tessl/maven-com-auth0--java-jwt
A comprehensive Java implementation of JSON Web Token (JWT) with creation, signing, and verification capabilities for server-side JVM applications.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-com-auth0--java-jwt@4.5.00
# Java JWT
1
2
Java JWT is a comprehensive implementation of JSON Web Token (JWT) as specified in RFC 7519, designed specifically for server-side JVM applications. It provides extensive JWT creation, signing, and verification capabilities with support for multiple cryptographic algorithms including HMAC, RSA, and ECDSA signing methods.
3
4
## Package Information
5
6
- **Package Name**: com.auth0:java-jwt
7
- **Package Type**: maven
8
- **Language**: Java
9
- **Installation**: Add dependency to Maven pom.xml or Gradle build.gradle
10
11
Maven:
12
```xml
13
<dependency>
14
<groupId>com.auth0</groupId>
15
<artifactId>java-jwt</artifactId>
16
<version>4.5.0</version>
17
</dependency>
18
```
19
20
Gradle:
21
```gradle
22
implementation 'com.auth0:java-jwt:4.5.0'
23
```
24
25
## Core Imports
26
27
```java
28
import com.auth0.jwt.JWT;
29
import com.auth0.jwt.algorithms.Algorithm;
30
import com.auth0.jwt.interfaces.DecodedJWT;
31
import com.auth0.jwt.interfaces.JWTVerifier;
32
```
33
34
## Basic Usage
35
36
```java
37
import com.auth0.jwt.JWT;
38
import com.auth0.jwt.algorithms.Algorithm;
39
import com.auth0.jwt.interfaces.DecodedJWT;
40
import com.auth0.jwt.interfaces.JWTVerifier;
41
42
// Create a JWT token
43
Algorithm algorithm = Algorithm.HMAC256("secret");
44
String token = JWT.create()
45
.withIssuer("auth0")
46
.withSubject("user123")
47
.withExpiresAt(new Date(System.currentTimeMillis() + 3600000))
48
.sign(algorithm);
49
50
// Verify a JWT token
51
JWTVerifier verifier = JWT.require(algorithm)
52
.withIssuer("auth0")
53
.acceptLeeway(60) // 60 seconds leeway for time-based claims
54
.build();
55
DecodedJWT jwt = verifier.verify(token);
56
57
// Decode without verification (use with caution)
58
DecodedJWT decoded = JWT.decode(token);
59
String subject = decoded.getSubject();
60
```
61
62
## Architecture
63
64
Java JWT is built around several key components:
65
66
- **JWT Main Class**: Entry point providing static methods for token creation, verification, and decoding, plus instance methods for high-throughput decoding scenarios
67
- **Algorithm Factory**: Creates algorithm instances for different cryptographic methods (HMAC, RSA, ECDSA)
68
- **Builder Pattern**: Fluent interfaces for JWT creation (`JWTCreator.Builder`) and verification setup (`Verification`)
69
- **Key Providers**: Interfaces for dynamic key resolution supporting key rotation and multi-tenant scenarios
70
- **Claim System**: Type-safe access to JWT claims with automatic conversion and validation
71
- **Exception Hierarchy**: Comprehensive error handling for creation, verification, and decoding failures
72
73
## Capabilities
74
75
### JWT Creation
76
77
Core functionality for creating and signing JWT tokens with comprehensive claim support and multiple signing algorithms.
78
79
```java { .api }
80
public static JWTCreator.Builder create();
81
82
public interface JWTCreator.Builder {
83
Builder withIssuer(String issuer);
84
Builder withSubject(String subject);
85
Builder withAudience(String... audience);
86
Builder withExpiresAt(Date expiresAt);
87
Builder withClaim(String name, String value);
88
String sign(Algorithm algorithm);
89
}
90
```
91
92
[JWT Creation](./jwt-creation.md)
93
94
### JWT Verification
95
96
Comprehensive verification system with configurable claim validation, time leeway, and custom validation predicates.
