tessl/maven-com-auth0--java-jwt
A comprehensive Java implementation of JSON Web Token (JWT) with creation, signing, and verification capabilities for server-side JVM applications.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-com-auth0--java-jwt@4.5.0index.mddocs/
Java JWT
Java JWT is a comprehensive implementation of JSON Web Token (JWT) as specified in RFC 7519, designed specifically for server-side JVM applications. It provides extensive JWT creation, signing, and verification capabilities with support for multiple cryptographic algorithms including HMAC, RSA, and ECDSA signing methods.
Package Information
- Package Name: com.auth0:java-jwt
- Package Type: maven
- Language: Java
- Installation: Add dependency to Maven pom.xml or Gradle build.gradle
Maven:
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>4.5.0</version>
</dependency>Gradle:
implementation 'com.auth0:java-jwt:4.5.0'Core Imports
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;Basic Usage
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
// Create a JWT token
Algorithm algorithm = Algorithm.HMAC256("secret");
String token = JWT.create()
.withIssuer("auth0")
.withSubject("user123")
.withExpiresAt(new Date(System.currentTimeMillis() + 3600000))
.sign(algorithm);
// Verify a JWT token
JWTVerifier verifier = JWT.require(algorithm)
.withIssuer("auth0")
.acceptLeeway(60) // 60 seconds leeway for time-based claims
.build();
DecodedJWT jwt = verifier.verify(token);
// Decode without verification (use with caution)
DecodedJWT decoded = JWT.decode(token);
String subject = decoded.getSubject();Architecture
Java JWT is built around several key components:
- JWT Main Class: Entry point providing static methods for token creation, verification, and decoding, plus instance methods for high-throughput decoding scenarios
- Algorithm Factory: Creates algorithm instances for different cryptographic methods (HMAC, RSA, ECDSA)
- Builder Pattern: Fluent interfaces for JWT creation (
JWTCreator.Builder) and verification setup (Verification) - Key Providers: Interfaces for dynamic key resolution supporting key rotation and multi-tenant scenarios
- Claim System: Type-safe access to JWT claims with automatic conversion and validation
- Exception Hierarchy: Comprehensive error handling for creation, verification, and decoding failures
Capabilities
JWT Creation
Core functionality for creating and signing JWT tokens with comprehensive claim support and multiple signing algorithms.
public static JWTCreator.Builder create();
public interface JWTCreator.Builder {
Builder withIssuer(String issuer);
Builder withSubject(String subject);
Builder withAudience(String... audience);
Builder withExpiresAt(Date expiresAt);
Builder withClaim(String name, String value);
String sign(Algorithm algorithm);
}JWT Verification
Comprehensive verification system with configurable claim validation, time leeway, and custom validation predicates.
public static Verification require(Algorithm algorithm);
public interface Verification {
Verification withIssuer(String... issuer);
Verification withSubject(String subject);
Verification acceptLeeway(long leeway);
Verification withClaim(String name, String value);
JWTVerifier build();
}
public interface JWTVerifier {
DecodedJWT verify(String token);
}JWT Decoding
Token decoding functionality for accessing JWT header, payload, and claims without signature verification.
public static DecodedJWT decode(String token);
public interface DecodedJWT extends Payload, Header {
String getToken();
String getHeader();
String getPayload();
String getSignature();
}Cryptographic Algorithms
Factory methods for creating algorithm instances supporting HMAC, RSA, and ECDSA signing methods with key provider support.
// HMAC Algorithms
public static Algorithm HMAC256(String secret);
public static Algorithm HMAC384(byte[] secret);
public static Algorithm HMAC512(String secret);
// RSA Algorithms
public static Algorithm RSA256(RSAPublicKey publicKey, RSAPrivateKey privateKey);
public static Algorithm RSA384(RSAKeyProvider keyProvider);
public static Algorithm RSA512(RSAKey key);
// ECDSA Algorithms
public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey);
public static Algorithm ECDSA384(ECDSAKeyProvider keyProvider);
public static Algorithm ECDSA512(ECKey key);Claim Access
Type-safe claim access system with automatic type conversion and comprehensive getter methods for all standard JWT claims.
public interface Payload {
String getIssuer();
String getSubject();
List<String> getAudience();
Date getExpiresAt();
Instant getExpiresAtAsInstant();
Claim getClaim(String name);
Map<String, Claim> getClaims();
}
public interface Claim {
String asString();
Integer asInt();
Boolean asBoolean();
Date asDate();
<T> List<T> asList(Class<T> clazz);
<T> T[] asArray(Class<T> clazz);
}Key Providers
Dynamic key resolution interfaces supporting key rotation, multi-tenant scenarios, and advanced key management patterns.
public interface RSAKeyProvider extends KeyProvider<RSAPublicKey, RSAPrivateKey> {
RSAPublicKey getPublicKeyById(String keyId);
RSAPrivateKey getPrivateKey();
String getPrivateKeyId();
}
public interface ECDSAKeyProvider extends KeyProvider<ECPublicKey, ECPrivateKey> {
ECPublicKey getPublicKeyById(String keyId);
ECPrivateKey getPrivateKey();
String getPrivateKeyId();
}Types
// Standard JWT claim name constants
public class RegisteredClaims {
public static final String ISSUER = "iss";
public static final String SUBJECT = "sub";
public static final String AUDIENCE = "aud";
public static final String EXPIRES_AT = "exp";
public static final String NOT_BEFORE = "nbf";
public static final String ISSUED_AT = "iat";
public static final String JWT_ID = "jti";
}
// JWT header parameter constants
public class HeaderParams {
public static final String ALGORITHM = "alg";
public static final String CONTENT_TYPE = "cty";
public static final String TYPE = "typ";
public static final String KEY_ID = "kid";
}