{"id":45939806,"url":"https://github.com/web-eid/web-eid-authtoken-validation-java","last_synced_at":"2026-02-28T10:33:54.903Z","repository":{"id":42401070,"uuid":"322605147","full_name":"web-eid/web-eid-authtoken-validation-java","owner":"web-eid","description":"Web eID authentication token validation library for Java","archived":false,"fork":false,"pushed_at":"2026-02-06T14:21:22.000Z","size":1101,"stargazers_count":2,"open_issues_count":6,"forks_count":7,"subscribers_count":9,"default_branch":"main","last_synced_at":"2026-02-06T19:04:27.614Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://web-eid.eu","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/web-eid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-12-18T13:37:26.000Z","updated_at":"2026-02-06T11:04:43.000Z","dependencies_parsed_at":"2023-10-14T18:59:06.256Z","dependency_job_id":"962dbc19-6bc3-42ce-8e1f-6aef84680d69","html_url":"https://github.com/web-eid/web-eid-authtoken-validation-java","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/web-eid/web-eid-authtoken-validation-java","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-eid%2Fweb-eid-authtoken-validation-java","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-eid%2Fweb-eid-authtoken-validation-java/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-eid%2Fweb-eid-authtoken-validation-java/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-eid%2Fweb-eid-authtoken-validation-java/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/web-eid","download_url":"https://codeload.github.com/web-eid/web-eid-authtoken-validation-java/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-eid%2Fweb-eid-authtoken-validation-java/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29930344,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-28T09:58:13.507Z","status":"ssl_error","status_checked_at":"2026-02-28T09:57:57.047Z","response_time":90,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-28T10:33:53.073Z","updated_at":"2026-02-28T10:33:54.878Z","avatar_url":"https://github.com/web-eid.png","language":"Java","readme":"# web-eid-authtoken-validation-java\n\n![European Regional Development Fund](https://github.com/open-eid/DigiDoc4-Client/blob/master/client/images/EL_Regionaalarengu_Fond.png)\n\n*web-eid-authtoken-validation-java* is a Java library for issuing challenge nonces and validating Web eID authentication tokens during secure authentication with electronic ID (eID) smart cards in web applications.\n\nMore information about the Web eID project is available on the project [website](https://web-eid.eu/).\n\n# Quickstart\n\nComplete the steps below to add support for secure authentication with eID cards to your Java web application back end. Instructions for the front end are available [here](https://github.com/web-eid/web-eid.js).\n\nA Java web application that uses Maven or Gradle to manage packages is needed for running this quickstart. Examples are for Maven, but they are straightforward to translate to Gradle.\n\nIn the following example we are using the [Spring Framework](https://spring.io/), but the examples can be easily ported to other Java web application frameworks.\n\n## Full example project using the validation library in spring-boot\n[example/README.md](example/README.md)\n\n## 1. Add the library to your project\n\nAdd the following lines to Maven `pom.xml` to include the Web eID authentication token validation library in your project:\n\n```xml\n\u003cdependencies\u003e\n    \u003cdependency\u003e\n        \u003cgroupId\u003eeu.webeid.security\u003c/groupId\u003e\n        \u003cartifactId\u003eauthtoken-validation\u003c/artifactId\u003e\n        \u003cversion\u003e${webeid.version}\u003c/version\u003e\n    \u003c/dependency\u003e\n\u003c/dependencies\u003e\n\n\u003crepositories\u003e\n    \u003crepository\u003e\n        \u003cid\u003egitlab\u003c/id\u003e\n        \u003curl\u003ehttps://gitlab.com/api/v4/projects/19948337/packages/maven\u003c/url\u003e\n    \u003c/repository\u003e\n\u003c/repositories\u003e\n```\n\n## 2. Configure the challenge nonce store\n\nThe validation library needs a store for saving the issued challenge nonces. As it must be guaranteed that the authentication token is received from the same browser to which the corresponding challenge nonce was issued, using a session-backed challenge nonce store is the most natural choice.