Skip to content
Connect2id
JOSE

Nimbus JOSE + JWT 2.16

Today the Nimbus JOSE + JWT library was updated to the latest spec drafts, released earlier this week by the WG editor.

  • [JWA] draft-ietf-jose-json-web-algorithms-11

  • [JWS] draft-ietf-jose-json-web-signature-11

  • [JWE] draft-ietf-jose-json-web-encryption-11

  • [JWK] draft-ietf-jose-json-web-key-11

  • [JWT] draft-ietf-oauth-json-web-token-08

Three major areas are affected:

  • Three optional parameters were added to the JWK object: x5u, x5t and x5c, intended to add X.509 certificate information to a key.

  • The MIME types of several JOSE objects were corrected to comply with the standard format.

  • The JWE encrypted key is no longer used in AAD composition. This means that JWE encryption and decryption is no longer compatible with previous versions of the library.

The full list of changes can be found out in the spec history and the library change log.

Special helpers (using the builder pattern) were introduced to simplify the construction of JWKs, which now carry over a dozen parameters, while keeping the JWK classes immutable.

Example builder use:

RSAKey key = new RSAKey.Builder(n, e).
             setPrivateExponent(d).
             setAlgorithm(JWSAlgorithm.RS512).
             setKeyID("456").
             build();

The new version of the library should reach Maven Central today. The library wiki and online JavaDocs were updated too. We’re looking for contributors to help us implement the remaining optional JWS and JWE algorithms, also to extend the available online documentation with more examples and perhaps a few tutorials.