86,21 +85,21 @@ public Verification withIssuer(String... issuer) {
 
         @Override
         public Verification withSubject(String subject) {
-            addCheck(PublicClaims.SUBJECT, (claim, decodedJWT) ->
+            addCheck(RegisteredClaims.SUBJECT, (claim, decodedJWT) ->
                     verifyNull(claim, subject) || subject.equals(claim.asString()));
             return this;
         }
 
         @Override
         public Verification withAudience(String... audience) {
             List<String> value = isNullOrEmpty(audience) ? null : Arrays.asList(audience);
-            addCheck(PublicClaims.AUDIENCE, ((claim, decodedJWT) -> {
+            addCheck(RegisteredClaims.AUDIENCE, ((claim, decodedJWT) -> {
                 if (verifyNull(claim, value)) {
                     return true;
                 }
                 if (!assertValidAudienceClaim(decodedJWT.getAudience(), value, true)) {
                     throw new IncorrectClaimException("The Claim 'aud' value doesn't contain the required audience.",
-                            PublicClaims.AUDIENCE, claim);
+                            RegisteredClaims.AUDIENCE, claim);
                 }
                 return true;
             }));
@@ -110,13 +109,13 @@ public Verification withAudience(String... audience) {
         @Override
         public Verification withAnyOfAudience(String... audience) {
             List<String> value = isNullOrEmpty(audience) ? null : Arrays.asList(audience);
-            addCheck(PublicClaims.AUDIENCE, ((claim, decodedJWT) -> {
+            addCheck(RegisteredClaims.AUDIENCE, ((claim, decodedJWT) -> {
                 if (verifyNull(claim, value)) {
                     return true;
                 }
                 if (!assertValidAudienceClaim(decodedJWT.getAudience(), value, false)) {
                     throw new IncorrectClaimException("The Claim 'aud' value doesn't contain the required audience.",
-                            PublicClaims.AUDIENCE, claim);
+                            RegisteredClaims.AUDIENCE, claim);
                 }
                 return true;
             }));
@@ -133,21 +132,21 @@ public Verification acceptLeeway(long leeway) throws IllegalArgumentException {
         @Override
         public Verification acceptExpiresAt(long leeway) throws IllegalArgumentException {
             assertPositive(leeway);
-            customLeeways.put(PublicClaims.EXPIRES_AT, leeway);
+            customLeeways.put(RegisteredClaims.EXPIRES_AT, leeway);
             return this;
         }
 
         @Override
         public Verification acceptNotBefore(long leeway) throws IllegalArgumentException {
             assertPositive(leeway);
-            customLeeways.put(PublicClaims.NOT_BEFORE, leeway);
+            customLeeways.put(RegisteredClaims.NOT_BEFORE, leeway);
             return this;
         }
 
         @Override
         public Verification acceptIssuedAt(long leeway) throws IllegalArgumentException {
             assertPositive(leeway);
-            customLeeways.put(PublicClaims.ISSUED_AT, leeway);
+            customLeeways.put(RegisteredClaims.ISSUED_AT, leeway);
             return this;
         }
 
@@ -159,7 +158,7 @@ public Verification ignoreIssuedAt() {
 
         @Override
         public Verification withJWTId(String jwtId) {
-            addCheck(PublicClaims.JWT_ID, ((claim, decodedJWT) ->
+            addCheck(RegisteredClaims.JWT_ID, ((claim, decodedJWT) ->
                     verifyNull(claim, jwtId) || jwtId.equals(claim.asString())));
             return this;
         }
@@ -297,17 +296,17 @@ public long getLeewayFor(String name) {
         }
 
         private void addMandatoryClaimChecks() {
-            long expiresAtLeeway = getLeewayFor(PublicClaims.EXPIRES_AT);
-            long notBeforeLeeway = getLeewayFor(PublicClaims.NOT_BEFORE);
-            long issuedAtLeeway = getLeewayFor(PublicClaims.ISSUED_AT);
-
-            expectedChecks.add(constructExpectedCheck(PublicClaims.EXPIRES_AT, (claim, decodedJWT) ->
-                    assertValidInstantClaim(PublicClaims.EXPIRES_AT, claim, expiresAtLeeway, true)));
-            expectedChecks.add(constructExpectedCheck(PublicClaims.NOT_BEFORE, (claim, decodedJWT) ->
-                    assertValidInstantClaim(PublicClaims.NOT_BEFORE, claim, notBeforeLeeway, false)));
+            long expiresAtLeeway = getLeewayFor(RegisteredClaims.EXPIRES_AT);
+            long notBeforeLeeway = getLeewayFor(RegisteredClaims.NOT_BEFORE);
+            long issuedAtLeeway = getLeewayFor(RegisteredClaims.ISSUED_AT);
+
+            expectedChecks.add(constructExpectedCheck(RegisteredClaims.EXPIRES_AT, (claim, decodedJWT) ->
+                    assertValidInstantClaim(RegisteredClaims.EXPIRES_AT, claim, expiresAtLeeway, true)));
+            expectedChecks.add(constructExpectedCheck(RegisteredClaims.NOT_BEFORE, (claim, decodedJWT) ->
+                    assertValidInstantClaim(RegisteredClaims.NOT_BEFORE, claim, notBeforeLeeway, false)));
             if (!ignoreIssuedAt) {
-                expectedChecks.add(constructExpectedCheck(PublicClaims.ISSUED_AT, (claim, decodedJWT) ->
-                        assertValidInstantClaim(PublicClaims.ISSUED_AT, claim, issuedAtLeeway, false)));
+                expectedChecks.add(constructExpectedCheck(RegisteredClaims.ISSUED_AT, (claim, decodedJWT) ->
+                        assertValidInstantClaim(RegisteredClaims.ISSUED_AT, claim, issuedAtLeeway, false)));
             }
         }
 