\n\nImplement the session-backed challenge nonce store as follows:\n\n```java\nimport org.springframework.beans.factory.ObjectFactory;\nimport eu.webeid.security.challenge.ChallengeNonce;\nimport eu.webeid.security.challenge.ChallengeNonceStore;\nimport javax.servlet.http.HttpSession;\n\npublic class SessionBackedChallengeNonceStore implements ChallengeNonceStore {\n\n    private static final String CHALLENGE_NONCE_KEY = \"challenge-nonce\";\n    final ObjectFactory\u003cHttpSession\u003e httpSessionFactory;\n\n    public SessionBackedChallengeNonceStore(ObjectFactory\u003cHttpSession\u003e httpSessionFactory) {\n        this.httpSessionFactory = httpSessionFactory;\n    }\n\n    @Override\n    public void put(ChallengeNonce challengeNonce) {\n        currentSession().setAttribute(CHALLENGE_NONCE_KEY, challengeNonce);\n    }\n\n    @Override\n    public ChallengeNonce getAndRemoveImpl() {\n        final ChallengeNonce challengeNonce = (ChallengeNonce) currentSession().getAttribute(CHALLENGE_NONCE_KEY);\n        currentSession().removeAttribute(CHALLENGE_NONCE_KEY);\n        return challengeNonce;\n    }\n\n    private HttpSession currentSession() {\n        return httpSessionFactory.getObject();\n    }\n}\n```\n\n## 3. Configure the challenge nonce generator\n\nThe validation library needs to generate authentication challenge nonces and store them for later validation in the challenge nonce store. Overview of challenge nonce usage is provided in the [Web eID system architecture document](https://github.com/web-eid/web-eid-system-architecture-doc#authentication-1). The challenge nonce generator will be used in the REST endpoint that issues challenges; it is thread-safe and should be scoped as a singleton.\n\nConfigure the challenge nonce generator as follows:\n\n```java\nimport eu.webeid.security.challenge.ChallengeNonceGenerator;\nimport eu.webeid.security.challenge.ChallengeNonceGeneratorBuilder;\nimport eu.webeid.security.challenge.ChallengeNonceStore;\n\n...\n    public ChallengeNonceGenerator generator(ChallengeNonceStore challengeNonceStore) {\n        return new ChallengeNonceGeneratorBuilder()\n                .withChallengeNonceStore(challengeNonceStore)\n                .build();\n    }\n...\n```\n\n## 4. Add trusted certificate authority certificates\n\nYou must explicitly specify which **intermediate** certificate authorities (CAs) are trusted to issue the eID authentication and OCSP responder certificates. CA certificates can be loaded from either the truststore file, resources or any stream source. We use the [`CertificateLoader`](https://github.com/web-eid/web-eid-authtoken-validation-java/blob/main/src/main/java/eu/webeid/security/certificate/CertificateLoader.java) helper class to load CA certificates from resources here, but consider using [the truststore file](./blob/example/main/src/main/java/eu/webeid/example/config/ValidationConfiguration.java#L104-L123) instead.\n\nFirst, copy the trusted certificates, for example `ESTEID2018.cer`, to `resources/cacerts/`, then load the certificates as follows:\n\n```java\nimport java.security.cert.X509Certificate;\nimport eu.webeid.security.certificate.CertificateLoader;\n\n...\n    private X509Certificate[] trustedIntermediateCACertificates() {\n         return CertificateLoader.loadCertificatesFromResources(\"cacerts/ESTEID2018.cer\");\n    }\n...\n```\n\n## 5. Configure the authentication token validator\n\nOnce the prerequisites have been met, the authentication token validator itself can be configured.\nThe mandatory parameters are the website origin (the URL serving the web application, see section [_Basic usage_](#basic-usage) below) and trusted certificate authorities.\nThe authentication token validator will be used in the login processing component of your web application authentication framework; it is thread-safe and should be scoped as a singleton.\n\n```java\nimport eu.webeid.security.validator.AuthTokenValidator;\nimport eu.webeid.security.validator.AuthTokenValidatorBuilder;\n\n...\n    public AuthTokenValidator tokenValidator() throws JceException {\n        return new AuthTokenValidatorBuilder()\n                .withSiteOrigin(\"https://example.org\")\n                .withTrustedCertificateAuthorities(trustedIntermediateCACertificates())\n                .build();\n    }\n...\n```\n\n## 6. Add a REST endpoint for issuing challenge nonces\n\nA REST endpoint that issues challenge nonces is required for authentication. The endpoint must support `GET` requests.\n\nIn the following example, we are using the [Spring RESTful Web Services framework](https://spring.io/guides/gs/rest-service/) to implement the endpoint, see also the full implementation [here](example/blob/main/src/main/java/eu/webeid/example/web/rest/ChallengeController.java).