Java JWT

An implementation of JSON Web Tokens developed against draft-ietf-oauth-json-web-token-08.

Installation

Maven

<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>2.2.0</version>
</dependency>

Gradle

compile 'com.auth0:java-jwt:2.2.0'

Usage

Sign JWT (HS256)

final String issuer = "https://mydomain.com/";
final String secret = "{{a secret used for signing}}";

final long iat = System.currentTimeMillis() / 1000l; // issued at claim 
final long exp = iat + 60L; // expires claim. In this case the token expires in 60 seconds

final JWTSigner signer = new JWTSigner(secret);
final HashMap<String, Object> claims = new HashMap<String, Object>();
claims.put("iss", issuer);
claims.put("exp", exp);
claims.put("iat", iat);

final String jwt = signer.sign(claims);

Verify JWT (HS256)

final String secret = "{{secret used for signing}}";
try {
    final JWTVerifier verifier = new JWTVerifier(secret);
    final Map<String,Object> claims = verifier.verify(jwt);
} catch (JWTVerifyException e) {
    // Invalid Token
}

Validate aud & iss claims

final String secret = "{{secret used for signing}}";
try {
    final JWTVerifier verifier = new JWTVerifier(secret, "{{my-audience}}", "{{my-issuer}}");
    final Map<String,Object> claims = verifier.verify(jwt);
} catch (JWTVerifyException e) {
    // Invalid Token
}

Why another JSON Web Token implementation for Java?

We believe existing JWT implementations in Java are either too complex or not tested enough. This library aims to be simple and achieve the right level of abstraction.

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

Auth0

License

This project is licensed under the MIT license. See the LICENSE file for more info.

mziccard/java-jwt