An implementation of JSON Web Tokens developed against draft-ietf-oauth-json-web-token-08.
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>2.2.1</version>
</dependency>compile 'com.auth0:java-jwt:2.2.1'final String issuer = "https://mydomain.com/";
final String secret = "{{secret used for signing}}";
final long iat = System.currentTimeMillis() / 1000L; // issued at claim
final long exp = iat + 60L; // expires claim. In this case the token expires in 60 seconds
final JWTSigner signer = new JWTSigner(secret);
final HashMap<String, Object> claims = new HashMap<String, Object>();
claims.put("iss", issuer);
claims.put("exp", exp);
claims.put("iat", iat);
final String jwt = signer.sign(claims);final String secret = "{{secret used for signing}}";
try {
final JWTVerifier verifier = new JWTVerifier(secret);
final Map<String, Object> claims= verifier.verify(jwt);
} catch (JWTVerifyException e) {
// Invalid Token
}final String secret = "{{secret used for signing}}";
try {
final JWTVerifier verifier = new JWTVerifier(secret, "{{my-audience}}", "{{my-issuer}}");
final Map<String, Object> claims= verifier.verify(jwt);
} catch (JWTVerifyException e) {
// Invalid Token
}We believe existing JWT implementations in Java are either too complex or not tested enough. This library aims to be simple and achieve the right level of abstraction.
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
This project is licensed under the MIT license. See the LICENSE file for more info.