[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-4320":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":22,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":28,"readmeContent":29,"aiSummary":30,"trendingCount":16,"starSnapshotCount":16,"syncStatus":17,"lastSyncTime":31,"discoverSource":32},4320,"java-jwt","auth0\u002Fjava-jwt","auth0","Java implementation of JSON Web Token (JWT)","",null,"Java",6225,950,215,8,0,2,7,1,39.93,"MIT License",false,"master",[25,26,27],"dx-sdk","java","jwt","2026-06-12 02:01:02","> **Note**\n> As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.\n>\n> While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.\n\n![A Java implementation of JSON Web Token (JWT) - RFC 7519.](https:\u002F\u002Fcdn.auth0.com\u002Fwebsite\u002Fsdks\u002Fbanners\u002Fjava-jwt-banner.png)\n\n![Build Status](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fchecks-status\u002Fauth0\u002Fjava-jwt\u002Fmaster)\n[![Coverage Status](https:\u002F\u002Fimg.shields.io\u002Fcodecov\u002Fc\u002Fgithub\u002Fauth0\u002Fjava-jwt.svg?style=flat-square)](https:\u002F\u002Fcodecov.io\u002Fgithub\u002Fauth0\u002Fjava-jwt)\n[![License](http:\u002F\u002Fimg.shields.io\u002F:license-mit-blue.svg?style=flat)](https:\u002F\u002Fdoge.mit-license.org\u002F)\n[![Maven Central](https:\u002F\u002Fimg.shields.io\u002Fmaven-central\u002Fv\u002Fcom.auth0\u002Fjava-jwt.svg?style=flat-square)](https:\u002F\u002Fmvnrepository.com\u002Fartifact\u002Fcom.auth0\u002Fjava-jwt)\n[![javadoc](https:\u002F\u002Fjavadoc.io\u002Fbadge2\u002Fcom.auth0\u002Fauth0\u002Fjavadoc.svg)](https:\u002F\u002Fjavadoc.io\u002Fdoc\u002Fcom.auth0\u002Fjava-jwt)\n[![Ask DeepWiki](https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg)](https:\u002F\u002Fdeepwiki.com\u002Fauth0\u002Fjava-jwt)\n\n:books: [Documentation](#documentation) - :rocket: [Getting Started](#getting-started) - :computer: [API Reference](#api-reference) :speech_balloon: [Feedback](#feedback)\n\n## Documentation\n- [Examples](.\u002FEXAMPLES.md) - code samples for common java-jwt scenarios.\n- [Docs site](https:\u002F\u002Fwww.auth0.com\u002Fdocs) - explore our docs site and learn more about Auth0.\n\n## Getting Started\n\n### Requirements\n\nThis library is supported for Java LTS versions 8, 11, 17 and 21. For issues on non-LTS versions above 8, consideration will be given on a case-by-case basis.\n\n> `java-jwt` is intended for server-side JVM applications. Android applications should use [JWTDecode.Android](https:\u002F\u002Fgithub.com\u002Fauth0\u002FJWTDecode.Android).\n\n`java-jwt` supports the following algorithms for both signing and verification:\n\n| JWS | Algorithm | Description |\n| :-------------: | :-------------: | :----- |\n| HS256 | HMAC256 | HMAC with SHA-256 |\n| HS384 | HMAC384 | HMAC with SHA-384 |\n| HS512 | HMAC512 | HMAC with SHA-512 |\n| RS256 | RSA256 | RSASSA-PKCS1-v1_5 with SHA-256 |\n| RS384 | RSA384 | RSASSA-PKCS1-v1_5 with SHA-384 |\n| RS512 | RSA512 | RSASSA-PKCS1-v1_5 with SHA-512 |\n| ES256 | ECDSA256 | ECDSA with curve P-256 and SHA-256 |\n| ES384 | ECDSA384 | ECDSA with curve P-384 and SHA-384 |\n| ES512 | ECDSA512 | ECDSA with curve P-521 and SHA-512 |\n\n> Note - Support for ECDSA with curve secp256k1 and SHA-256 (ES256K) has been dropped since it has been [disabled in Java 15](https:\u002F\u002Fwww.oracle.com\u002Fjava\u002Ftechnologies\u002Fjavase\u002F15-relnote-issues.html#JDK-8237219)\n\n> :warning:  **Important security note:** JVM has a critical vulnerability for ECDSA Algorithms - [CVE-2022-21449](https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2022-21449). Please review the details of the vulnerability and update your environment.