\n\n```java\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestMapping;\nimport org.springframework.web.bind.annotation.RestController;\nimport eu.webeid.security.challenge.ChallengeNonceGenerator;\n...\n\n@RestController\n@RequestMapping(\"auth\")\npublic class ChallengeController {\n\n    @Autowired // for brevity, prefer constructor dependency injection\n    private ChallengeNonceGenerator nonceGenerator;\n\n    @GetMapping(\"challenge\")\n    public ChallengeDTO challenge() {\n        // a simple DTO with a single 'nonce' field\n        final ChallengeDTO challenge = new ChallengeDTO();\n        challenge.setNonce(nonceGenerator.generateAndStoreNonce().getBase64EncodedNonce());\n        return challenge;\n    }\n}\n```\n\nAlso, see general guidelines for implementing secure authentication services [here](https://github.com/SK-EID/smart-id-documentation/wiki/Secure-Implementation-Guide).\n\n## 7. Implement authentication\n\nAuthentication consists of calling the `validate()` method of the authentication token validator. The internal implementation of the validation process is described in more detail below and in the [Web eID system architecture document](https://github.com/web-eid/web-eid-system-architecture-doc#authentication-1).\n\nWhen using [Spring Security](https://spring.io/guides/topicals/spring-security-architecture) with standard cookie-based authentication,\n\n- implement a custom authentication provider that uses the authentication token validator for authentication as shown [here](example/blob/main/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java),\n- implement an AJAX authentication processing filter that extracts the authentication token and passes it to the authentication manager as shown [here](example/blob/main/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java),\n- configure the authentication provider and authentication processing filter in the application configuration as shown [here](example/blob/main/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java).\n\nThe gist of the validation is [in the `authenticate()` method](example/blob/main/src/main/java/eu/webeid/example/security/AuthTokenDTOAuthenticationProvider.java#L74-L76) of the authentication provider:\n\n```java\ntry {\n  String nonce = challengeNonceStore.getAndRemove().getBase64EncodedNonce();\n  X509Certificate userCertificate = tokenValidator.validate(authToken, nonce);\n  return WebEidAuthentication.fromCertificate(userCertificate, authorities);\n} catch (AuthTokenException e) {\n  ...\n```\n\n# Table of contents\n\n- [Quickstart](#quickstart)\n- [Introduction](#introduction)\n- [Authentication token format](#authentication-token-format)\n- [Authentication token validation](#authentication-token-validation)\n  - [Basic usage](#basic-usage)\n  - [Extended configuration](#extended-configuration)\n    - [Certificates' \u003cem\u003eAuthority Information Access\u003c/em\u003e (AIA) extension](#certificates-authority-information-access-aia-extension)\n  - [Possible validation errors](#possible-validation-errors)\n  - [Stateful and stateless authentication](#stateful-and-stateless-authentication)\n- [Challenge nonce generation](#challenge-nonce-generation)\n  - [Basic usage](#basic-usage-1)\n  - [Extended configuration](#extended-configuration-1)\n- [Differences between version 1 and version 2](#differences-between-version-1-and-version-2)\n\n# Introduction\n\nThe Web eID authentication token validation library for Java contains the implementation of the Web eID authentication token validation process in its entirety to ensure that the authentication token sent by the Web eID browser extension contains valid, consistent data that has not been modified by a third party. It also implements secure challenge nonce generation as required by the Web eID authentication protocol. It is easy to configure and integrate into your authentication service.\n\nThe authentication protocol, authentication token format, validation requirements and challenge nonce usage is described in more detail in the [Web eID system architecture document](https://github.com/web-eid/web-eid-system-architecture-doc#authentication-1).\n\n# Authentication token format\n\nIn the following, \n\n- **origin** is defined as the website origin, the URL serving the web application,\n- **challenge nonce** (or challenge) is defined as a cryptographic nonce, a large random number that can be used only once, with at least 256 bits of entropy.\n\nThe Web eID authentication token is a JSON data structure that looks like the following example:\n\n```json\n{\n  \"unverifiedCertificate\": \"MIIFozCCA4ugAwIBAgIQHFpdK-zCQsFW4...\",\n  \"algorithm\": \"RS256\",\n  \"signature\": \"HBjNXIaUskXbfhzYQHvwjKDUWfNu4yxXZha...