Stack Overflow
Stack Overflow

Questions tagged [nimbus-jose-jwt]

52 questions
10
votes
4 answers

How to increase RemoteJWKSet cache TTL in spring-security 5.2

We are using spring-security 5.2 for securing our REST API through JWT validation. With the spring:security:oauth2:resourceserver:jwt:jwk-set-uri property we indicate the remote JWKS endpoint which translates into Spring creating a NimbusJwtDecoder…
chirina
  • 133
  • 2
  • 8
9
votes
1 answer

What does "e": "AQAB" mean in jwks?

What does "e": "AQAB" mean in JWKS - Json Web Key Set { "keys": [ { "kty": "RSA", #key type "e": "AQAB", #Question - what does "e" mean or stand for. And what values can e take. What is AQAB here. "use": "sig", #verify…
samshers
  • 1
  • 6
  • 37
  • 84
7
votes
1 answer

How to verify jwt token in spring boot?

I want to implement JWT verification in my spring boot application. The algorithm we used for signing token is Ed25519\EDDSA . I don't find right dependency/library to implement Jwt verifier using ED25519 algorithm. Can someone suggest maven…
Gokul Kulanthaivel
  • 81
  • 1
  • 4
4
votes
2 answers

Spring Boot migration from 2.3.6.RELEASE to 2.4.0 and json ClassCastException

I have a Java project which has a dependency of SpringBoot version 2.3.6.RELEASE. However, I'm in trouble trying to upgrade to 2.4.0 version. In the project nothing else was changed, only version of SpringBoot. Since then the application throws the…
Vytautas Arminas
  • 387
  • 5
  • 16
4
votes
0 answers

PS256 algorithm support for signatures in Java

According to the Java 12 security specs here the RSASSA-PSS signature scheme should be supported (actually as of Java 11). However, if I try to use a signature with PS256 algorithm in my JWT using e.g. the nimbus jose+jwt library, then it doesn't…
user1120821
  • 439
  • 7
  • 18
3
votes
2 answers

Unable to parse JWK in Java

I implemented a rest authorization server that returns the public-key for a given keyId in the JWK format using the com.nimbusds:nimbus-jose-jwt:9.13 package. The code looks something like this: @RequestMapping(value = "/oauth2", produces =…
Bhushan
  • 590
  • 1
  • 7
  • 23
3
votes
2 answers

ECDH + JWE encryption using nimbus-jose and Java 6

I have a problem and I would like to know if you can help me. I need to create an encrypted JWE with elliptic curve. i am using jre 1.6.0, nimbus-jose-jwt-8.20-jdk6.jar ,bcprov-jdk15to18-166.jar. I have created a keystore and a key pair with the EC…
ramon
  • 41
  • 5
3
votes
0 answers

Validating JWT claims using nimbus jose-jwt (java)

I am using nimbus jost+jwt version 8.19 in a normal java project (not using spring). I have some claims such as iss, aud and sub and want to validate them. (I want iss, aud and sub to be a specific value). I want the parser to throw an exception…
curiousredoC
  • 51
  • 1
  • 7
3
votes
1 answer

Spring Security 5.2 -- how to customize NimbusJWTDecoder used by OAuth2ResourceServer?

I have an OpenID provider (openam) running locally. I am using a self-signed certificate and the jwks URL is @ https://localhost:8443/openam/oauth2/connect/ Due to the SSL certificate being self-signed, I am getting an SSLHandshake exception, when…
prabhakar thopa
  • 41
  • 1
  • 4
2
votes
0 answers

How to convert base64 encoded verification key to EC (ES256) public key

I am trying to get public key for ES256 from base64 encoded key in C#. In java below code works // base64OfEncodedVerificationKey is provided through Play Console. var encodedVerificationKey: ByteArray = …
Chetan Patil
  • 542
  • 1
  • 5
  • 23
2
votes
3 answers

Using a custom JWT Decoder in Spring boot resource server

I'm using the Spring boot resource server. The authentication server issues a JWT. This JWT is re-encoded(with AES) with a key and in the Resource server, I should decode the JWT (from AES) before sending it to the JwtAuthenticator. Now, I have a…
Shahab.es
  • 367
  • 6
  • 20
2
votes
1 answer

Caused by: java.lang.RuntimeException: com.nimbusds.oauth2.sdk.ParseException: Unexpected type of JSON object member with key "mtls_endpoint_aliases"

I'm running a spring-boot app which acts as a oauth2 resource server and all requests must have a valid jwt. But I'm getting the following error at the application startup. Caused by:…
Dilrukshi Perera
  • 917
  • 3
  • 17
  • 31
2
votes
0 answers

Spring Resource Server connection with authorization server. Default timeout

Spring security documentation https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html#oauth2resourceserver-jwt-timeouts states that: By default, Resource Server uses connection and socket timeouts of 30 seconds each…
Piotrold
  • 77
  • 1
  • 6
2
votes
1 answer

In nimbus-jose-jwt, what is difference between lifespan and refreshTime?

The class DefaultJWKSetCache of nimbus-jose-jwt has two fields, lifespan and refreshTime. From Java docs - lifespan - The lifespan of the cached JWK set before it expires, negative means no expiration. refreshTime - The time after which the cached…
samshers
  • 1
  • 6
  • 37
  • 84
2
votes
1 answer

How to produce correct jwks endpoint for spring oauth2 jwt server?

The Issued Goal To configure /.well-known/jwks.json for my spring oauth2 jwt server with valid jwks. 1st Attempt Following spring documentation I can use out the box Endpoint for JWK Set URI. It…
Sergii
  • 7,044
  • 14
  • 58
  • 116
1
2 3 4