Java Code Examples for com.auth0.jwt.JWT#decode()

The following examples show how to use com.auth0.jwt.JWT#decode() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.

Example 1

Source File: IdTokenVerifierTest.java From auth0-java with MIT License

6 votes

@Test
public void succeedsWithValidTokenUsingDefaultClockAndHttpDomain() {
    String token = JWT.create()
            .withSubject("auth0|sdk458fks")
            .withAudience(AUDIENCE)
            .withIssuedAt(getYesterday())
            .withExpiresAt(getTomorrow())
            .withIssuer("http://" + DOMAIN + "/")
            .withClaim("nonce", "nonce")
            .sign(Algorithm.HMAC256("secret"));

    DecodedJWT decodedJWT = JWT.decode(token);
    SignatureVerifier verifier = mock(SignatureVerifier.class);
    when(verifier.verifySignature(token)).thenReturn(decodedJWT);

    IdTokenVerifier.init("http://" + DOMAIN + "/", AUDIENCE, verifier)
            .build()
            .verify(token, "nonce");
}

Example 2

Source File: IdTokenVerifierTest.java From auth0-java-mvc-common with MIT License

6 votes

@Test
public void succeedsWithValidTokenUsingDefaultClockAndHttpDomain() {
    String token = JWT.create()
            .withSubject("auth0|sdk458fks")
            .withAudience(AUDIENCE)
            .withIssuedAt(getYesterday())
            .withExpiresAt(getTomorrow())
            .withIssuer("http://" + DOMAIN + "/")
            .withClaim("nonce", "nonce")
            .sign(Algorithm.HMAC256("secret"));

    DecodedJWT decodedJWT = JWT.decode(token);
    SignatureVerifier verifier = mock(SignatureVerifier.class);
    when(verifier.verifySignature(token)).thenReturn(decodedJWT);

    IdTokenVerifier.Options opts = new IdTokenVerifier.Options("http://" + DOMAIN + "/", AUDIENCE, verifier);
    opts.setNonce("nonce");

    new IdTokenVerifier().verify(token, opts);
}

Example 3

Source File: IdTokenVerifierTest.java From auth0-java with MIT License

5 votes

@Test
public void succeedsWithValidTokenUsingDefaultClock() {
    String token = JWT.create()
            .withSubject("auth0|sdk458fks")
            .withAudience(AUDIENCE)
            .withIssuedAt(getYesterday())
            .withExpiresAt(getTomorrow())
            .withIssuer("https://" + DOMAIN + "/")
            .withClaim("nonce", "nonce")
            .sign(Algorithm.HMAC256("secret"));

    DecodedJWT decodedJWT = JWT.decode(token);
    SignatureVerifier verifier = mock(SignatureVerifier.class);
    when(verifier.verifySignature(token)).thenReturn(decodedJWT);

    IdTokenVerifier.init("https://" + DOMAIN + "/", AUDIENCE, verifier)
            .build()
            .verify(token, "nonce");
}

Example 4

Source File: JwtSessionConfigurator.java From aceql-http with GNU Lesser General Public License v2.1

5 votes

/**
    * Extracts the Database from the decoded JWT.
    */
   @Override
   public String getDatabase(String sessionId) {
try {
    DecodedJWT jwt = JWT.decode(sessionId);
    Map<String, Claim> claims = jwt.getClaims(); // Key is the Claim
						 // name
    Claim claim = claims.get("dbn");
    return claim.asString();

} catch (JWTDecodeException exception) {
    System.err.println(exception);
    return null;
}
   }

Example 5

Source File: JwtUtil.java From watchdog-framework with MIT License

5 votes

/**
 * 获得token中的指定KEY值信息
 */
public static String get(String token,String key) {
    try {
        DecodedJWT jwt = JWT.decode(token);
        return jwt.getClaim(key).asString();
    } catch (JWTDecodeException e) {
        return null;
    }
}

