{"id":32477155,"url":"https://github.com/cuioss/oauth-sheriff","last_synced_at":"2025-10-26T22:58:35.341Z","repository":{"id":280479246,"uuid":"940485168","full_name":"cuioss/OAuth-Sheriff","owner":"cuioss","description":"A comprehensive framework for handling JWT tokens in multi-issuer environments.","archived":false,"fork":false,"pushed_at":"2025-10-17T18:50:51.000Z","size":7843,"stargazers_count":0,"open_issues_count":13,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-10-17T21:10:38.196Z","etag":null,"topics":["java","jwt-token","oauth","oauth2","offline-validation"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cuioss.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-28T09:03:02.000Z","updated_at":"2025-10-14T07:15:26.000Z","dependencies_parsed_at":"2025-03-25T20:25:27.842Z","dependency_job_id":"c715f330-80e4-417a-a085-623c2d98a622","html_url":"https://github.com/cuioss/OAuth-Sheriff","commit_stats":null,"previous_names":["cuioss/cui-jwt-token-handling","cuioss/cui-jwt-validation","cuioss/cui-jwt","cuioss/oauth-sheriff"],"tags_count":0,"template":false,"template_full_name":"cuioss/cui-java-module-template","purl":"pkg:github/cuioss/OAuth-Sheriff","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cuioss%2FOAuth-Sheriff","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cuioss%2FOAuth-Sheriff/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cuioss%2FOAuth-Sheriff/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cuioss%2FOAuth-Sheriff/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cuioss","download_url":"https://codeload.github.com/cuioss/OAuth-Sheriff/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cuioss%2FOAuth-Sheriff/sbom","scorecard":{"id":193854,"data":{"date":"2025-08-16T19:59:05Z","repo":{"name":"github.com/cuioss/cui-jwt","commit":"69a2968bb6fbd0ace428ba689030fadde6c0d2e6"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":6.3,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/benchmark.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/claude.yml:22","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/claude.yml:23","Info: jobLevel 'issues' permission set to 'read': .github/workflows/claude.yml:24","Info: jobLevel 'actions' permission set to 'read': .github/workflows/claude.yml:26","Info: jobLevel 'checks' permission set to 'read': .github/workflows/scorecards.yml:35","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:29","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:30","Info: jobLevel 'issues' permission set to 'read': .github/workflows/scorecards.yml:32","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/scorecards.yml:33","Info: topLevel permissions set to 'read-all': .github/workflows/benchmark.yml:12","Warn: no topLevel permission defined: .github/workflows/claude.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13","Warn: no topLevel permission defined: .github/workflows/integration-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/maven-release.yml:1","Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/26 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/claude.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/cuioss/cui-jwt/claude.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/claude.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/cuioss/cui-jwt/claude.yml/main?enable=pin","Warn: containerImage not pinned by hash: cui-jwt-quarkus-parent/cui-jwt-quarkus-integration-tests/src/main/docker/Dockerfile.native.distroless:3: pin your Docker image by updating quay.io/quarkus/quarkus-distroless-image:2.0 to quay.io/quarkus/quarkus-distroless-image:2.0@sha256:47beee6a8010602e08112b5817d01565d5b376f34052d40e6f4edb953753848b","Warn: containerImage not pinned by hash: cui-jwt-quarkus-parent/cui-jwt-quarkus-integration-tests/src/main/docker/Dockerfile.native.jfr:3: pin your Docker image by updating quay.io/quarkus/ubi9-quarkus-micro-image:2.0 