api-services/org.cryptotrader.api.library.services.jwt/JwtTokenService

JwtTokenService

@Service
class JwtTokenService(rsaKeyService: RsaKeyService, @Value(value = "${security.jwt.issuer:https://api.cryptotrader.com}") issuer: String, @Value(value = "${security.jwt.ttl-seconds:300}") ttlSeconds: Long, @Value(value = "${security.jwt.audience:crypto-trader-api}") audienceCsv: String)

Issues and validates short-lived JWT access tokens.

Claims:

  • iss, aud, sub, iat, exp (TTL configurable via security.jwt.ttl-seconds, default 300s)

  • email (auxiliary)

  • cnf.jkt (optional): RFC7638 JWK thumbprint binding the token to a DPoP key

Signing:

  • RS256 with a stable kid provided by RsaKeyService; JWKS exposed by JwksController.

Constructors

Link copied to clipboard
constructor(rsaKeyService: RsaKeyService, @Value(value = "${security.jwt.issuer:https://api.cryptotrader.com}") issuer: String, @Value(value = "${security.jwt.ttl-seconds:300}") ttlSeconds: Long, @Value(value = "${security.jwt.audience:crypto-trader-api}") audienceCsv: String)

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
@JvmOverloads
fun generateToken(subject: String, email: String, jwkThumbprint: String? = null): String

Create a short-lived access token (JWT).

Link copied to clipboard
fun validateAndParse(token: String): JwtClaims

Validate and read an access token.