\n### Installation\n\nAdd the dependency via Maven:\n\n```xml\n\u003Cdependency>\n  \u003CgroupId>com.auth0\u003C\u002FgroupId>\n  \u003CartifactId>java-jwt\u003C\u002FartifactId>\n  \u003Cversion>4.5.2\u003C\u002Fversion>\n\u003C\u002Fdependency>\n```\n\nor Gradle:\n\n```gradle\nimplementation 'com.auth0:java-jwt:4.5.2'\n```\n\n### Create a JWT\n\nUse `JWT.create()`, configure the claims, and then call `sign(algorithm)` to sign the JWT.\n\nThe example below demonstrates this using the `RS256` signing algorithm:\n\n```java\ntry {\n    Algorithm algorithm = Algorithm.RSA256(rsaPublicKey, rsaPrivateKey);\n    String token = JWT.create()\n        .withIssuer(\"auth0\")\n        .sign(algorithm);\n} catch (JWTCreationException exception){\n    \u002F\u002F Invalid Signing configuration \u002F Couldn't convert Claims.\n}\n```\n\n### Verify a JWT\n\nCreate a `JWTVerifier` passing the `Algorithm`, and specify any required claim values.\n\nThe following example uses `RS256` to verify the JWT.\n\n```java\nString token = \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE\";\nDecodedJWT decodedJWT;\ntry {\n    Algorithm algorithm = Algorithm.RSA256(rsaPublicKey, rsaPrivateKey);\n    JWTVerifier verifier = JWT.require(algorithm)\n        \u002F\u002F specify any specific claim validations\n        .withIssuer(\"auth0\")\n        \u002F\u002F reusable verifier instance\n        .build();\n        \n    decodedJWT = verifier.verify(token);\n} catch (JWTVerificationException exception){\n    \u002F\u002F Invalid signature\u002Fclaims\n}\n```\n\nIf the token has an invalid signature or the Claim requirement is not met, a `JWTVerificationException` will be thrown.\n\nSee the [examples](.\u002FEXAMPLES.md) and [JavaDocs](https:\u002F\u002Fjavadoc.io\u002Fdoc\u002Fcom.auth0\u002Fjava-jwt\u002Flatest) for additional documentation.\n\n## API Reference\n\n- [java-jwt JavaDocs](https:\u002F\u002Fjavadoc.io\u002Fdoc\u002Fcom.auth0\u002Fjava-jwt\u002Flatest)\n\n## Feedback\n\n### Contributing\n\nWe appreciate feedback and contribution to this repo! Before you get started, please see the following:\n\n- [Auth0's general contribution guidelines](https:\u002F\u002Fgithub.com\u002Fauth0\u002Fopen-source-template\u002Fblob\u002Fmaster\u002FGENERAL-CONTRIBUTING.md)\n- [Auth0's code of conduct guidelines]((https:\u002F\u002Fgithub.com\u002Fauth0\u002Fopen-source-template\u002Fblob\u002Fmaster\u002FCODE-OF-CONDUCT.md))\n\n### Raise an issue\nTo provide feedback or report a bug, [please raise an issue on our issue tracker](https:\u002F\u002Fgithub.com\u002Fauth0\u002Fjava-jwt\u002Fissues).\n\n### Vulnerability Reporting\nPlease do not report security vulnerabilities on the public Github issue tracker. The [Responsible Disclosure Program](https:\u002F\u002Fauth0.com\u002Fwhitehat) details the procedure for disclosing security issues.\n\n---\n\n\u003Cp align=\"center\">\n  \u003Cpicture>\n    \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"https:\u002F\u002Fcdn.auth0.com\u002Fwebsite\u002Fsdks\u002Flogos\u002Fauth0_light_mode.png\"   width=\"150\">\n    \u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"https:\u002F\u002Fcdn.auth0.com\u002Fwebsite\u002Fsdks\u002Flogos\u002Fauth0_dark_mode.png\" width=\"150\">\n    \u003Cimg alt=\"Auth0 Logo\" src=\".\u002Fauth0_light_mode.png\" width=\"150\">\n  \u003C\u002Fpicture>\n\u003C\u002Fp>\n\u003Cp align=\"center\">Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fwhy-auth0\">Why Auth0?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp align=\"center\">\nThis project is licensed under the MIT license. See the \u003Ca href=\".\u002FLICENSE\"> LICENSE\u003C\u002Fa> file for more info.\u003C\u002Fp>","auth0\u002Fjava-jwt 是一个用于生成和验证 JSON Web Token (JWT) 的 Java 实现。该项目支持多种加密算法，包括 HMAC（HS256, HS384, HS512）、RSA（RS256, RS384, RS512）和 ECDSA（ES256, ES384, ES512），确保了 JWT 的安全性和可靠性。此外，项目提供了详细的文档和示例代码，方便开发者快速上手。java-jwt 主要适用于需要在服务器端进行身份验证和授权的 Java 应用程序，特别适合于构建安全的 RESTful API 或微服务架构。","2026-06-11 02:59:37","top_language"]