Documentation and support for Java-JWT library


I am planning to use Java-JWT library from Auth0 in our application for JWT based authentication. I have been working with a small POC and have been able to sign and verify JWTs successfully.
But the problem is that the only documentation I could find is on GitHub. Following is the link,

Is there more documentation or Java Docs available?
I also want to know if Java-JWT library is supported by Auth0 currently and if they have plans to support it in the future?

Java-JWT library is available under MIT license so I believe it is free of cost. Is this correct?

I learnt that Java-JWT library throws JWTCreationException in case of failure. But I see that it also throws TokenExpiredException in case of expired token.
Can I catch TokenExpiredException to check for expired token and JWTCreationException for all other cases as shown below,

try {
algorithm = Algorithm.RSA256(publicKey, null);

			JWTVerifier verifier = JWT.require(algorithm)
					.build(); //Reusable verifier instance
			jwt = verifier.verify(token);

} catch (TokenExpiredException exception) {
// expired token

} catch (JWTVerificationException exception) {
// invalid signature, etc.

Can someone help with these questions? Thank you.

Hi @mails_aphale
I believe that this document has all the help required. Further, we could help you if you are a bit more specific about what problem you are facing.

As per my understanding, I believe that-
Yes we can use TokenExpiredException to catch expired tokens and
JWTVerificationException for all others, in case you are only validating the token.

Auth0 takes care of token creation so I don’t think JWTCreationException would ever be thrown. ( or maybe it was a typo on your end)

The java-jwt library is officially supported by Auth0 and it will continue to be supported. It’s under the MIT license, so it can be used free of charge. The documentation of the library can be found in the README of the github repository and in javadoc.

When you use JWTVerificationException, each individual exception is triggered depending on the situation, as can be seen here. So you could use this as described in the README

try {
    Algorithm algorithm = Algorithm.RSA256(publicKey, privateKey);
    JWTVerifier verifier = JWT.require(algorithm)
        .build(); //Reusable verifier instance
    DecodedJWT jwt = verifier.verify(token);
} catch (JWTVerificationException exception){
    //Invalid signature/claims
1 Like

Thank you @priya.sharma.9362 for the reply!

Thank you @anny for the reply!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.