jjwt/README.md

[![Build Status](https://travis-ci.org/jwtk/jjwt.svg?branch=master)](https://travis-ci.org/jwtk/jjwt)

# Java JWT: JSON Web Token for Java

This library is intended to be the easiest to use and understand library for creating and verifying JSON Web Tokens (JWTs) on the JVM, period.

## Installation

Use your favorite Maven-compatible build tool to pull the dependency (and its transitive dependencies) from Maven Central:

```xml

<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.1</version>
</dependency>
```

## Usage

Most complexity is hidden behind convenient and readable Builder chaining calls.  Here's an example:

```java
import io.jsonwebtoken.Jwts;
import static io.jsonwebtoken.SignatureAlgorithm.*;

//Let's create a random signing key for testing:
Random random = new SecureRandom();
byte[] key = new byte[64];
random.nextBytes(key);

Claims claims = Jwts.claims().setIssuer("Me").setSubject("Joe");

String jwt = Jwts.builder().setClaims(claims).signWith(HS256, key).compact();
```

How easy was that!?

Now let's verify the JWT (you should always discard JWTs that don't match an expected signature):

```java
Token token = Jwts.parser().setSigningKey(key).parse(jwt);

assert token.getClaims().getSubject().equals("Joe");
```

You have to love one-line code snippets in Java!

But what if signature validation failed?  You can catch `SignatureException` and react accordingly:

```java
try {

    Jwts.parser().setSigningKey(key).parse(jwt);

    //OK, we can trust this JWT

} catch (SignatureException e) {

    //don't trust the JWT!
}
```

## Supported Features

* Creating and parsing plaintext compact JWTs

* Creating, parsing and verifying digitally signed compact JWTs (aka JWSs) with the following algorithms:
    * HS256: HMAC using SHA-384
    * HS384: HMAC using SHA-384
    * HS512: HMAC using SHA-512
    * RS256: RSASSA-PKCS-v1_5 using SHA-256
    * RS384: RSASSA-PKCS-v1_5 using SHA-384
    * RS512: RSASSA-PKCS-v1_5 using SHA-512
    * PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256
    * PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384
    * PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512

## Currently Unsupported Features

* [Non-compact](https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-7.2) serialization and parsing.
* Elliptic Curve signature algorithms `ES256`, `ES384` and `ES512`.
* JWE (Encryption for JWT)

These feature sets will be implemented in a future release when possible.  Community contributions are welcome!
Added Travis build status image to readme 2014-09-19 15:00:25 -04:00			`[![Build Status](https://travis-ci.org/jwtk/jjwt.svg?branch=master)](https://travis-ci.org/jwtk/jjwt)`
Initial commit 2014-09-12 21:06:24 -04:00
Update README.md 2014-09-23 17:13:50 -04:00			`# Java JWT: JSON Web Token for Java`
Initial commit! 2014-09-18 22:14:22 -04:00
Update README.md 2014-09-19 23:51:52 -04:00			`This library is intended to be the easiest to use and understand library for creating and verifying JSON Web Tokens (JWTs) on the JVM, period.`
updated readme to reflect upcoming release 2014-09-19 23:22:49 -04:00
			`## Installation`

			`Use your favorite Maven-compatible build tool to pull the dependency (and its transitive dependencies) from Maven Central:`

			```xml

			`<dependency>`
			`<groupId>io.jsonwebtoken</groupId>`
			`<artifactId>jjwt</artifactId>`
			`<version>0.1</version>`
			`</dependency>`
			```

