Stack Overflow
Stack Overflow

Questions tagged [jose4j]

The jose4j library is an open source (Apache 2.0) implementation of JWT and the JOSE specification suite. It is written in Java and relies solely on the JCA APIs for cryptography.

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. JWT is the identity token format in OpenID Connect and it is also widely used in OAuth 2.0 and many other contexts that require compact message security.

JOSE is short for Javascript Object Signing and Encryption, which is the IETF Working Group that developed the JSON Web Signature (JWS), JSON Web Encryption (JWE) and JSON Web Key (JWK) specifications. JWS and JWE use JSON and base64url encoding to secure messages in a (relatively) simple, compact and web safe format while JWK defines a JSON representation of cryptographic keys. The actual algorithms for JWS, JWE and JWK are defined in JSON Web Algorithms (JWA). The library supports the JWS/JWE compact serializations with the complete suite of JOSE algorithms.

The homepage for jose4j is at: https://bitbucket.org/b_c/jose4j/wiki/Home

84 questions
16
votes
4 answers

How to make HMAC_SHA256 key from secret string to use it with JWT in jose4j?

I want to produce JWTs and sign them with HMAC_SHA256. For that task I must use jose4j. I have tried to generate key based on secret with: SecretKeySpec key = new SecretKeySpec(("secret").getBytes("UTF-8"), AlgorithmIdentifiers.HMAC_SHA512); but it…
foki
  • 8,624
  • 6
  • 33
  • 32
10
votes
1 answer

Process JWT token using JWKs Endpoint

I receive two JWTs: an OpenID Connect ID token (id_token) and an Access Token (access_token). The situation with OpenID is more or less clear - I can validate it using a JWKS Endpoint: https://smth.com/JWKS. as in example…
Petr Averyanov
  • 9,327
  • 3
  • 20
  • 38
10
votes
1 answer

Verification key for jose4j JwtConsumer

I am using jose4j to validate and process a JWT. The JWT looks like the following and it passes the validation in the JWT homepage. However, I can't do the same using jose4j java library. The exception complains about the verification key I set.…
Wang Sheng
  • 780
  • 1
  • 6
  • 18
9
votes
1 answer

What does "e": "AQAB" mean in jwks?

What does "e": "AQAB" mean in JWKS - Json Web Key Set { "keys": [ { "kty": "RSA", #key type "e": "AQAB", #Question - what does "e" mean or stand for. And what values can e take. What is AQAB here. "use": "sig", #verify…
samshers
  • 1
  • 6
  • 37
  • 84
7
votes
2 answers

How do I verify a JWT signature for an Azure B2C id token in Java?

How do I verify a JWT signature for an Azure B2C id token in Java? I have successfully verified signatures with google open-id connect, but I have not been successful verifying signatures for Microsoft Azure B2C jwt id tokens. I used the example…
Robert Booth
  • 73
  • 1
  • 3
6
votes
2 answers

How can I get Claims from a JWT?

I need to extract claims from a JWT. It seems that this should be a no-brainer. It was signed, from the header I get: { "alg": "RS256", "typ":…
Chaos Rules
  • 410
  • 1
  • 3
  • 14
6
votes
2 answers

How do I decode a JWT token using an RSA public key in PEM format?

My Java application is receiving a JWT. I have the public key in PEM format: -----BEGIN PUBLIC…
Mike Chamberlain
  • 39,692
  • 27
  • 110
  • 158
4
votes
2 answers

How to decrypt JWE(Json Web Encryption) data using private key in java

I have a private key similar to below e.g. -----BEGIN PRIVATE…
Roshanck
  • 2,220
  • 8
  • 41
  • 56
4
votes
2 answers

Jose4j library compatibility with Java 6

We are considering the adoption of a library to generate and use JSON Web Tokens. Jose4j seems a good choice but library "Dependencies" state that "...Jose4j is compiled with/for Java 7 and will also run on Java 8..." and our current instalation run…
Xavi Alcalde
  • 43
  • 1
  • 3
3
votes
0 answers

Java (Android): Diffie-Hellman key exchange process according to JWA (RFC 7518)

I need to use ECDH key exchange process in order to encrypt/decrypt messages between the client and the server. I use jose4j library for cryptographic functionality. I have the local key pair (private dC and public QC), I have the remote public key…
Michael Kessler
  • 14,245
  • 13
  • 50
  • 64
3
votes
3 answers

What is the algorithm string for 'AGCM256-KW' in java cryptography, to be used in Cipher.getInstance(String algo)?

referring this, I have to encrypt using algorithm AGCM256-­KW. I am using Java Cryptography and I didn't find any such algorithm. Closest I found was AES_256/GCM/NoPadding but it has no KW (Key wrapping). here is my test code public void…
iuq
  • 1,487
  • 1
  • 20
  • 42
3
votes
1 answer

JwtConsumer in multithreaded system

I just want to clarify is JwtConsumer thread safe? I'm going to use it with spring rest controller. Is it fine to use one consumer in whole application for multiple requests or better place it under request skope?
Normal
  • 1,347
  • 4
  • 17
  • 34
3
votes
1 answer

Convert ECC Public key's Bignum to JWK X, Y Coordinates

I have created public and private keys in OpenSSL using EC_Key and have x, y and d components in BigNum format. Now I want to convert these Bignum values to Base64URLEncoded values as per JWK standards. e.g. { "kty":"EC", "crv":"P-256", …
Ankit Thakur
  • 4,739
  • 1
  • 19
  • 35
2
votes
1 answer

How to generate JWK from a X.509 PEM certificate in jose4j?

I am trying to produce JWK from an X.509 PEM certificate in jose4j, but I am not getting any clue to do the same. I have already achieved this using nimbus jose+jwt library , can someone please help me with equivalent code for jose4j? Code piece for…
Prakhar
  • 41
  • 6
2
votes
2 answers

Verifying JWS with detached payload using jose4j fails

I'm having issues verifying a JWS with detached payload. I've basically copied all steps in the example provided on the jose4j documentation but for some reason verification still returns false while it should succeed. Here's the code I'm using,…
KoMaBeLu
  • 63
  • 10
1
2 3 4 5 6