JSON Web Token (JWT) for Java
Today was the public release of Nimbus JOSE + JWT, a JSON Web Token (JWT) library for Java with support for plain, signed (JWS) and encrypted (JWE) tokens as well as JSON Web Keys (JWK).
Nimbus JOSE + JWT began on the side of our recent project to build a Java SDK for OpenID Connect where JSON Web Tokens (JWT) are required for some of the request and response messages. We started by forking and disentangling JWT-related code from the OpenInfoCard project. After eight refactorings we now have a simple Java package dedicated solely to the task of composing, serialising and parsing JWTs in their plain, signed and encrypted forms. The implementation was also brought up to date with the latest IETF drafts on the subject.
- JWT draft 08
- JWA draft 01
- JWS draft 01
- JWE draft 01
- JWK draft 01
Note that while JWS support is fully complete now (it covers the three base algorithms – HMAC, RSA and ECDSA), JWE is still a work in progress and needs to add support for a number of encryption algorithms.