			`## Usage`

			`Most complexity is hidden behind convenient and readable Builder chaining calls. Here's an example:`
Initial commit! 2014-09-18 22:14:22 -04:00
code block formatting change 2014-09-19 17:47:01 -04:00			```java
updated readme to reflect upcoming release 2014-09-19 23:23:29 -04:00			`import io.jsonwebtoken.Jwts;`
updated readme to reflect upcoming release 2014-09-19 23:22:49 -04:00			`import static io.jsonwebtoken.SignatureAlgorithm.*;`

code block formatting change 2014-09-19 17:47:01 -04:00			`//Let's create a random signing key for testing:`
			`Random random = new SecureRandom();`
			`byte[] key = new byte[64];`
			`random.nextBytes(key);`
Initial commit! 2014-09-18 22:14:22 -04:00
updated readme to reflect upcoming release 2014-09-19 23:22:49 -04:00			`Claims claims = Jwts.claims().setIssuer("Me").setSubject("Joe");`
Initial commit! 2014-09-18 22:14:22 -04:00
updated readme to reflect upcoming release 2014-09-19 23:22:49 -04:00			`String jwt = Jwts.builder().setClaims(claims).signWith(HS256, key).compact();`
code block formatting change 2014-09-19 17:47:01 -04:00			```
Initial commit! 2014-09-18 22:14:22 -04:00
			`How easy was that!?`

			`Now let's verify the JWT (you should always discard JWTs that don't match an expected signature):`

code block formatting change 2014-09-19 17:47:01 -04:00			```java
updated readme to reflect upcoming release 2014-09-19 23:22:49 -04:00			`Token token = Jwts.parser().setSigningKey(key).parse(jwt);`
Initial commit! 2014-09-18 22:14:22 -04:00
code block formatting change 2014-09-19 17:47:01 -04:00			`assert token.getClaims().getSubject().equals("Joe");`
			```
Initial commit! 2014-09-18 22:14:22 -04:00
			`You have to love one-line code snippets in Java!`

			But what if signature validation failed? You can catch `SignatureException` and react accordingly:

code block formatting change 2014-09-19 17:47:01 -04:00			```java
			`try {`
Initial commit! 2014-09-18 22:14:22 -04:00
updated readme to reflect upcoming release 2014-09-19 23:22:49 -04:00			`Jwts.parser().setSigningKey(key).parse(jwt);`
Initial commit! 2014-09-18 22:14:22 -04:00
code block formatting change 2014-09-19 17:47:01 -04:00			`//OK, we can trust this JWT`
Initial commit! 2014-09-18 22:14:22 -04:00
code block formatting change 2014-09-19 17:47:01 -04:00			`} catch (SignatureException e) {`
Initial commit! 2014-09-18 22:14:22 -04:00
code block formatting change 2014-09-19 17:47:01 -04:00			`//don't trust the JWT!`
			`}`
			```
Initial commit! 2014-09-18 22:14:22 -04:00
			`## Supported Features`

Made some documentation clarifications 2014-09-19 17:30:47 -04:00			`* Creating and parsing plaintext compact JWTs`
Initial commit! 2014-09-18 22:14:22 -04:00
Update README.md 2014-09-25 16:42:16 -04:00			`* Creating, parsing and verifying digitally signed compact JWTs (aka JWSs) with the following algorithms:`
Initial commit! 2014-09-18 22:14:22 -04:00			`* HS256: HMAC using SHA-384`
			`* HS384: HMAC using SHA-384`
			`* HS512: HMAC using SHA-512`
			`* RS256: RSASSA-PKCS-v1_5 using SHA-256`
			`* RS384: RSASSA-PKCS-v1_5 using SHA-384`
			`* RS512: RSASSA-PKCS-v1_5 using SHA-512`
			`* PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256`
			`* PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384`
			`* PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512`

			`## Currently Unsupported Features`

Update README.md 2014-09-25 16:43:41 -04:00			`* [Non-compact](https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-7.2) serialization and parsing.`
			* Elliptic Curve signature algorithms `ES256`, `ES384` and `ES512`.
			`* JWE (Encryption for JWT)`
Initial commit! 2014-09-18 22:14:22 -04:00
Made some documentation clarifications 2014-09-19 17:30:47 -04:00			`These feature sets will be implemented in a future release when possible. Community contributions are welcome!`