to quay.io/quarkus/ubi9-quarkus-micro-image:2.0@sha256:c31352c4a040cbc0206b9bba28d2e7d4b61f74a79f85f76ec65d0464a072cc82","Info:  20 out of  21 GitHub-owned GitHubAction dependencies pinned","Info:  16 out of  17 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":3,"reason":"SAST tool is not run on all commits -- score normalized to 3","details":["Warn: 2 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/maven.yml:89"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"CI-Tests","score":10,"reason":"6 out of 6 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: found contributions from: gip mbh"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T21:23:52.439Z","repository_id":280479246,"created_at":"2025-08-16T21:23:52.439Z","updated_at":"2025-08-16T21:23:52.439Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281185457,"owners_count":26457747,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-26T02:00:06.575Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","jwt-token","oauth","oauth2","offline-validation"],"created_at":"2025-10-26T22:58:32.694Z","updated_at":"2025-10-26T22:58:35.336Z","avatar_url":"https://github.com/cuioss.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"= oauth-sheriff-core\n:toc: macro\n:toclevels: 3\n:sectnumlevels: 1\n\n[.discrete]\n== Status\n\n**Build \u0026 Quality**\n\nimage:https://github.com/cuioss/OAuth-Sheriff/actions/workflows/maven.yml/badge.svg?branch=main[Java CI with Maven,link=https://github.com/cuioss/OAuth-Sheriff/actions/workflows/maven.yml]\nimage:https://github.com/cuioss/OAuth-Sheriff/actions/workflows/integration-tests.yml/badge.svg?branch=main[Integration Tests,link=https://github.com/cuioss/OAuth-Sheriff/actions/workflows/integration-tests.yml]\n\nimage:https://img.shields.io/github/last-commit/cuioss/OAuth-Sheriff/main[Last Build,link=https://github.com/cuioss/OAuth-Sheriff/commits/main]\nimage:http://img.shields.io/:license-apache-blue.svg[License,link=http://www.apache.org/licenses/LICENSE-2.0.html]\nimage:https://img.shields.io/maven-central/v/de.cuioss.sheriff.oauth/oauth-sheriff-parent.svg?label=Maven%20Central[\"Maven Central\", link=\"https://central.sonatype.com/artifact/de.cuioss.sheriff.oauth/oauth-sheriff-parent\"]\n\nimage:https://sonarcloud.io/api/project_badges/measure?project=cuioss_OAuth-Sheriff\u0026metric=alert_status[Quality Gate Status,link=https://sonarcloud.io/summary/new_code?id=cuioss_OAuth-Sheriff]\nimage:https://sonarcloud.io/api/project_badges/measure?project=cuioss_OAuth-Sheriff\u0026metric=ncloc[Lines of Code,link=https://sonarcloud.io/summary/new_code?id=cuioss_OAuth-Sheriff]\nimage:https://sonarcloud.io/api/project_badges/measure?project=cuioss_OAuth-Sheriff\u0026metric=coverage[Coverage,link=https://sonarcloud.io/summary/new_code?id=cuioss_OAuth-Sheriff]\n\n**Performance Benchmarks**\n\nimage:https://github.com/cuioss/OAuth-Sheriff/actions/workflows/benchmark.yml/badge.svg[JMH Benchmarks,link=https://github.com/cuioss/OAuth-Sheriff/actions/workflows/benchmark.yml]\nimage:https://img.shields.io/endpoint?url=https://cuioss.github.io/OAuth-Sheriff/benchmarks/badges/last-run-badge.json[Last Benchmark Run,link=https://cuioss.github.io/OAuth-Sheriff/benchmarks/]\n\n*Micro Benchmarks*\n\nimage:https://img.shields.io/endpoint?url=https://cuioss.github.io/OAuth-Sheriff/benchmarks/badges/performance-badge.json[JWT Performance Score,link=https://cuioss.github.io/OAuth-Sheriff/benchmarks/micro/]\nimage:https://img.shields.io/endpoint?url=https://cuioss.github.io/OAuth-Sheriff/benchmarks/badges/trend-badge.json[Performance Trend,link=https://cuioss.github.io/OAuth-Sheriff/benchmarks/micro/trends.html]\n\n*Integration Benchmarks*\n\nimage:https://img.shields.io/endpoint?url=https://cuioss.github.io/OAuth-Sheriff/benchmarks/badges/integration-performance-badge.json[Integration Performance,link=https://cuioss.github.io/OAuth-Sheriff/benchmarks/integration/]\nimage:https://img.shields.io/endpoint?url=https://cuioss.github.io/OAuth-Sheriff/benchmarks/badges/integration-trend-badge.json[Integration Trend,link=https://cuioss.github.io/OAuth-Sheriff/benchmarks/integration/trends.html]\n\nxref:benchmarking/doc/performance-scoring.adoc[Understanding Performance Metrics]\n\n[.discrete]\n== What is it?