Java Jwt
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Next Auth | 17,037 |  | 21 | 73 | a day ago | 567 | August 01, 2022 | 247 | isc | TypeScript |
| Authentication for the Web. | ||||||||||
| Jwt | 6,975 |  | 6,817 | 535 | 3 days ago | 51 | August 19, 2022 | 10 | bsd-3-clause | PHP |
| A simple library to work with JSON Web Token and JSON Web Signature | ||||||||||
| Java Jwt | 5,254 | 1,902 | 289 | 2 days ago | 50 | June 24, 2022 | 3 | mit | Java | |
| Java implementation of JSON Web Token (JWT) | ||||||||||
| Pyjwt | 4,599 |  | 9,443 | 1,606 | 6 days ago | 45 | May 12, 2022 | 20 | mit | Python |
| JSON Web Token implementation in Python | ||||||||||
| Express Jwt | 4,320 |  | 12,538 | 724 | 4 months ago | 59 | May 31, 2022 | 44 | mit | TypeScript |
| connect/express middleware that validates a JsonWebToken (JWT) and set the req.user with the attributes | ||||||||||
| Learn Json Web Tokens | 4,164 | 4 months ago | 3 | April 15, 2019 | 20 | mit | JavaScript | |||
| :closed_lock_with_key: Learn how to use JSON Web Token (JWT) to secure your next Web App! (Tutorial/Example with Tests!!) | ||||||||||
| Jwt_tool | 3,982 | 2 months ago | 46 | gpl-3.0 | Python | |||||
| :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens | ||||||||||
| Paseto | 3,121 |  | 7 | 6 | a month ago | 24 | June 20, 2022 | other | PHP | |
| Platform-Agnostic Security Tokens | ||||||||||
| Cli | 3,020 | 78 | 19 hours ago | 265 | September 13, 2022 | 121 | apache-2.0 | Go | ||
| 🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. | ||||||||||
| Iot Technical Guide | 3,002 | 8 months ago | 10 | apache-2.0 | Java | |||||
| :honeybee: IoT Technical Guide --- 从零搭建高性能物联网平台及物联网解决方案和Thingsboard源码分析 :sparkles: :sparkles: :sparkles: (IoT Platform, SaaS, MQTT, CoAP, HTTP, Modbus, OPC, WebSocket, 物模型,Protobuf, PostgreSQL, MongoDB, Spring Security, OAuth2, RuleEngine, Kafka, Docker) | ||||||||||
Note As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.
While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.
📚 Documentation - 🚀 Getting Started - 💻 API Reference 💬 Feedback
Documentation
- Examples - code samples for common java-jwt scenarios.
- Docs site - explore our docs site and learn more about Auth0.
Getting Started
Requirements
This library is supported for Java LTS versions 8, 11, and 17. For issues on non-LTS versions above 8, consideration will be given on a case-by-case basis.
java-jwtis intended for server-side JVM applications. Android applications should use JWTDecode.Android.
java-jwt supports the following algorithms for both signing and verification:
| JWS | Algorithm | Description |
|---|---|---|
| HS256 | HMAC256 | HMAC with SHA-256 |
| HS384 | HMAC384 | HMAC with SHA-384 |
| HS512 | HMAC512 | HMAC with SHA-512 |
| RS256 | RSA256 | RSASSA-PKCS1-v1_5 with SHA-256 |
| RS384 | RSA384 | RSASSA-PKCS1-v1_5 with SHA-384 |
| RS512 | RSA512 | RSASSA-PKCS1-v1_5 with SHA-512 |
| ES256 | ECDSA256 | ECDSA with curve P-256 and SHA-256 |
| ES384 | ECDSA384 | ECDSA with curve P-384 and SHA-384 |
| ES512 | ECDSA512 | ECDSA with curve P-521 and SHA-512 |
Note - Support for ECDSA with curve secp256k1 and SHA-256 (ES256K) has been dropped since it has been disabled in Java 15
⚠️ Important security note: JVM has a critical vulnerability for ECDSA Algorithms - CVE-2022-21449. Please review the details of the vulnerability and update your environment.
Installation
Add the dependency via Maven:
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>4.4.0</version>
</dependency>
or Gradle:
implementation 'com.auth0:java-jwt:4.4.0'
Create a JWT
Use JWT.create(), configure the claims, and then call sign(algorithm) to sign the JWT.
The example below demonstrates this using the RS256 signing algorithm:
try {
Algorithm algorithm = Algorithm.RSA256(rsaPublicKey, rsaPrivateKey);
String token = JWT.create()
.withIssuer("auth0")
.sign(algorithm);
} catch (JWTCreationException exception){
// Invalid Signing configuration / Couldn't convert Claims.
}
Verify a JWT
Create a JWTVerifier passing the Algorithm, and specify any required claim values.
The following example uses RS256 to verify the JWT.
String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE";
DecodedJWT decodedJWT;
try {
Algorithm algorithm = Algorithm.RSA256(rsaPublicKey, rsaPrivateKey);
JWTVerifier verifier = JWT.require(algorithm)
// specify an specific claim validations
.withIssuer("auth0")
// reusable verifier instance
.build();
decodedJWT = verifier.verify(token);
} catch (JWTVerificationException exception){
// Invalid signature/claims
}
If the token has an invalid signature or the Claim requirement is not met, a JWTVerificationException will be thrown.
See the examples and JavaDocs for additional documentation.
API Reference
Feedback
Contributing
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
Raise an issue
To provide feedback or report a bug, please raise an issue on our issue tracker.
Vulnerability Reporting
Please do not report security vulnerabilities on the public Github issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.
