Class SignedTokenVerificationOptions (1.68.0)

Options to use when verifying signed JWTs.

Creates a new instance of SignedTokenVerificationOptions with default values for all options (or null for those whose default is unset).

Creates a new instance of SignedTokenVerificationOptions by copying over all the values from other.

The URL from where to obtain certificates from. May be null, in which case, default certificate locations will be used:

• For RS256 signed certificates, https://www.googleapis.com/oauth2/v3/certs will be used.
• For ES256 signed certificates, https://www.gstatic.com/iap/verify/public_key-jwk will be used.

Clock tolerance for the expiration check. Causes a JWT to pass validation up to this duration after it really expired; this is to allow for possible local-client clock skew. Defaults to zero. Internal to be used only for backward compatibility.

Clock tolerance for the issued-at check. Causes a JWT to pass validation up to this duration before it is really valid; this is to allow for possible local-client clock skew. Defaults to zero. Internal to be used only for backward compatibility.

Trusted audiences for the token. All the audiences the token is intended for should be in the trusted audiences list. If the list is empty, the token audience won't be verified.

List of trusted issuers to verify the token issuer against. The token issuer must be contained in this list. May be null, in which case the token issuer won't be verified.