I need to migrate some legacy code (not written by me) from:
compile group: 'com.auth0', name: 'java-jwt', version: '2.2.0'
to:
compile group: 'com.auth0', name: 'java-jwt', version: '4.3.0'
and am unsure about how to replace:
com.auth0.jwt.JWTSigner
with
com.auth0.jwt.JWTVerifier
(assuming that that’s even the right class!).
I have basic knowledge of JWT conceptually, but not previous experience with this library or with the application that is using it.
I valuely see that JWTSigner.Options corresponds to Map<String,Object> claims but am unsure about the correspondence between:
return jwtSigner.sign(claims, options.getOptions());
and
return JWT.require(options.getAlgorithm().getAlgorithm()).build().verify(secret).getPayload()
Can anyone point me to any reading material / code samples etc. that makes it more obvious?
This is useful but not foolproof: