Class AuthenticationToken
public class AuthenticationToken extends Object
An authentication token (or "provider authentication token" or "provider token" in Apple's terminology) is a JSON Web Token (JWT) that contains cryptographically-signed claims about the identity of the sender that can be used by APNs clients in lieu of mutual TLS authentication to authenticate with an APNs server. Authentication tokens contain "claims" that identify the development team sending push notifications as well as the specific key used to sign the token.
When clients use token-based authentication, they send an authentication token with each push notification. Tokens
may expire, in which case clients must discard the old token and generate a new one. Callers generally do
not need to interact with authentication tokens directly; ApnsClient
instances
using token-based authentication will manage authentication tokens automatically.
Tokens may be constructed from an ApnsSigningKey
(for clients sending notifications) or from a
Base64-encoded JWT string (for servers verifying a token from a client).
Authentication tokens are immutable and thread-safe.
-
Constructor Summary
Constructors Constructor Description AuthenticationToken(ApnsSigningKey signingKey, Instant issuedAt)
Constructs a new authentication token using the given signing key (and associated metadata) issued at the given date.AuthenticationToken(String base64EncodedToken)
Constructs a new authentication token from a Base64-encoded JWT string. -
Method Summary
Modifier and Type Method Description boolean
equals(Object obj)
AsciiString
getAuthorizationHeader()
Returns a complete APNs authorization header value (i.e.Instant
getIssuedAt()
Returns the time at which this token was issued.String
getKeyId()
Returns the Apple-issued ID of the key used to sign this token.String
getTeamId()
Returns the Apple-issued ID of the team to which this authentication token's key pair belongs.int
hashCode()
String
toString()
Returns a Base64-encoded JWT representation of this authentication token.boolean
verifySignature(ApnsVerificationKey verificationKey)
Verifies the cryptographic signature of this authentication token.
-
Constructor Details
-
AuthenticationToken
public AuthenticationToken(ApnsSigningKey signingKey, Instant issuedAt) throws NoSuchAlgorithmException, InvalidKeyException, SignatureExceptionConstructs a new authentication token using the given signing key (and associated metadata) issued at the given date.- Parameters:
signingKey
- the signing key from which to derive metadata and with which to sign the tokenissuedAt
- the time at which the token was issued- Throws:
NoSuchAlgorithmException
- if the JVM doesn't support the "SHA256withECDSA" algorithmInvalidKeyException
- if the given key was invalid for any reasonSignatureException
- if the given key could not be used to sign the token
-
AuthenticationToken
Constructs a new authentication token from a Base64-encoded JWT string. Note that successfully creating a token from an encoded string does not imply that the token is valid.- Parameters:
base64EncodedToken
- a Base64-encoded JWT string
-
-
Method Details
-
getIssuedAt
Returns the time at which this token was issued.- Returns:
- the time at which this token was issued
-
getKeyId
Returns the Apple-issued ID of the key used to sign this token.- Returns:
- the Apple-issued ID of the key used to sign this token
-
getTeamId
Returns the Apple-issued ID of the team to which this authentication token's key pair belongs.- Returns:
- the Apple-issued ID of the team to which this authentication token's key pair belongs
-
verifySignature
public boolean verifySignature(ApnsVerificationKey verificationKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureExceptionVerifies the cryptographic signature of this authentication token.- Parameters:
verificationKey
- the verification key (public key) to be used to verify this token's signature- Returns:
true
if this token's signature was verified orfalse
otherwise- Throws:
NoSuchAlgorithmException
- if the JVM doesn't support the "SHA256withECDSA" algorithmInvalidKeyException
- if the given key was invalid for any reasonSignatureException
- if the given key could not be used to verify the token's signature
-
getAuthorizationHeader
Returns a complete APNs authorization header value (i.e. "bearer [token]") for this authentication token.- Returns:
- a complete APNs authorization header value for this authentication token
-
toString
Returns a Base64-encoded JWT representation of this authentication token. -
hashCode
public int hashCode() -
equals
-