diff --git a/lib/src/main/java/com/auth0/jwt/RegisteredClaims.java b/lib/src/main/java/com/auth0/jwt/RegisteredClaims.java
@@ -0,0 +1,48 @@
+package com.auth0.jwt;
+
+/**
+ * Contains constants representing the name of the Registered Claim Names as defined in Section 4.1.1 of
+ * <a href="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1">RFC 7529</a>
+ */
+public final class RegisteredClaims {
+
+    private RegisteredClaims() {
+    }
+
+    /**
+     * The "iss" (issuer) claim identifies the principal that issued the JWT.
+     */
+    public static String ISSUER = "iss";
+
+    /**
+     * The "sub" (subject) claim identifies the principal that is the subject of the JWT.
+     */
+    public static String SUBJECT = "sub";
+
+    /**
+     * The "aud" (audience) claim identifies the recipients that the JWT is intended for.
+     */
+    public static String AUDIENCE = "aud";
+
+    /**
+     * The "exp" (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be
+     * accepted for processing.
+     */
+    public static String EXPIRES_AT = "exp";
+
+    /**
+     * The "nbf" (not before) claim identifies the time before which the JWT MUST NOT be accepted for processing.
+     */
+    public static String NOT_BEFORE = "nbf";
+
+    /**
+     * The "iat" (issued at) claim identifies the time at which the JWT was issued.
+     */
+    public static String ISSUED_AT = "iat";
+
+    /**
+     * The "jti" (JWT ID) claim provides a unique identifier for the JWT.
+     */
+    public static String JWT_ID = "jti";
+
+}
diff --git a/lib/src/main/java/com/auth0/jwt/impl/HeaderDeserializer.java b/lib/src/main/java/com/auth0/jwt/impl/HeaderDeserializer.java
@@ -1,5 +1,6 @@
 package com.auth0.jwt.impl;
 
+import com.auth0.jwt.HeaderParams;
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.type.TypeReference;
@@ -40,10 +41,10 @@ public BasicHeader deserialize(JsonParser p, DeserializationContext ctxt) throws
             throw new JWTDecodeException("Parsing the Header's JSON resulted on a Null map");
         }
 
-        String algorithm = getString(tree, PublicClaims.ALGORITHM);
-        String type = getString(tree, PublicClaims.TYPE);
-        String contentType = getString(tree, PublicClaims.CONTENT_TYPE);
-        String keyId = getString(tree, PublicClaims.KEY_ID);
+        String algorithm = getString(tree, HeaderParams.ALGORITHM);
+        String type = getString(tree, HeaderParams.TYPE);
+        String contentType = getString(tree, HeaderParams.CONTENT_TYPE);
+        String keyId = getString(tree, HeaderParams.KEY_ID);
         return new BasicHeader(algorithm, type, contentType, keyId, tree, objectReader);
     }
 

diff --git a/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java b/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java
@@ -1,5 +1,6 @@
 package com.auth0.jwt.impl;
 
+import com.auth0.jwt.RegisteredClaims;
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.auth0.jwt.interfaces.Payload;
 import com.fasterxml.jackson.core.JsonParser;
@@ -43,13 +44,13 @@ public Payload deserialize(JsonParser p, DeserializationContext ctxt) throws IOE
             throw new JWTDecodeException("Parsing the Payload's JSON resulted on a Null map");
         }
 
-        String issuer = getString(tree, PublicClaims.ISSUER);
-        String subject = getString(tree, PublicClaims.SUBJECT);
-        List<String> audience = getStringOrArray(tree, PublicClaims.AUDIENCE);
-        Instant expiresAt = getInstantFromSeconds(tree, PublicClaims.EXPIRES_AT);
-        Instant notBefore = getInstantFromSeconds(tree, PublicClaims.NOT_BEFORE);
-        Instant issuedAt = getInstantFromSeconds(tree, PublicClaims.ISSUED_AT);
-        String jwtId = getString(tree, PublicClaims.JWT_ID);
+        String issuer = getString(tree, RegisteredClaims.ISSUER);
+        String subject = getString(tree, RegisteredClaims.SUBJECT);
+        List<String> audience = getStringOrArray(tree, RegisteredClaims.AUDIENCE);
+        Instant expiresAt = getInstantFromSeconds(tree, RegisteredClaims.EXPIRES_AT);
+        Instant notBefore = getInstantFromSeconds(tree, RegisteredClaims.NOT_BEFORE);
+        Instant issuedAt = getInstantFromSeconds(tree, RegisteredClaims.ISSUED_AT);
+        String jwtId = getString(tree, RegisteredClaims.JWT_ID);
 
         return new PayloadImpl(issuer, subject, audience, expiresAt, notBefore, issuedAt, jwtId, tree, objectReader);
     }

diff --git a/lib/src/main/java/com/auth0/jwt/impl/PayloadSerializer.java b/lib/src/main/java/com/auth0/jwt/impl/PayloadSerializer.java
@@ -1,5 +1,6 @@
 package com.auth0.jwt.impl;
 
+import com.auth0.jwt.RegisteredClaims;
 import com.fasterxml.jackson.core.JsonGenerator;
 
 import java.io.IOException;
@@ -22,7 +23,7 @@ public PayloadSerializer() {
 
     @Override
     protected void writeClaim(Map.Entry<String, Object> entry, JsonGenerator gen) throws IOException {
-        if (PublicClaims.AUDIENCE.equals(entry.getKey())) {
+        if (RegisteredClaims.AUDIENCE.equals(entry.getKey())) {
             writeAudience(gen, entry);
         } else {
             super.writeClaim(entry, gen);