\",\n  \"format\": \"web-eid:1.0\",\n  \"appVersion\": \"https://web-eid.eu/web-eid-app/releases/v2.0.0\"\n}\n```\n\nIt contains the following fields:\n\n- `unverifiedCertificate`: the base64-encoded DER-encoded authentication certificate of the eID user; the public key contained in this certificate should be used to verify the signature; the certificate cannot be trusted as it is received from client side and the client can submit a malicious certificate; to establish trust, it must be verified that the certificate is signed by a trusted certificate authority,\n\n- `algorithm`: the signature algorithm used to produce the signature; the allowed values are the algorithms specified in [JWA RFC](https://www.ietf.org/rfc/rfc7518.html) sections 3.3, 3.4 and 3.5:\n\n    ```\n      \"ES256\", \"ES384\", \"ES512\", // ECDSA\n      \"PS256\", \"PS384\", \"PS512\", // RSASSA-PSS\n      \"RS256\", \"RS384\", \"RS512\"  // RSASSA-PKCS1-v1_5\n    ```\n\n- `signature`: the base64-encoded signature of the token (see the description below),\n\n- `format`: the type identifier and version of the token format separated by a colon character '`:`', `web-eid:1.0` as of now; the version number consists of the major and minor number separated by a dot, major version changes are incompatible with previous versions, minor version changes are backwards-compatible within the given major version,\n\n- `appVersion`: the URL identifying the name and version of the application that issued the token; informative purpose, can be used to identify the affected application in case of faulty tokens.\n\nThe value that is signed by the user’s authentication private key and included in the `signature` field is `hash(origin)+hash(challenge)`. The hash function is used before concatenation to ensure field separation as the hash of a value is guaranteed to have a fixed length. Otherwise the origin `example.com` with challenge nonce `.eu1234` and another origin `example.com.eu` with challenge nonce `1234` would result in the same value after concatenation. The hash function `hash` is the same hash function that is used in the signature algorithm, for example SHA256 in case of RS256.\n\n\n# Authentication token validation\n\nThe authentication token validation process consists of two stages:\n\n- First, **user certificate validation**: the validator parses the token and extracts the user certificate from the *unverifiedCertificate* field. Then it checks the certificate expiration, purpose and policies. Next it checks that the certificate is signed by a trusted CA and checks the certificate status with OCSP.\n- Second, **token signature validation**: the validator validates that the token signature was created using the provided user certificate by reconstructing the signed data `hash(origin)+hash(challenge)` and using the public key from the certificate to verify the signature in the `signature` field. If the signature verification succeeds, then the origin and challenge nonce have been implicitly and correctly verified without the need to implement any additional security checks.\n\nThe website back end must lookup the challenge nonce from its local store using an identifier specific to the browser session, to guarantee that the authentication token was received from the same browser to which the corresponding challenge nonce was issued. The website back end must guarantee that the challenge nonce lifetime is limited and that its expiration is checked, and that it can be used only once by removing it from the store during validation.\n\n## Basic usage\n\nAs described in section *[5. Configure the authentication token validator](#5-configure-the-authentication-token-validator)*, the mandatory authentication token validator configuration parameters are the website origin and trusted certificate authorities.\n\n**Origin** must be the URL serving the web application. Origin URL must be in the form of `\"https://\" \u003chostname\u003e [ \":\" \u003cport\u003e ]`  as defined in [MDN](https://developer.mozilla.org/en-US/docs/Web/API/Location/origin) and not contain path or query components. **Note that the `origin` URL must not end with a slash `/`**.\n\nThe **trusted certificate authority certificates** are used to validate that the user certificate from the authentication token and the OCSP responder certificate is signed by a trusted certificate authority. Intermediate CA certificates must be used instead of the root CA certificates so that revoked CA certificates can be removed. Trusted certificate authority certificates configuration is described in more detail in section *[4. Add trusted certificate authority certificates](#4-add-trusted-certificate-authority-certificates)*.