JwtVerificationService.java 文件源码

private JwtClaims getJwtClaims(String token) {
    HttpsJwks httpsJkws = new HttpsJwks(jwksBaseURL);
    HttpsJwksVerificationKeyResolver httpsJwksKeyResolver = new HttpsJwksVerificationKeyResolver(httpsJkws);
    JwtConsumer jwtConsumer = new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(3600)
            .setExpectedIssuer(jwksIssuer)
            // whom the JWT needs to have been issued by
            .setExpectedAudience(jwksAudience).setVerificationKeyResolver(httpsJwksKeyResolver).build();
    try {
        // Validate the JWT and process it to the Claims
        JwtClaims jwtClaims = jwtConsumer.processToClaims(token);

        return jwtClaims;
    } catch (InvalidJwtException e) {
        // Anyway here throws the exception , so no need to log the error.
        // log the error if required from where this function invokes
        // logger.error("Invalid JWT! " + e);
        throw new AuthenticationServiceException("Invalid Token");
    }
}