jwt-java
jjwt
Our great sponsors
jwt-java | jjwt | |
---|---|---|
- | 4 | |
6 | 9,847 | |
- | 1.4% | |
0.0 | 8.3 | |
about 1 year ago | 2 days ago | |
Java | Java | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jwt-java
We haven't tracked posts mentioning jwt-java yet.
Tracking mentions began in Dec 2020.
jjwt
- Java JWT: JSON Web Token for Java and Android
-
A simple to use Java 8 JWT Library. Verify, Sign, Encode, Decode all day.
How does this compare to JJWT?
-
Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
Note that this PoC uses DER signature which is accepted by the jjwt library as fallback (see https://github.com/jwtk/jjwt/blob/master/impl/src/main/java/io/jsonwebtoken/impl/crypto/EllipticCurveSignatureValidator.java ), but that is not a standard. Standard is JOSE format.
-
JWT authentication in Spring Security andĀ Angular
There are many open-source JWT implementations available for all languages. In this blog post, we use Java jjwt library in this blog post.
What are some alternatives?
otp-java - A small and easy-to-use one-time password generator library for Java implementing RFC 4226 (HOTP) and RFC 6238 (TOTP).
Nimbus JOSE+JWT - JSON Web Token (JWT) implementation for Java with support for signatures (JWS), encryption (JWE) and web keys (JWK).
Tink - Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Spring Security - Spring Security
password4j - Java cryptographic library that supports Argon2, bcrypt, scrypt and PBKDF2 aimed to protect passwords in databases. Easy to use by design, highly customizable, secure and portable. All the implementations follow the standards and have been reviewed to perform better in the JVM.
Bouncy Castle - Bouncy Castle Java Distribution (Mirror)
Jwks RSA
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
JObfuscator - JObfuscator is a source code obfuscator for the Java language. Protect Java source code & algorithms from hacking, cracking, reverse engineering, decompilation & technology theft.
java-jwt-benchmark - Project for benchmarking popular Json Web Token (JWT) frameworks for Java using JMH.
SSLContext-Kickstart - š A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Available client examples are: Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, Vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k Kohttp and Ktor. Also gRPC, WebSocket and ElasticSearch examples are included
owasp-zap-jwt-addon - OWASP ZAP addon for finding vulnerabilities in JWT Implementations