\n\nBefore validation, the previously issued **challenge nonce** must be looked up from the store using an identifier specific to the browser session. The challenge nonce must be passed to the `validate()` method in the corresponding parameter. Setting up the challenge nonce store is described in more detail in section *[2. Configure the challenge nonce store](#2-configure-the-challenge-nonce-store)*. \n\nThe authentication token validator configuration and construction is described in more detail in section *[5. Configure the authentication token validator](#5-configure-the-authentication-token-validator)*. Once the validator object has been constructed, it can be used for validating authentication tokens as follows:\n\n```java  \nString challengeNonce = challengeNonceStore.getAndRemove().getBase64EncodedNonce();\nWebEidAuthToken token = tokenValidator.parse(tokenString);\nX509Certificate userCertificate = tokenValidator.validate(token, challengeNonce);\n```\n\nThe `validate()` method returns the validated user certificate object if validation is successful or throws an exception as described in section *[Possible validation errors](#possible-validation-errors)* below if validation fails. The `CertificateData` and `TitleCase` classes can be used for extracting user information from the user certificate object:\n\n```java  \nimport eu.webeid.security.certificate;\nimport static eu.webeid.security.util.Strings.toTitleCase;\n\n...\n    \nCertificateData.getSubjectCN(userCertificate).orElseThrow(); // \"JÕEORG\\\\,JAAK-KRISTJAN\\\\,38001085718\"\nCertificateData.getSubjectIdCode(userCertificate).orElseThrow(); // \"PNOEE-38001085718\"\nCertificateData.getSubjectCountryCode(userCertificate).orElseThrow(); // \"EE\"\n\ntoTitleCase(CertificateData.getSubjectGivenName(userCertificate).orElseThrow()); // \"Jaak-Kristjan\"\ntoTitleCase(CertificateData.getSubjectSurname(userCertificate).orElseThrow()); // \"Jõeorg\"\n```\n\n## Extended configuration  \n\nThe following additional configuration options are available in `AuthTokenValidatorBuilder`:  \n\n- `withoutUserCertificateRevocationCheckWithOcsp()` – turns off user certificate revocation check with OCSP. OCSP check is enabled by default and the OCSP responder access location URL is extracted from the user certificate AIA extension unless a designated OCSP service is activated.\n- `withDesignatedOcspServiceConfiguration(DesignatedOcspServiceConfiguration serviceConfiguration)` – activates the provided designated OCSP responder service configuration for user certificate revocation check with OCSP. The designated service is only used for checking the status of the certificates whose issuers are supported by the service, for other certificates the default AIA extension service access location will be used. See configuration examples in `testutil.OcspServiceMaker.getDesignatedOcspServiceConfiguration()`.\n- `withOcspClient(OcspClient ocspClient)` - uses the provided OCSP client instance during user certificate revocation check with OCSP. The provided client instance must be thread-safe. This gives the possibility to configure the request timeouts, proxies etc of the `HttpClient` instance or provide an implementation that uses an altogether different HTTP client. See examples in `OcspClientOverrideTest`.\n- `withOcspRequestTimeout(Duration ocspRequestTimeout)` – sets both the connection and response timeout of user certificate revocation check OCSP requests. Default is 5 seconds.\n- `withDisallowedCertificatePolicies(ASN1ObjectIdentifier... policies)` – adds the given policies to the list of disallowed user certificate policies. In order for the user certificate to be considered valid, it must not contain any policies present in this list. Contains the Estonian Mobile-ID policies by default as it must not be possible to authenticate with a Mobile-ID certificate when an eID smart card is expected.\n- `withNonceDisabledOcspUrls(URI... urls)` – adds the given URLs to the list of OCSP responder access location URLs for which the nonce protocol extension will be disabled. Some OCSP responders don't support the nonce extension.\n- `withAllowedOcspResponseTimeSkew(Duration allowedTimeSkew)` – sets the allowed time skew for OCSP response's `thisUpdate` and `nextUpdate` times to allow discrepancies between the system clock and the OCSP responder's clock or revocation updates that are not published in real time. The default allowed time skew is 15 minutes. The relatively long default is specifically chosen to account for one particular OCSP responder that used CRLs for authoritative revocation info, these CRLs were updated every 15 minutes.