Login/Register
How to verify jwt token in spring boot?
Asked Answered
Solved spring-bootjwted25519nimbus-jose-jwteddsa
M

1

7

I want to implement JWT verification in my spring boot application. The algorithm we used for signing token is Ed25519\EDDSA .

I don't find right dependency/library to implement Jwt verifier using ED25519 algorithm.

Can someone suggest maven dependency to validate JWT token ?

Magnetics answered 16/2, 2022 at 17:7 Comment(0)
C
4

The answer comes late but I just tried to solve the same problem and decided to share my conclusions.

I'd use Spring Security with the OAuth 2.0 Resource Server to validate JWTs.

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>

However, Spring Security's default JWT Decoder NimbusJwtDecoder does not support EdDSA (see list of supported signature algorithms. You will have to write your own JWTDecoder.

Luckily, Spring Security depends on Nimbus JOSE+JWT library that already supports EdDSA. To validate an EdDSA signature with the library, add the following dependency:

<dependency>
  <groupId>com.google.crypto.tink</groupId>
  <artifactId>tink</artifactId>
  <version>1.6.1</version>
</dependency>

Your code will at some point call the following lines, where encodedJwt is the encoded jwt string.

SignedJWT signedJWT = SignedJWT.parse(encodedJwt);

JWSVerifier verifier = new Ed25519Verifier(publicJWK);
assertTrue(signedJWT.verify(verifier));

The complete example can be found here: https://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-eddsa

Cristalcristate answered 1/6, 2022 at 12:47 Comment(2)
I'm trying to figure out how the JWTDecoder would look, are you able to post it? Thank you!Dorladorlisa
No, I'm sorry, I cleaned up my system and don't have the POC anymore. I did an implementation without Spring that you can find here: github.com/curityio/oauth-filter-for-java/pull/6Cristalcristate

© 2022 - 2024 — McMap. All rights reserved.