Merge pull request #266 from XeroAPI/sid-development

Add Auth0 library for verifying JWTs

pom.xml

@@ -5,7 +5,7 @@
     <artifactId>xero-java</artifactId>
     <packaging>jar</packaging>
     <name>xero-java</name>
-    <version>4.7.1</version>
+    <version>4.7.2</version>
     <url>https://github.com/XeroAPI/Xero-Java</url>
     <description>This is the official Java SDK for Xero API</description>
     <licenses>
@@ -43,6 +43,11 @@
 		    <artifactId>java-jwt</artifactId>
 		    <version>3.8.1</version>
 		</dependency>
+		<dependency>
+		    <groupId>com.auth0</groupId>
+		    <artifactId>jwks-rsa</artifactId>
+		    <version>0.17.0</version>
+		</dependency>
 		<dependency>
             <groupId>com.google.api-client</groupId>
             <artifactId>google-api-client</artifactId>

src/main/java/com/xero/api/ApiClient.java

@@ -16,6 +16,17 @@
 import com.google.api.client.json.Json;
 import java.io.IOException;
 import java.io.OutputStream;
+import com.auth0.jwk.Jwk;
+import com.auth0.jwk.JwkException;
+import com.auth0.jwk.JwkProvider;
+import com.auth0.jwk.UrlJwkProvider;
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.interfaces.RSAPublicKey;
 
 
 public class ApiClient {
@@ -115,9 +126,24 @@ public void writeTo(OutputStream out) throws IOException {
     }
 
     // Builder pattern to get API instances for this client.
-
     public AccountingApi accountingApi() {
         return new AccountingApi(this);
     }
+
+    public DecodedJWT verify(String accessToken) throws MalformedURLException, JwkException {
+
+    	DecodedJWT unverifiedJWT = JWT.decode(accessToken);        
+    	JwkProvider provider = new UrlJwkProvider(new URL("https://identity.xero.com/.well-known/openid-configuration/jwks"));
+		Jwk jwk = provider.get(unverifiedJWT.getKeyId());
+
+		Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(),null);
+
+		JWTVerifier verifier = JWT.require(algorithm)
+				 .withIssuer("https://identity.xero.com")
+				 .build();
+		DecodedJWT verifiedJWT = verifier.verify(accessToken);
+
+    	return verifiedJWT;
+    }
 
 }

src/main/java/com/xero/api/client/AccountingApi.java

@@ -97,7 +97,7 @@ public class AccountingApi {
   private ApiClient apiClient;
   private static AccountingApi instance = null;
   private String userAgent = "Default";
-  private String version = "4.7.1";
+  private String version = "4.7.2";
   static final Logger logger = LoggerFactory.getLogger(AccountingApi.class);
 
   public AccountingApi() {

src/main/java/com/xero/api/client/AssetApi.java

@@ -47,7 +47,7 @@ public class AssetApi {
   private ApiClient apiClient;
   private static AssetApi instance = null;
   private String userAgent = "Default";
-  private String version = "4.7.1";
+  private String version = "4.7.2";
   static final Logger logger = LoggerFactory.getLogger(AssetApi.class);
 
   public AssetApi() {

src/main/java/com/xero/api/client/BankFeedsApi.java

@@ -45,7 +45,7 @@ public class BankFeedsApi {
   private ApiClient apiClient;
   private static BankFeedsApi instance = null;
   private String userAgent = "Default";
-  private String version = "4.7.1";
+  private String version = "4.7.2";
   static final Logger logger = LoggerFactory.getLogger(BankFeedsApi.class);
 
   public BankFeedsApi() {

src/main/java/com/xero/api/client/FilesApi.java

@@ -52,7 +52,7 @@ public class FilesApi {
   private ApiClient apiClient;
   private static FilesApi instance = null;
   private String userAgent = "Default";
-  private String version = "4.7.1";
+  private String version = "4.7.2";
   static final Logger logger = LoggerFactory.getLogger(FilesApi.class);
 
   public FilesApi() {

src/main/java/com/xero/api/client/IdentityApi.java

@@ -43,7 +43,7 @@ public class IdentityApi {
   private ApiClient apiClient;
   private static IdentityApi instance = null;
   private String userAgent = "Default";
-  private String version = "4.7.1";
+  private String version = "4.7.2";
   static final Logger logger = LoggerFactory.getLogger(IdentityApi.class);
 
   public IdentityApi() {

src/main/java/com/xero/api/client/PayrollAuApi.java

@@ -62,7 +62,7 @@ public class PayrollAuApi {
   private ApiClient apiClient;
   private static PayrollAuApi instance = null;
   private String userAgent = "Default";
-  private String version = "4.7.1";
+  private String version = "4.7.2";
   static final Logger logger = LoggerFactory.getLogger(PayrollAuApi.class);
 
   public PayrollAuApi() {

src/main/java/com/xero/api/client/PayrollNzApi.java

@@ -104,7 +104,7 @@ public class PayrollNzApi {
   private ApiClient apiClient;
   private static PayrollNzApi instance = null;
   private String userAgent = "Default";
-  private String version = "4.7.1";
+  private String version = "4.7.2";
   static final Logger logger = LoggerFactory.getLogger(PayrollNzApi.class);
 
   public PayrollNzApi() {

src/main/java/com/xero/api/client/PayrollUkApi.java

@@ -104,7 +104,7 @@ public class PayrollUkApi {
   private ApiClient apiClient;
   private static PayrollUkApi instance = null;
   private String userAgent = "Default";
-  private String version = "4.7.1";
+  private String version = "4.7.2";
   static final Logger logger = LoggerFactory.getLogger(PayrollUkApi.class);
 
   public PayrollUkApi() {

src/main/java/com/xero/api/client/ProjectApi.java

@@ -54,7 +54,7 @@ public class ProjectApi {
   private ApiClient apiClient;
   private static ProjectApi instance = null;
   private String userAgent = "Default";
-  private String version = "4.7.1";
+  private String version = "4.7.2";
   static final Logger logger = LoggerFactory.getLogger(ProjectApi.class);
 
   public ProjectApi() {