Example 6

Source File: TokenCheck.java From JWT4B with GNU General Public License v3.0

5 votes

public static boolean isValidJWT(String jwt) {
	 
	if (StringUtils.countMatches(jwt, ".") != 2) {
		return false;
	}
	
	jwt=jwt.trim();
	if(StringUtils.contains(jwt," ")){
		return false;
	}

	String[] sArray=StringUtils.split(jwt,".");
	if(sArray.length < 3){
		return false;
	}
	for(String value:sArray){
		if(!value.matches("[A-Za-z0-9+/=_-]+")){
			return false;
		}
	}

	try {
		DecodedJWT decoded = JWT.decode(jwt);
		decoded.getAlgorithm();
		return true;
	} catch (Exception exception) {}
	
	return false;
}

Example 7

Source File: HMACAlgorithmTest.java From java-jwt with MIT License

5 votes

@Test
public void shouldPassHMAC384Verification() throws Exception {
    String jwt = "eyJhbGciOiJIUzM4NCIsImN0eSI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.uztpK_wUMYJhrRv8SV-1LU4aPnwl-EM1q-wJnqgyb5DHoDteP6lN_gE1xnZJH5vw";
    Algorithm algorithmString = Algorithm.HMAC384("secret");
    Algorithm algorithmBytes = Algorithm.HMAC384("secret".getBytes(StandardCharsets.UTF_8));
    DecodedJWT decoded = JWT.decode(jwt);
    algorithmString.verify(decoded);
    algorithmBytes.verify(decoded);
}

Example 8

Source File: JwtUtil.java From flash-waimai with MIT License

5 votes

public static Long getUserId(String token) {
    try {
        DecodedJWT jwt = JWT.decode(token);
        return jwt.getClaim("userId").asLong();
    } catch (JWTDecodeException e) {
        return null;
    }
}

Example 9

Source File: JwtUtil.java From flash-waimai with MIT License

5 votes

/**
 * 获得token中的信息无需secret解密也能获得
 * @return token中包含的用户名
 */
public static String getUsername(String token) {
    try {
        DecodedJWT jwt = JWT.decode(token);
        return jwt.getClaim("username").asString();
    } catch (JWTDecodeException e) {
        return null;
    }
}

Example 10

Source File: AuthUtils.java From mdw with Apache License 2.0

5 votes

private static boolean checkBearerAuthenticationHeader(String authHeader, Map<String,String> headers) {
    try {
        // Do NOT try to authenticate if it's not Bearer
        if (authHeader == null || !authHeader.startsWith("Bearer"))
            throw new Exception("Invalid MDW Auth Header");  // This should never happen

        authHeader = authHeader.replaceFirst("Bearer ", "");
        DecodedJWT jwt = JWT.decode(authHeader);  // Validate it is a JWT and see which kind of JWT it is

        if (MDW_AUTH.equals(jwt.getIssuer()))  // JWT was issued by MDW Central
            verifyMdwJWT(authHeader, headers);
        else if (verifierCustom.get(jwt.getIssuer()) != null ||
                (PropertyManager.getInstance().getProperties(PropertyNames.MDW_JWT) != null &&
                 PropertyManager.getInstance().getProperties(PropertyNames.MDW_JWT).values().contains(jwt.getIssuer())))  // Support for other issuers of JWTs
            verifyCustomJWT(authHeader, jwt.getAlgorithm(), jwt.getIssuer(), headers);
        else
            throw new Exception("Invalid JWT Issuer");
    }
    catch (Throwable ex) {
        if (!ApplicationContext.isDevelopment()) {
            headers.put(Listener.AUTHENTICATION_FAILED, "Authentication failed for JWT '" + authHeader + "' " + ex.getMessage());
            logger.error("Authentication failed for JWT '"+authHeader+"' " + ex.getMessage(), ex);
        }
        return false;
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Bearer authentication successful for user '"+headers.get(Listener.AUTHENTICATED_USER_HEADER)+"'");
    }
    if (PropertyManager.getBooleanProperty(PropertyNames.MDW_JWT_PRESERVE, false))
        headers.put(Listener.AUTHENTICATED_JWT, authHeader);
    return true;
}

Example 11

Source File: IdTokenVerifierTest.java From auth0-java-mvc-common with MIT License

5 votes

private IdTokenVerifier.Options configureOptions(String token) {
    DecodedJWT decodedJWT = JWT.decode(token);
    SignatureVerifier verifier = mock(SignatureVerifier.class);
    when(verifier.verifySignature(token)).thenReturn(decodedJWT);

    IdTokenVerifier.Options opts = new IdTokenVerifier.Options("https://" + DOMAIN + "/", AUDIENCE, verifier);
    opts.setClock(DEFAULT_CLOCK);
    return opts;
}