\n- `withMaxOcspResponseThisUpdateAge(Duration maxThisUpdateAge)` – sets the maximum age for the OCSP response's `thisUpdate` time before it is considered too old to rely on. The default maximum age is 2 minutes.\n\nExtended configuration example:  \n\n```java  \nAuthTokenValidator validator = new AuthTokenValidatorBuilder()\n    .withSiteOrigin(\"https://example.org\")\n    .withTrustedCertificateAuthorities(trustedCertificateAuthorities())\n    .withoutUserCertificateRevocationCheckWithOcsp()\n    .withDisallowedCertificatePolicies(new ASN1ObjectIdentifier(\"1.2.3\"))\n    .withNonceDisabledOcspUrls(URI.create(\"http://aia.example.org/cert\"))\n    .withAllowedOcspResponseTimeSkew(Duration.ofMinutes(10))\n    .withMaxOcspResponseThisUpdateAge(Duration.ofMinutes(5))\n    .build();\n```\n\n### Certificates' *Authority Information Access* (AIA) extension\n\nUnless a designated OCSP responder service is in use, it is required that the AIA extension that contains the certificate’s OCSP responder access location is present in the user certificate. The AIA OCSP URL will be used to check the certificate revocation status with OCSP.\n\nNote that there may be limitations to using AIA URLs as the services behind these URLs provide different security and SLA guarantees than dedicated OCSP responder services. In case you need a SLA guarantee, use a designated OCSP responder service.\n\n## Possible validation errors  \n\nThe `validate()` method of `AuthTokenValidator` returns the validated user certificate object if validation is successful or throws an exception if validation fails. All exceptions that can occur during validation derive from `AuthTokenException`, the list of available exceptions is available [here](src/main/java/eu/webeid/security/exceptions/). Each exception file contains a documentation comment that describes under which conditions the exception is thrown.\n\n## Stateful and stateless authentication\n\nIn the code examples above we use the classical stateful Spring Security session cookie-based authentication mechanism, where a cookie that contains the user session ID is set during successful login and session data is stored at sever side. Cookie-based authentication must be protected against cross-site request forgery (CSRF) attacks and extra measures must be taken to secure the cookies by serving them only over HTTPS and setting the _HttpOnly_, _Secure_ and _SameSite_ attributes.\n\nA common alternative to stateful authentication is stateless authentication with JSON Web Tokens (JWT) or secure cookie sessions where the session data resides at the client side browser and is either signed or encrypted. Secure cookie sessions are described in [RFC 6896](https://datatracker.ietf.org/doc/html/rfc6896) and in the following [article about secure cookie-based Spring Security sessions](https://www.innoq.com/en/blog/cookie-based-spring-security-session/). Usage of both an anonymous session and a cache is required to store the challenge nonce and the time it was issued before the user is authenticated. The anonymous session must be used for protection against [forged login attacks](https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests) by guaranteeing that the authentication token is received from the same browser to which the corresponding challenge nonce was issued. The cache must be used for protection against replay attacks by guaranteeing that each authentication token can be used exactly once.\n\n\n# Challenge nonce generation\n\nThe authentication protocol requires support for generating challenge nonces, large random numbers that can be used only once, and storing them for later use during token validation. The validation library uses the *java.security.SecureRandom* API as the secure random source and the `ChallengeNonceStore` interface for storing issued challenge nonces. \n\nThe `-Djava.security.egd=file:/dev/./urandom` command line argument is added to `pom.xml` to avoid the risk of having the code execution blocked unexpectedly during random generation. Without this, the JVM uses `/dev/random`, which can block, to seed the `SecureRandom` class.\n\nThe authentication protocol requires a REST endpoint that issues challenge nonces as described in section *[6. Add a REST endpoint for issuing challenge nonces](#6-add-a-rest-endpoint-for-issuing-challenge-nonces)*.\n\nNonce usage is described in more detail in the [Web eID system architecture document](https://github.com/web-eid/web-eid-system-architecture-doc#authentication-1).