{"id":15046672,"url":"https://github.com/auth0/jwks-rsa-java","last_synced_at":"2025-05-15T02:10:37.194Z","repository":{"id":10775345,"uuid":"64866880","full_name":"auth0/jwks-rsa-java","owner":"auth0","description":null,"archived":false,"fork":false,"pushed_at":"2024-11-25T13:16:06.000Z","size":505,"stargazers_count":203,"open_issues_count":11,"forks_count":72,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-05-04T23:35:51.609Z","etag":null,"topics":["dx-sdk","hacktoberfest","jwks"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/auth0.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-08-03T17:50:23.000Z","updated_at":"2025-05-04T21:20:41.000Z","dependencies_parsed_at":"2024-01-03T01:24:33.620Z","dependency_job_id":"a564f45e-1304-4853-9cf7-5a5be84013f8","html_url":"https://github.com/auth0/jwks-rsa-java","commit_stats":{"total_commits":209,"total_committers":41,"mean_commits":5.097560975609756,"dds":0.6555023923444976,"last_synced_commit":"d877bd7e74510d905ded29468d8b8b7b6f9703ef"},"previous_names":[],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjwks-rsa-java","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjwks-rsa-java/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjwks-rsa-java/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjwks-rsa-java/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0","download_url":"https://codeload.github.com/auth0/jwks-rsa-java/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252908282,"owners_count":21823385,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dx-sdk","hacktoberfest","jwks"],"created_at":"2024-09-24T20:53:22.097Z","updated_at":"2025-05-15T02:10:32.185Z","avatar_url":"https://github.com/auth0.png","language":"Java","readme":"![A Java library for obtaining JSON Web Keys from a JWKS (JSON Web Key Set) endpoint.](https://cdn.auth0.com/website/sdks/banners/jwks-rsa-java-banner.png)\n\n![Build Status](https://img.shields.io/github/checks-status/auth0/jwks-rsa-java/master)\n[![Coverage Status](https://codecov.io/gh/auth0/jwks-rsa-java/branch/master/graph/badge.svg?style=flat-square)](https://codecov.io/github/auth0/jwks-rsa-java)\n[![License](http://img.shields.io/:license-mit-blue.svg?style=flat)](https://doge.mit-license.org/)\n[![Maven Central](https://img.shields.io/maven-central/v/com.auth0/jwks-rsa.svg?style=flat-square)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%20com.auth0%20a%3Ajwks-rsa)\n[![javadoc](https://javadoc.io/badge2/com.auth0/jwks-rsa-java/javadoc.svg)](https://javadoc.io/doc/com.auth0/jwks-rsa)\n\n\u003e **Note**\n\u003e As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.\n\u003e \n\u003e While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.\n\n:books: [Documentation](#documentation) - :rocket: [Getting Started](#getting-started) - :computer: [API Reference](#api-reference) :speech_balloon: [Feedback](#feedback)\n\n## Documentation\n- [Examples](./EXAMPLES.md) - code samples for common jwks-rsa-java scenarios.\n- [Docs site](https://www.auth0.com/docs) - explore our docs site and learn more about Auth0.\n\n## Getting Started\n\n### Requirements\n\nJava 8 or above.\n\n### Installation\n\nAdd the dependency via Maven:\n\n```xml\n\u003cdependency\u003e\n  \u003cgroupId\u003ecom.auth0\u003c/groupId\u003e\n  \u003cartifactId\u003ejwks-rsa\u003c/artifactId\u003e\n  \u003cversion\u003e0.22.1\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nor Gradle:\n\n```gradle\nimplementation 'com.auth0:jwks-rsa:0.22.1'\n```\n\n### Usage\n\nThe JSON Web Tokens you obtain from an authorization server include a [key id](https://tools.ietf.org/html/rfc7515#section-4.1.4) header parameter (\"kid\"), used to uniquely identify the Key used to sign the token.