Creating and Parsing a asymmetric key signed JWT containing claims

Posted in JJWT

In this post under JJWT, I will show with example how to create and parse asymmetric key signed JWT containing claims.

Below is the complete code for your reference.

Main class

1  package defaultPackage;
2  import java.security.KeyPair;
3  import java.security.PrivateKey;
4  import java.security.PublicKey;
5  import java.util.Date;
6  
7  import io.jsonwebtoken.Claims;
8  import io.jsonwebtoken.Jws;
9  import io.jsonwebtoken.JwtBuilder;
10 import io.jsonwebtoken.JwtParser;
11 import io.jsonwebtoken.JwtParserBuilder;
12 import io.jsonwebtoken.Jwts;
13 import io.jsonwebtoken.security.SignatureAlgorithm;
14 
15 public class Example11 {
16     public static void main(String[] args) throws Exception {
17         SignatureAlgorithm signatureAlgorithm = Jwts.SIG.EdDSA;
18         KeyPair keyPair = signatureAlgorithm.keyPair().build();
19         
20         Example11 example11 = new Example11();
21         String data = example11.toJWTString(keyPair.getPrivate());
22         System.out.println(data);
23         Jws<Claims> jws = example11.toJWS(keyPair.getPublic(), data);
24         
25         System.out.println(jws.getHeader());
26      System.out.println(jws.getPayload());
27     }
28     
29     public String toJWTString(PrivateKey privateKey) {
30         JwtBuilder jwtBuilder = Jwts.builder();
31         jwtBuilder.signWith(privateKey);
32         
33         jwtBuilder.header().add("typ", "JWT");
34         
35         jwtBuilder.claims().subject("1234567890").issuedAt(new Date()).add("name", "Sumanth");
36         
37         String jwt = jwtBuilder.compact();
38         return jwt;
39     }
40     
41     public Jws<Claims> toJWS(PublicKey publicKey, String data) {
42         JwtParserBuilder jwtParserBuilder = Jwts.parser();
43         jwtParserBuilder.verifyWith(publicKey);
44         JwtParser jwtParser = jwtParserBuilder.build();
45         Jws<Claims> jws = jwtParser.parseSignedClaims(data);
46         return jws;
47     }
48 }

In the above code, at line 17 I create an instance of “SignatureAlgorithm” interface.

At line 18, I create key pair named “keyPair” using the instance of “SignatureAlgorithm” interface.

At line 21, I call “toJWTString” method and pass the private key.

The method “toJWTString” will generate signed and serialized form of JWT.

At line 30, I create an instance of “JwtBuilder” and at line 31, I configure it to use private key for signing the token by calling “signWith” method and passing the private key as an argument.

At line 33, I create the header and at line 34, I create the claims.

At line 37, I call “compact” method of “JwtBuilder” class. This will create compact, serialized and asymmetric key signed JWT.

The JWT is returned to main method and stored in “data” String variable. Refer to ine 21.

At line 23, I call “toJWS” method which will take the serialized form of JWT, parse it and return an instance of “Jws”.

At line 42, I create an instance of “JwtParserBuilder” class.

At line 43, I configure it to use public key for verifying the tokens.

At line 44, I create an instance of “JwtParser” from the instance of “JwtParserBuilder”

At line 45, I call “parseSignedClaims” method available on “JwtParser” instance and pass the token stored in String “data” variable.

This will create an instance of “Jws” class which is returned to main method.

At line 25 and 26, I print the header and claims from the “Jws” instance.

In this way, we can create and parse asymmetric key signed JWT containing claims.

Unknown's avatar

Published by sumanthprabhakar

Leave a comment