Example 12

Source File: AthenzAccessToken.java From vespa with Apache License 2.0

5 votes

private DecodedJWT jwt() {
    if (jwt == null) {
        // Decoding a token is expensive and involves construction of at least one Jackson ObjectMapper instance
        // TODO Cache encoder/decoder as static field in AthenzAccessToken
        jwt = JWT.decode(this.value);
    }
    return jwt;
}

Example 13

Source File: CallbackController.java From auth0-spring-security-mvc-sample with MIT License

5 votes

private void handle(HttpServletRequest request, HttpServletResponse response) throws IOException {
    try {
        Tokens tokens = controller.handle(request, response);
        TokenAuthentication tokenAuth = new TokenAuthentication(JWT.decode(tokens.getIdToken()));
        SecurityContextHolder.getContext().setAuthentication(tokenAuth);
        response.sendRedirect(redirectOnSuccess);
    } catch (AuthenticationException | IdentityVerificationException e) {
        e.printStackTrace();
        SecurityContextHolder.clearContext();
        response.sendRedirect(redirectOnFail);
    }
}

Example 14

Source File: JwtUtil.java From jeecg-boot with Apache License 2.0

5 votes

/**
 * 获得token中的信息无需secret解密也能获得
 *
 * @return token中包含的用户名
 */
public static String getUsername(String token) {
	try {
		DecodedJWT jwt = JWT.decode(token);
		return jwt.getClaim("username").asString();
	} catch (JWTDecodeException e) {
		return null;
	}
}

Example 15

Source File: HMACAlgorithmTest.java From java-jwt with MIT License

5 votes

@Test
public void shouldPassHMAC512Verification() throws Exception {
    String jwt = "eyJhbGciOiJIUzUxMiIsImN0eSI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.VUo2Z9SWDV-XcOc_Hr6Lff3vl7L9e5Vb8ThXpmGDFjHxe3Dr1ZBmUChYF-xVA7cAdX1P_D4ZCUcsv3IefpVaJw";
    Algorithm algorithmString = Algorithm.HMAC512("secret");
    Algorithm algorithmBytes = Algorithm.HMAC512("secret".getBytes(StandardCharsets.UTF_8));
    DecodedJWT decoded = JWT.decode(jwt);
    algorithmString.verify(decoded);
    algorithmBytes.verify(decoded);
}

Example 16

Source File: TokenService.java From coderadar with MIT License

4 votes

/**
 * Returns username from the tokens claim <code>username</code>.
 *
 * @param refreshToken a jwt token
 */
public String getUsername(String refreshToken) {
  JWT jwt = JWT.decode(refreshToken);
  Claim claim = jwt.getClaim("username");
  return claim.asString();
}

Example 17

Source File: JwtTokenExtractor.java From botbuilder-java with MIT License

4 votes

private boolean hasAllowedIssuer(String token) {
    DecodedJWT decodedJWT = JWT.decode(token);
    return this.tokenValidationParameters.validIssuers != null
        && this.tokenValidationParameters.validIssuers.contains(decodedJWT.getIssuer());
}

Example 18

Source File: JwtToken.java From Moss with Apache License 2.0

4 votes

public JwtToken(String token) {
    this.token = token;
    this.jwt = JWT.decode(token);
}

Example 19

Source File: JwtUtil.java From ShiroJwt with MIT License

4 votes

/**
 * 获得Token中的信息无需secret解密也能获得
 * @param token
 * @param claim
 * @return java.lang.String
 * @author Wang926454
 * @date 2018/9/7 16:54
 */
public static String getClaim(String token, String claim) {
    try {
        DecodedJWT jwt = JWT.decode(token);
        // 只能输出String类型，如果是其他类型返回null
        return jwt.getClaim(claim).asString();
    } catch (JWTDecodeException e) {
        logger.error("解密Token中的公共信息出现JWTDecodeException异常:{}", e.getMessage());
        throw new CustomException("解密Token中的公共信息出现JWTDecodeException异常:" + e.getMessage());
    }
}

Example 20

Source File: JwtUtil.java From spring-boot-plus with Apache License 2.0

2 votes

/**
 * 解析token，获取token数据
 *
 * @param token
 * @return
 */
public static DecodedJWT getJwtInfo(String token) {
    return JWT.decode(token);
}