{"id":13409075,"url":"https://github.com/auth0/java-jwt","last_synced_at":"2025-05-06T02:04:18.342Z","repository":{"id":14795411,"uuid":"17517521","full_name":"auth0/java-jwt","owner":"auth0","description":"Java implementation of JSON Web Token (JWT)","archived":false,"fork":false,"pushed_at":"2025-01-29T14:39:18.000Z","size":1516,"stargazers_count":6022,"open_issues_count":13,"forks_count":936,"subscribers_count":218,"default_branch":"master","last_synced_at":"2025-05-06T02:04:09.177Z","etag":null,"topics":["dx-sdk","java","jwt"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/auth0.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-03-07T15:06:11.000Z","updated_at":"2025-05-05T16:03:27.000Z","dependencies_parsed_at":"2023-12-19T17:02:38.382Z","dependency_job_id":"b0f06953-11b1-4943-b608-f3c407702be1","html_url":"https://github.com/auth0/java-jwt","commit_stats":{"total_commits":403,"total_committers":63,"mean_commits":6.396825396825397,"dds":0.6178660049627791,"last_synced_commit":"fb6d00ad9773c6e7624c518feb2d06ed191287fa"},"previous_names":[],"tags_count":59,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjava-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjava-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjava-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjava-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0","download_url":"https://codeload.github.com/auth0/java-jwt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252606965,"owners_count":21775415,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dx-sdk","java","jwt"],"created_at":"2024-07-30T20:00:57.809Z","updated_at":"2025-05-06T02:04:18.308Z","avatar_url":"https://github.com/auth0.png","language":"Java","readme":"\u003e **Note**\n\u003e As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.\n\u003e\n\u003e While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.\n\n![A Java implementation of JSON Web Token (JWT) - RFC 7519.](https://cdn.auth0.com/website/sdks/banners/java-jwt-banner.png)\n\n![Build Status](https://img.shields.io/github/checks-status/auth0/java-jwt/master)\n[![Coverage Status](https://img.shields.io/codecov/c/github/auth0/java-jwt.svg?style=flat-square)](https://codecov.io/github/auth0/java-jwt)\n[![License](http://img.shields.io/:license-mit-blue.svg?style=flat)](https://doge.mit-license.org/)\n[![Maven Central](https://img.shields.io/maven-central/v/com.auth0/java-jwt.svg?style=flat-square)](https://mvnrepository.com/artifact/com.auth0/java-jwt)\n[![javadoc](https://javadoc.io/badge2/com.auth0/auth0/javadoc.svg)](https://javadoc.io/doc/com.auth0/java-jwt)\n\n:books: [Documentation](#documentation) - :rocket: [Getting Started](#getting-started) - :computer: [API Reference](#api-reference) :speech_balloon: [Feedback](#feedback)\n\n## Documentation\n- [Examples](./EXAMPLES.md) - code samples for common java-jwt scenarios.\n- [Docs site](https://www.auth0.com/docs) - explore our docs site and learn more about Auth0.\n\n## Getting Started\n\n### Requirements\n\nThis library is supported for Java LTS versions 8, 11, and 17. For issues on non-LTS versions above 8, consideration will be given on a case-by-case basis.\n\n\u003e `java-jwt` is intended for server-side JVM applications. Android applications should use [JWTDecode.Android](https://github.com/auth0/JWTDecode.Android).\n\n`java-jwt` supports the following algorithms for both signing and verification:\n\n| JWS | Algorithm | Description |\n| :-------------: | :-------------: | :----- |\n| HS256 | HMAC256 | HMAC with SHA-256 |\n| HS384 | HMAC384 | HMAC with SHA-384 |\n| HS512 | HMAC512 | HMAC with SHA-512 |\n| RS256 | RSA256 | RSASSA-PKCS1-v1_5 with SHA-256 |\n| RS384 | RSA384 | RSASSA-PKCS1-v1_5 with SHA-384 |\n| RS512 | RSA512 | RSASSA-PKCS1-v1_5 with SHA-512 |\n| ES256 | ECDSA256 | ECDSA with curve P-256 and SHA-256 |\n| ES384 | ECDSA384 | ECDSA with curve P-384 and SHA-384 |\n| ES512 | ECDSA512 | ECDSA with curve P-521 and SHA-512 |\n\n\u003e Note - Support for ECDSA with curve secp256k1 and SHA-256 (ES256K) has been dropped since it has been [disabled in Java 15](https://www.oracle.com/java/technologies/javase/15-relnote-issues.html#JDK-8237219)\n\n\u003e :warning:  **Important security note:** JVM has a critical vulnerability for ECDSA Algorithms - [CVE-2022-21449](https://nvd.nist.gov/vuln/detail/CVE-2022-21449). Please review the details of the vulnerability and update your environment.