Package com.eatthepath.pushy.apns.auth

Class AuthenticationToken

java.lang.Object
com.eatthepath.pushy.apns.auth.AuthenticationToken
public class AuthenticationToken extends Object

An authentication token (or "provider authentication token" or "provider token" in Apple's terminology) is a JSON Web Token (JWT) that contains cryptographically-signed claims about the identity of the sender that can be used by APNs clients in lieu of mutual TLS authentication to authenticate with an APNs server. Authentication tokens contain "claims" that identify the development team sending push notifications as well as the specific key used to sign the token.

When clients use token-based authentication, they send an authentication token with each push notification. Tokens may expire, in which case clients must discard the old token and generate a new one. Callers generally do not need to interact with authentication tokens directly; ApnsClient instances using token-based authentication will manage authentication tokens automatically.

Tokens may be constructed from an ApnsSigningKey (for clients sending notifications) or from a Base64-encoded JWT string (for servers verifying a token from a client).

Authentication tokens are immutable and thread-safe.

See Also:

  • Constructor Details

    • AuthenticationToken

      public AuthenticationToken(ApnsSigningKey signingKey, Instant issuedAt)
      Constructs a new authentication token using the given signing key (and associated metadata) issued at the given date.
      Parameters:
      signingKey - the signing key from which to derive metadata and with which to sign the token
      issuedAt - the time at which the token was issued

    • AuthenticationToken

      public AuthenticationToken(String base64EncodedToken)
      Constructs a new authentication token from a Base64-encoded JWT string. Note that successfully creating a token from an encoded string does not imply that the token is valid.
      Parameters:
      base64EncodedToken - a Base64-encoded JWT string

  • Method Details

    • getIssuedAt

      public Instant getIssuedAt()
      Returns the time at which this token was issued.
      Returns:
      the time at which this token was issued

    • getKeyId

      public String getKeyId()
      Returns the Apple-issued ID of the key used to sign this token.
      Returns:
      the Apple-issued ID of the key used to sign this token

    • getTeamId

      public String getTeamId()
      Returns the Apple-issued ID of the team to which this authentication token's key pair belongs.
      Returns:
      the Apple-issued ID of the team to which this authentication token's key pair belongs

    • verifySignature

      public boolean verifySignature(ApnsVerificationKey verificationKey)
      Verifies the cryptographic signature of this authentication token.
      Parameters:
      verificationKey - the verification key (public key) to be used to verify this token's signature
      Returns:
      true if this token's signature was verified or false otherwise

    • getAuthorizationHeader

      public AsciiString getAuthorizationHeader()
      Returns a complete APNs authorization header value (i.e. "bearer [token]") for this authentication token.
      Returns:
      a complete APNs authorization header value for this authentication token

    • toString

      public String toString()
      Returns a Base64-encoded JWT representation of this authentication token.
      Overrides:
      toString in class Object
      Returns:
      a Base64-encoded JWT representation of this authentication token

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object