jjwt
jwt-java
Our great sponsors
jjwt | jwt-java | |
---|---|---|
4 | - | |
9,833 | 6 | |
1.3% | - | |
8.3 | 0.0 | |
7 days ago | about 1 year ago | |
Java | Java | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jjwt
- Java JWT: JSON Web Token for Java and Android
-
A simple to use Java 8 JWT Library. Verify, Sign, Encode, Decode all day.
How does this compare to JJWT?
-
Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
Note that this PoC uses DER signature which is accepted by the jjwt library as fallback (see https://github.com/jwtk/jjwt/blob/master/impl/src/main/java/io/jsonwebtoken/impl/crypto/EllipticCurveSignatureValidator.java ), but that is not a standard. Standard is JOSE format.
-
JWT authentication in Spring Security andĀ Angular
There are many open-source JWT implementations available for all languages. In this blog post, we use Java jjwt library in this blog post.
jwt-java
We haven't tracked posts mentioning jwt-java yet.
Tracking mentions began in Dec 2020.
What are some alternatives?
Nimbus JOSE+JWT - JSON Web Token (JWT) implementation for Java with support for signatures (JWS), encryption (JWE) and web keys (JWK).
otp-java - A small and easy-to-use one-time password generator library for Java implementing RFC 4226 (HOTP) and RFC 6238 (TOTP).
Spring Security - Spring Security
Tink - Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Bouncy Castle - Bouncy Castle Java Distribution (Mirror)
password4j - Java cryptographic library that supports Argon2, bcrypt, scrypt and PBKDF2 aimed to protect passwords in databases. Easy to use by design, highly customizable, secure and portable. All the implementations follow the standards and have been reviewed to perform better in the JVM.
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
Jwks RSA
java-jwt-benchmark - Project for benchmarking popular Json Web Token (JWT) frameworks for Java using JMH.
JObfuscator - JObfuscator is a source code obfuscator for the Java language. Protect Java source code & algorithms from hacking, cracking, reverse engineering, decompilation & technology theft.
owasp-zap-jwt-addon - OWASP ZAP addon for finding vulnerabilities in JWT Implementations
SSLContext-Kickstart - š A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Available client examples are: Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, Vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k Kohttp and Ktor. Also gRPC, WebSocket and ElasticSearch examples are included