\n### Installation\n\nAdd the dependency via Maven:\n\n```xml\n\u003cdependency\u003e\n  \u003cgroupId\u003ecom.auth0\u003c/groupId\u003e\n  \u003cartifactId\u003ejava-jwt\u003c/artifactId\u003e\n  \u003cversion\u003e4.5.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nor Gradle:\n\n```gradle\nimplementation 'com.auth0:java-jwt:4.5.0'\n```\n\n### Create a JWT\n\nUse `JWT.create()`, configure the claims, and then call `sign(algorithm)` to sign the JWT.\n\nThe example below demonstrates this using the `RS256` signing algorithm:\n\n```java\ntry {\n    Algorithm algorithm = Algorithm.RSA256(rsaPublicKey, rsaPrivateKey);\n    String token = JWT.create()\n        .withIssuer(\"auth0\")\n        .sign(algorithm);\n} catch (JWTCreationException exception){\n    // Invalid Signing configuration / Couldn't convert Claims.\n}\n```\n\n### Verify a JWT\n\nCreate a `JWTVerifier` passing the `Algorithm`, and specify any required claim values.\n\nThe following example uses `RS256` to verify the JWT.\n\n```java\nString token = \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE\";\nDecodedJWT decodedJWT;\ntry {\n    Algorithm algorithm = Algorithm.RSA256(rsaPublicKey, rsaPrivateKey);\n    JWTVerifier verifier = JWT.require(algorithm)\n        // specify any specific claim validations\n        .withIssuer(\"auth0\")\n        // reusable verifier instance\n        .build();\n        \n    decodedJWT = verifier.verify(token);\n} catch (JWTVerificationException exception){\n    // Invalid signature/claims\n}\n```\n\nIf the token has an invalid signature or the Claim requirement is not met, a `JWTVerificationException` will be thrown.\n\nSee the [examples](./EXAMPLES.md) and [JavaDocs](https://javadoc.io/doc/com.auth0/java-jwt/latest) for additional documentation.\n\n## API Reference\n\n- [java-jwt JavaDocs](https://javadoc.io/doc/com.auth0/java-jwt/latest)\n\n## Feedback\n\n### Contributing\n\nWe appreciate feedback and contribution to this repo! Before you get started, please see the following:\n\n- [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)\n- [Auth0's code of conduct guidelines]((https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md))\n\n### Raise an issue\nTo provide feedback or report a bug, [please raise an issue on our issue tracker](https://github.com/auth0/java-jwt/issues).\n\n### Vulnerability Reporting\nPlease do not report security vulnerabilities on the public Github issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png\"   width=\"150\"\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png\" width=\"150\"\u003e\n    \u003cimg alt=\"Auth0 Logo\" src=\"./auth0_light_mode.png\" width=\"150\"\u003e\n  \u003c/picture\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003eAuth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout \u003ca href=\"https://auth0.com/why-auth0\"\u003eWhy Auth0?\u003c/a\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\nThis project is licensed under the MIT license. See the \u003ca href=\"./LICENSE\"\u003e LICENSE\u003c/a\u003e file for more info.\u003c/p\u003e\n","funding_links":[],"categories":["JWT Libraries","Java","安全","Libraries"],"sub_categories":["Java"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fjava-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauth0%2Fjava-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fjava-jwt/lists"}