\n\nA comprehensive library for validating JWT tokens in multi-issuer environments with a focus on offline validation.\n\ntoc::[]\n\n== Motivation\n\n=== Why another JWT-Library?\n\nThis project started as an instrumentation of https://github.com/smallrye/smallrye-jwt[SmallRye JWT], then shifted to https://github.com/jwtk/jjwt[JJWT] with the goal to implement robust multi-issuer handling. With a strong focus on security (see xref:doc/Requirements.adoc[Requirements]), the project evolved through several iterations until it became an entirely new library with its own implementation. The main differentiator is the comprehensive approach to security in multi-issuer environments.\n\n=== The Challenge\n\nModern microservice architectures often need to validate JWT tokens from multiple identity providers without making synchronous calls to authorization servers. This library addresses several key challenges:\n\n=== Why Offline Validation?\n\n* **Performance**: No network round-trips for token validation, enabling sub-millisecond validation times\n* **Resilience**: Service remains functional even when identity providers are temporarily unavailable\n* **Scalability**: Validation scales with your application, not limited by identity provider capacity\n* **Cost**: Reduces load on identity providers, avoiding rate limiting and additional infrastructure costs\n\n=== Key Problems Solved\n\n* **Multi-Issuer Complexity**: Seamlessly handle tokens from Keycloak, Auth0, Azure AD, and other providers in a single application\n* **Key Rotation**: Automatic JWKS key fetching and caching with configurable refresh strategies\n* **Security**: Protection against common JWT vulnerabilities through comprehensive validation pipeline\n* **Configuration Overhead**: OpenID Connect Discovery for automatic configuration from well-known endpoints\n\n[NOTE]\n====\nThis library focuses on JWT validation and is not meant as a replacement for full OAuth2 or OpenID Connect libraries. It will never create tokens, only validate them.\n====\n\n== Quick Start\n\n=== Quarkus Integration (Recommended)\n\nFor Quarkus applications, use our dedicated extension for seamless integration:\n\n[source,xml]\n----\n\u003cdependency\u003e\n    \u003cgroupId\u003ede.cuioss.sheriff.oauth\u003c/groupId\u003e\n    \u003cartifactId\u003eoauth-sheriff-quarkus\u003c/artifactId\u003e\n\u003c/dependency\u003e\n----\n\nThe xref:oauth-sheriff-quarkus-parent/README.adoc[Quarkus Extension] provides:\n\n* Minimal configuration with zero-configuration for sensible best-practice security settings\n* CDI injection of validated tokens\n* Automatic metrics and health checks\n* Native image support for GraalVM\n* Dev UI integration for testing\n\n.Minimal Configuration Example (using OpenID Connect Discovery)\n[source,properties]\n----\n# application.properties\nsheriff.oauth.issuers.keycloak.jwks.http.well-known-url=https://keycloak.example.com/realms/master/.well-known/openid-configuration\n----\n\n[source,java]\n----\n@Inject\n@BearerToken(requiredScopes = {\"read\"})\nprivate BearerTokenResult tokenResult;\n\n// Token is automatically validated and injected\nif (tokenResult.isSuccessfullyAuthorized()) {\n    // The call is authorized and verified to contain the scope \"read\"\n}\n----\n\n==== Declarative Security with Interceptors\n\nFor a more declarative approach, use the `@BearerAuth` interceptor annotation:\n\n[source,java]\n----\n@GET\n@Path(\"/data\")\n@BearerAuth(requiredScopes = {\"read\"}, requiredRoles = {\"user\"})\npublic Response getData() {\n    // Only business logic - security handled automatically by interceptor\n    // If validation fails, error response is returned automatically\n    return Response.ok(data).build();\n}\n----\n\nAccess the validated token using parameter injection:\n\n[source,java]\n----\n@GET\n@BearerAuth(requiredScopes = {\"read\"})\npublic Response getData(@BearerToken BearerTokenResult tokenResult) {\n    AccessTokenContent token = tokenResult.getAccessTokenContent()\n        .orElseThrow(() -\u003e new IllegalStateException(\"Token not available\"));\n\n    String userId = token.getSubject().orElse(\"unknown\");\n\n    return Response.ok(data).build();\n}\n----\n\n**When to use which approach:**\n\n* **Producer pattern (`@BearerToken`)**: Explicit validation control, custom error handling, complex authorization logic\n* **Interceptor pattern (`@BearerAuth`)**: Declarative security, automatic error responses, clean separation of concerns\n\nFor a complete working example, see the xref:oauth-sheriff-quarkus-parent/oauth-sheriff-quarkus-integration-tests/README.adoc[integration tests module].\n\n=== Standalone Library\n\nFor non-Quarkus applications, use the core validation library:\n\n[source,xml]\n----\n\u003cdependency\u003e\n    \u003cgroupId\u003ede.cuioss.sheriff.oauth\u003c/groupId\u003e\n    \u003cartifactId\u003eoauth-sheriff-core\u003c/artifactId\u003e\n\u003c/dependency\u003e\n----\n\n[source,java]\n----\n// Create validator with OIDC Discovery\nTokenValidator validator = TokenValidator.builder()\n    .issuerConfig(IssuerConfig.builder()\n        .httpJwksLoaderConfig(HttpJwksLoaderConfig.builder()\n            .wellKnownUrl(\"https://your-issuer.com/.well-known/openid-configuration\")\n            .build())\n        .expectedAudience(\"your-client-id\") // Add expected audience\n        .build())\n    .build();\n\n// Validate token\nAccessTokenContent accessToken = validator.createAccessToken(tokenString);\n----\n\n== Core Features\n\n* **Multi-issuer support** for handling tokens from different identity providers\n* **Automatic JWKS key management** with rotation support\n* **OpenID Connect Discovery** for automatic configuration\n* **Type-safe token parsing** with strongly typed Access, ID, and Refresh tokens\n* **Comprehensive security** with configurable validation pipeline\n* **High performance** with sub-millisecond validation and built-in caching\n* **Production ready** with extensive testing against Keycloak\n\n== Architecture\n\nFor detailed architectural information, see:\n\n* xref:doc/specification/technical-components.adoc[Technical Components] - Complete architecture documentation\n* xref:doc/plantuml/component-overview.png[Component Diagram] - Visual architecture overview\n\n== Documentation\n\n* xref:doc/navigation.adoc[📚 Documentation Navigation] - Complete guide to all documentation\n* xref:oauth-sheriff-core/README.adoc[Usage Guide] - Detailed usage examples\n* xref:doc/Requirements.adoc[Requirements] - Functional and non-functional requirements\n* xref:doc/security/Threat-Model.adoc[Threat Model] - Security analysis\n\nFor configuration details including runtime dependencies and test support, see the xref:oauth-sheriff-core/README.adoc[JWT Validation Module documentation].\n\n== Performance\n\nThe library is continuously benchmarked with results published to GitHub Pages:\n\n* xref:benchmarking/benchmark-core/README.adoc[Micro-benchmarks] - In-memory performance testing\n* xref:benchmarking/benchmark-integration-wrk/README.adoc[WRK Load Testing] - HTTP-based load testing with WRK\n* xref:benchmarking/doc/performance-scoring.adoc[Performance Metrics] - Understanding the scoring system","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcuioss%2Foauth-sheriff","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcuioss%2Foauth-sheriff","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcuioss%2Foauth-sheriff/lists"}