97
98
```java { .api }
99
public static Verification require(Algorithm algorithm);
100
101
public interface Verification {
102
Verification withIssuer(String... issuer);
103
Verification withSubject(String subject);
104
Verification acceptLeeway(long leeway);
105
Verification withClaim(String name, String value);
106
JWTVerifier build();
107
}
108
109
public interface JWTVerifier {
110
DecodedJWT verify(String token);
111
}
112
```
113
114
[JWT Verification](./jwt-verification.md)
115
116
### JWT Decoding
117
118
Token decoding functionality for accessing JWT header, payload, and claims without signature verification.
119
120
```java { .api }
121
public static DecodedJWT decode(String token);
122
123
public interface DecodedJWT extends Payload, Header {
124
String getToken();
125
String getHeader();
126
String getPayload();
127
String getSignature();
128
}
129
```
130
131
[JWT Decoding](./jwt-decoding.md)
132
133
### Cryptographic Algorithms
134
135
Factory methods for creating algorithm instances supporting HMAC, RSA, and ECDSA signing methods with key provider support.
136
137
```java { .api }
138
// HMAC Algorithms
139
public static Algorithm HMAC256(String secret);
140
public static Algorithm HMAC384(byte[] secret);
141
public static Algorithm HMAC512(String secret);
142
143
// RSA Algorithms
144
public static Algorithm RSA256(RSAPublicKey publicKey, RSAPrivateKey privateKey);
145
public static Algorithm RSA384(RSAKeyProvider keyProvider);
146
public static Algorithm RSA512(RSAKey key);
147
148
// ECDSA Algorithms
149
public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey);
150
public static Algorithm ECDSA384(ECDSAKeyProvider keyProvider);
151
public static Algorithm ECDSA512(ECKey key);
152
```
153
154
[Cryptographic Algorithms](./algorithms.md)
155
156
### Claim Access
157
158
Type-safe claim access system with automatic type conversion and comprehensive getter methods for all standard JWT claims.
159
160
```java { .api }
161
public interface Payload {
162
String getIssuer();
163
String getSubject();
164
List<String> getAudience();
165
Date getExpiresAt();
166
Instant getExpiresAtAsInstant();
167
Claim getClaim(String name);
168
Map<String, Claim> getClaims();
169
}
170
171
public interface Claim {
172
String asString();
173
Integer asInt();
174
Boolean asBoolean();
175
Date asDate();
176
<T> List<T> asList(Class<T> clazz);
177
<T> T[] asArray(Class<T> clazz);
178
}
179
```
180
181
[Claim Access](./claims.md)
182
183
### Key Providers
184
185
Dynamic key resolution interfaces supporting key rotation, multi-tenant scenarios, and advanced key management patterns.
186
187
```java { .api }
188
public interface RSAKeyProvider extends KeyProvider<RSAPublicKey, RSAPrivateKey> {
189
RSAPublicKey getPublicKeyById(String keyId);
190
RSAPrivateKey getPrivateKey();
191
String getPrivateKeyId();
192
}
193
194
public interface ECDSAKeyProvider extends KeyProvider<ECPublicKey, ECPrivateKey> {
195
ECPublicKey getPublicKeyById(String keyId);
196
ECPrivateKey getPrivateKey();
197
String getPrivateKeyId();
198
}
199
```
200
201
[Key Providers](./key-providers.md)
202
203
## Types
204
205
```java { .api }
206
// Standard JWT claim name constants
207
public class RegisteredClaims {
208
public static final String ISSUER = "iss";
209
public static final String SUBJECT = "sub";
210
public static final String AUDIENCE = "aud";
211
public static final String EXPIRES_AT = "exp";
212
public static final String NOT_BEFORE = "nbf";
213
public static final String ISSUED_AT = "iat";
214
public static final String JWT_ID = "jti";
215
}
216
217
// JWT header parameter constants
218
public class HeaderParams {
219
public static final String ALGORITHM = "alg";
220
public static final String CONTENT_TYPE = "cty";
221
public static final String TYPE = "typ";
222
public static final String KEY_ID = "kid";
223
}
224
```