Java Jwt

Java implementation of JSON Web Token (JWT)
Alternatives To Java Jwt
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Next Auth17,0372173a day ago567August 01, 2022247iscTypeScript
Authentication for the Web.
Jwt6,9756,8175353 days ago51August 19, 202210bsd-3-clausePHP
A simple library to work with JSON Web Token and JSON Web Signature
Java Jwt5,2541,9022892 days ago50June 24, 20223mitJava
Java implementation of JSON Web Token (JWT)
Pyjwt4,5999,4431,6066 days ago45May 12, 202220mitPython
JSON Web Token implementation in Python
Express Jwt4,32012,5387244 months ago59May 31, 202244mitTypeScript
connect/express middleware that validates a JsonWebToken (JWT) and set the req.user with the attributes
Learn Json Web Tokens4,164
4 months ago3April 15, 201920mitJavaScript
:closed_lock_with_key: Learn how to use JSON Web Token (JWT) to secure your next Web App! (Tutorial/Example with Tests!!)
2 months ago46gpl-3.0Python
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
Paseto3,12176a month ago24June 20, 2022otherPHP
Platform-Agnostic Security Tokens
Cli3,0207819 hours ago265September 13, 2022121apache-2.0Go
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
Iot Technical Guide3,002
8 months ago10apache-2.0Java
:honeybee: IoT Technical Guide --- 从零搭建高性能物联网平台及物联网解决方案和Thingsboard源码分析 :sparkles: :sparkles: :sparkles: (IoT Platform, SaaS, MQTT, CoAP, HTTP, Modbus, OPC, WebSocket, 物模型,Protobuf, PostgreSQL, MongoDB, Spring Security, OAuth2, RuleEngine, Kafka, Docker)
Alternatives To Java Jwt
Select To Compare

Alternative Project Comparisons

Note As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.

While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.

A Java implementation of JSON Web Token (JWT) - RFC 7519.

CircleCI Coverage Status License Maven Central javadoc

📚 Documentation - 🚀 Getting Started - 💻 API Reference 💬 Feedback


  • Examples - code samples for common java-jwt scenarios.
  • Docs site - explore our docs site and learn more about Auth0.

Getting Started


This library is supported for Java LTS versions 8, 11, and 17. For issues on non-LTS versions above 8, consideration will be given on a case-by-case basis.

java-jwt is intended for server-side JVM applications. Android applications should use JWTDecode.Android.

java-jwt supports the following algorithms for both signing and verification:

JWS Algorithm Description
HS256 HMAC256 HMAC with SHA-256
HS384 HMAC384 HMAC with SHA-384
HS512 HMAC512 HMAC with SHA-512
RS256 RSA256 RSASSA-PKCS1-v1_5 with SHA-256
RS384 RSA384 RSASSA-PKCS1-v1_5 with SHA-384
RS512 RSA512 RSASSA-PKCS1-v1_5 with SHA-512
ES256 ECDSA256 ECDSA with curve P-256 and SHA-256
ES384 ECDSA384 ECDSA with curve P-384 and SHA-384
ES512 ECDSA512 ECDSA with curve P-521 and SHA-512

Note - Support for ECDSA with curve secp256k1 and SHA-256 (ES256K) has been dropped since it has been disabled in Java 15

⚠️ Important security note: JVM has a critical vulnerability for ECDSA Algorithms - CVE-2022-21449. Please review the details of the vulnerability and update your environment.


Add the dependency via Maven:


or Gradle:

implementation 'com.auth0:java-jwt:4.4.0'

Create a JWT

Use JWT.create(), configure the claims, and then call sign(algorithm) to sign the JWT.

The example below demonstrates this using the RS256 signing algorithm:

try {
    Algorithm algorithm = Algorithm.RSA256(rsaPublicKey, rsaPrivateKey);
    String token = JWT.create()
} catch (JWTCreationException exception){
    // Invalid Signing configuration / Couldn't convert Claims.

Verify a JWT

Create a JWTVerifier passing the Algorithm, and specify any required claim values.

The following example uses RS256 to verify the JWT.

String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE";
DecodedJWT decodedJWT;
try {
    Algorithm algorithm = Algorithm.RSA256(rsaPublicKey, rsaPrivateKey);
    JWTVerifier verifier = JWT.require(algorithm)
        // specify an specific claim validations
        // reusable verifier instance
    decodedJWT = verifier.verify(token);
} catch (JWTVerificationException exception){
    // Invalid signature/claims

If the token has an invalid signature or the Claim requirement is not met, a JWTVerificationException will be thrown.

See the examples and JavaDocs for additional documentation.

API Reference



We appreciate feedback and contribution to this repo! Before you get started, please see the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public Github issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Auth0 Logo

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.

Popular Jwt Projects
Popular Token Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.