jjwt
jjwt copied to clipboard
jwtk
Java JWT: JSON Web Token for Java and Android
Following the email thread *“jjwt signature validation bypass”* and a couple of issues here (#193, #90, plus several others related to [the post in Auth0's blog](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/)): At least some portion...
Given: * A parser with an HS256 signing key. * Key was specified using `JwtParser.setSigningKey(String base64Encoded)`. * Token being parsed is signed with algorithm RS256. * Using the `parseClaimsJws(String)` method....
Would be really useful to support Key suppliers based on a JWS endpoint for the validation of a JWS, or any way to use JWK to verify a JWS (JWKParser?).
Hi, can you please provide an example of how to sign/verify using an existing private/public key pair? I got it working in node with [node-jsonwebtoken](https://github.com/auth0/node-jsonwebtoken), like this: ``` var key...
Thank you all for a great library! **For this pull request I am suggesting a small improvement which would take away the need to override the RsaSigner or EllipticCurveSigner to...
When receiving a signed JWT token with a header such as: ```json { "x5t" : "thumbprint", "x5u ": "https://certificates.example.com/123456789.cer" } ``` Where is the appropriate place for verifying the identity...
… ObjectMapper Jackson 2.10+ recommend using `ObjectReader` and `ObjectWriter` as opposed to `ObjectMapper` https://cowtowncoder.medium.com/jackson-3-0-immutability-w-builders-d9c532860d88
SigningKeyResolverAdapter uses existential - raw - JwsHeader in its arguments. My immediate problem is that I can't override those methods in Scala - no way to express the raw type...
Currently, JJWT compiles for Java 1.7 (much of this has to do with Android support). JJWT 1.0 will contain breaking changes, at that point we could update the `Date` and...
Hi, reading the rfc about audience claim https://tools.ietf.org/html/rfc7519#section-4.1.3, it seems that the aud can be a list of values, but the api implement this claim just as a single value.