\n\n## Basic usage\n\nAs described in section *[3. Configure the nonce generator](#3-configure-the-nonce-generator)*, the only mandatory configuration parameter of the challenge nonce generator is the challenge nonce store.\n\nThe challenge nonce store is used to save the nonce value along with the nonce expiry time. It must be possible to look up the challenge nonce data structure from the store using an identifier specific to the browser session. The values from the store are used by the token validator as described in the section *[Authentication token validation \u003e Basic usage](#basic-usage)* that also contains recommendations for store usage and configuration.\n\nThe nonce generator configuration and construction is described in more detail in section *[3. Configure the nonce generator](#3-configure-the-nonce-generator)*. Once the generator object has been constructed, it can be used for generating nonces as follows:\n\n```java  \nChallengeNonce challengeNonce = nonceGenerator.generateAndStoreNonce();  \n```\n\nThe `generateAndStoreNonce()` method both generates the nonce and saves it in the store.\n\n## Extended configuration  \n\nThe following additional configuration options are available in `NonceGeneratorBuilder`:\n\n- `withNonceTtl(Duration duration)` – overrides the default challenge nonce time-to-live duration. When the time-to-live passes, the nonce is considered to be expired. Default challenge nonce time-to-live is 5 minutes.\n- `withSecureRandom(SecureRandom)` - allows to specify a custom `SecureRandom` instance.\n\nExtended configuration example:  \n```java  \nNonceGenerator generator = new NonceGeneratorBuilder()  \n        .withChallengeNonceStore(store)\n        .withNonceTtl(Duration.ofMinutes(5))\n        .withSecureRandom(customSecureRandom)  \n        .build();\n```\n\n# Differences between version 1 and version 2\n\nIn version 1, the generated challenge nonces were stored in a JSR107 compatible cache. The goal of using a cache was to support stateful and stateless authentication with a universal API that uses the same underlying mechanism. However, in case the website had a CSRF vulnerability, this made the solution vulnerable to [forged login attacks](https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests) (the attacker could trick the victim to submit the authentication token with the attacker's challenge nonce to the website using a CSRF attack, so that the victim was authenticated to the website as the attacker). To mitigate this attack, in version 2 the requirement is that the library adopter must guarantee that the authentication token is received from the same browser to which the corresponding challenge nonce was issued. The recommended solution is to use a session-backed challenge nonce store, as in the code examples above. The library no longer uses the JSR107 cache API and provides a `ChallengeNonceStore` interface instead.\n\nIn the internal implementation, the Web eID authentication token format changed in version 2. In version 1, the authentication token was in the OpenID X509 ID Token (JWT) format in order to be compatible with the standard OpenID Connect ID Token specification. During independent security review it was pointed out that any similarities of the Web eID authentication token to the JWT format are actually undesirable, as they would imply that the claims presented in the Web eID authentication token can be trusted and processed, while in fact they must be ignored, as they can be manipulated at the client side. The presence of the claims in the authentication token introduces a risk of vulnerabilities in case the authentication implementer decides to rely on any of them for making security critical decisions or decides to apply the same standard validation workflow that is applied to standard JWTs. Since there does not exist a standardized format for an authentication proof that corresponds to the requirements of the Web eID authentication protocol, a special purpose JSON-based format for the Web eID authentication token was adopted in version 2. The format is described in detail in the section *[Authentication token format](#authentication-token-format)*, and the full analysis of the format change is available in [this article](https://web-eid.github.io/web-eid-system-architecture-doc/web-eid-auth-token-v2-format-spec.pdf).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fweb-eid%2Fweb-eid-authtoken-validation-java","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fweb-eid%2Fweb-eid-authtoken-validation-java","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fweb-eid%2Fweb-eid-authtoken-validation-java/lists"}