\n\nGiven the following JWT:\n\n```\neyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlJrSTVNakk1T1VZNU9EYzFOMFE0UXpNME9VWXpOa1ZHTVRKRE9VRXpRa0ZDT1RVM05qRTJSZyJ9.eyJpc3MiOiJodHRwczovL3NhbmRyaW5vLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1NjMyNTAxZjQ2OGYwZjE3NTZmNGNhYjAiLCJhdWQiOiJQN2JhQnRTc3JmQlhPY3A5bHlsMUZEZVh0ZmFKUzRyViIsImV4cCI6MTQ2ODk2NDkyNiwiaWF0IjoxNDY4OTI4OTI2fQ.NaNeRSDCNu522u4hcVhV65plQOiGPStgSzVW4vR0liZYQBlZ_3OKqCmHXsu28NwVHW7_KfVgOz4m3BK6eMDZk50dAKf9LQzHhiG8acZLzm5bNMU3iobSAJdRhweRht544ZJkzJ-scS1fyI4gaPS5aD3SaLRYWR0Xsb6N1HU86trnbn-XSYSspNqzIUeJjduEpPwC53V8E2r1WZXbqEHwM9_BGEeNTQ8X9NqCUvbQtnylgYR3mfJRL14JsCWNFmmamgNNHAI0uAJo84mu_03I25eVuCK0VYStLPd0XFEyMVFpk48Bg9KNWLMZ7OUGTB_uv_1u19wKYtqeTbt9m1YcPMQ\n```\n\nDecode it using a JWT library or tool like [jwt.io](https://jwt.io/?value=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlJrSTVNakk1T1VZNU9EYzFOMFE0UXpNME9VWXpOa1ZHTVRKRE9VRXpRa0ZDT1RVM05qRTJSZyJ9.eyJpc3MiOiJodHRwczovL3NhbmRyaW5vLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1NjMyNTAxZjQ2OGYwZjE3NTZmNGNhYjAiLCJhdWQiOiJQN2JhQnRTc3JmQlhPY3A5bHlsMUZEZVh0ZmFKUzRyViIsImV4cCI6MTQ2ODk2NDkyNiwiaWF0IjoxNDY4OTI4OTI2fQ.NaNeRSDCNu522u4hcVhV65plQOiGPStgSzVW4vR0liZYQBlZ_3OKqCmHXsu28NwVHW7_KfVgOz4m3BK6eMDZk50dAKf9LQzHhiG8acZLzm5bNMU3iobSAJdRhweRht544ZJkzJ-scS1fyI4gaPS5aD3SaLRYWR0Xsb6N1HU86trnbn-XSYSspNqzIUeJjduEpPwC53V8E2r1WZXbqEHwM9_BGEeNTQ8X9NqCUvbQtnylgYR3mfJRL14JsCWNFmmamgNNHAI0uAJo84mu_03I25eVuCK0VYStLPd0XFEyMVFpk48Bg9KNWLMZ7OUGTB_uv_1u19wKYtqeTbt9m1YcPMQ) and extract the `kid` parameter from the Header claims.\n\n```json\n{\n  \"typ\": \"JWT\",\n  \"alg\": \"RS256\",\n  \"kid\": \"RkI5MjI5OUY5ODc1N0Q4QzM0OUYzNkVGMTJDOUEzQkFCOTU3NjE2Rg\"\n}\n```\n\nThe `kid` value can then be used to obtain the JWK using a `JwkProvider`.\n\nCreate a `JWKProvider` using the domain from which to fetch the JWK. The provider will use the domain to build the URL `https:{your-domain}/.well-known/jwks.json`: \n\n```java\nJwkProvider provider = new JwkProviderBuilder(\"https://samples.auth0.com/\")\n    .build();\n```\n\nA `Jwk` can be obtained using the `get(String keyId)` method:\n\n```java\nJwk jwk = provider.get(\"{kid of the signing key}\"); // throws Exception when not found or can't get one\n```\n\nThe provider can be configured to cache JWKs to avoid unnecessary network requests, as well as only fetch the JWKs within a defined rate limit:\n\n```java\nJwkProvider provider = new JwkProviderBuilder(\"https://samples.auth0.com/\")\n        // up to 10 JWKs will be cached for up to 24 hours\n        .cached(10, 24, TimeUnit.HOURS)\n        // up to 10 JWKs can be retrieved within one minute\n        .rateLimited(10, 1, TimeUnit.MINUTES)\n        .build();\n```\n\nSee the [examples](./EXAMPLES.md) for additional configurations.\n\n## API Reference\n\n- [jwks-rsa-java JavaDocs](https://javadoc.io/doc/com.auth0/jwks-rsa/latest/)\n\n## Feedback\n\n### Contributing\n\nWe appreciate feedback and contribution to this repo! Before you get started, please see the following:\n\n- [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)\n- [Auth0's code of conduct guidelines]((https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md))\n\n### Raise an issue\nTo provide feedback or report a bug, [please raise an issue on our issue tracker](https://github.com/auth0/jwks-rsa-java/issues).\n\n### Vulnerability Reporting\nPlease do not report security vulnerabilities on the public Github issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png\"   width=\"150\"\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png\" width=\"150\"\u003e\n    \u003cimg alt=\"Auth0 Logo\" src=\"./auth0_light_mode.png\" width=\"150\"\u003e\n  \u003c/picture\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003eAuth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout \u003ca href=\"https://auth0.com/why-auth0\"\u003eWhy Auth0?\u003c/a\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\nThis project is licensed under the MIT license. See the \u003ca href=\"./LICENSE\"\u003e LICENSE\u003c/a\u003e file for more info.\u003c/p\u003e\n","funding_links":[],"categories":["Projects","安全","项目"],"sub_categories":["Security","安全"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fjwks-rsa-java","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauth0%2Fjwks-rsa-java","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fjwks-rsa-java/lists"}