Examples with JWT - com.auth0.android.jwt.JWT

Example 21 with JWT

use of com.auth0.android.jwt.JWT in project java-jwt by auth0.

the class ECDSABouncyCastleProviderTests method shouldFailECDSA256KVerificationOnInvalidJOSESignatureLength.

@Test
public void shouldFailECDSA256KVerificationOnInvalidJOSESignatureLength() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA256withECDSA");
    exception.expectCause(isA(IllegalArgumentException.class));
    exception.expectCause(hasMessage(is("Last unit does not have enough valid bits")));
    String jwt = ES256K_JWT.substring(0, ES256K_JWT.length() - 1);
    Algorithm algorithm = Algorithm.ECDSA256K((ECPublicKey) readPublicKeyFromFile(INVALID_PUBLIC_KEY_FILE_256K, "EC"), null);
    algorithm.verify(JWT.decode(jwt));
}

Also used : ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ECDSAAlgorithmTest(com.auth0.jwt.algorithms.ECDSAAlgorithmTest) Test(org.junit.Test)

Example 22 with JWT

use of com.auth0.android.jwt.JWT in project java-jwt by auth0.

the class ECDSABouncyCastleProviderTests method shouldThrowOnECDSA256KVerificationWithDERSignature.

@Test
public void shouldThrowOnECDSA256KVerificationWithDERSignature() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA256withECDSA");
    exception.expectCause(isA(SignatureException.class));
    exception.expectCause(hasMessage(is("Invalid JOSE signature format.")));
    String jwt = "eyJraWQiOiJteS1rZXktaWQiLCJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.e30.MEUCIQDaCA-xzjHBCFhyAm56je5DXgylpUncBsQTxQT7AD19zwIgEjIm3lueII2W4pC_iQR6oRMHNtgqfAzTrWnV7DPNURk";
    ECPublicKey key = (ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_256K, "EC");
    Algorithm algorithm = Algorithm.ECDSA256K(key, null);
    algorithm.verify(JWT.decode(jwt));
}

Also used : ECPublicKey(java.security.interfaces.ECPublicKey) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ECDSAAlgorithmTest(com.auth0.jwt.algorithms.ECDSAAlgorithmTest) Test(org.junit.Test)

Example 23 with JWT

use of com.auth0.android.jwt.JWT in project kemenu-web by afdezcl.

the class RefreshTokenIntegrationTest method aCustomerCouldRefreshAToken.

@Test
void aCustomerCouldRefreshAToken() {
    HttpHeaders headers = webTestClient.post().uri("/public/refresh").body(Mono.just(RefreshTokenRequestHelper.from(generateRefreshToken())), RefreshTokenRequest.class).exchange().expectStatus().isOk().expectHeader().exists("Authorization").expectHeader().exists("JWT-Refresh-Token").expectBody().returnResult().getResponseHeaders();
    String newAccessToken = headers.get("Authorization").get(0);
    String newRefreshToken = headers.get("JWT-Refresh-Token").get(0);
    DecodedJWT decodedAccessToken = jwtService.decodeAccessToken(newAccessToken);
    DecodedJWT decodedRefreshToken = jwtService.decodeRefreshToken(newRefreshToken);
    assertEquals(randomCustomer.getEmail(), decodedAccessToken.getSubject());
    assertEquals(randomCustomer.getEmail(), decodedRefreshToken.getSubject());
}

Also used : HttpHeaders(org.springframework.http.HttpHeaders) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) KemenuIntegrationTest(com.kemenu.kemenu_backend.common.KemenuIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 24 with JWT

use of com.auth0.android.jwt.JWT in project mapsmessaging_server by Maps-Messaging.

the class AwsJwtLoginModule method login.

@Override
public boolean login() throws LoginException {
    // prompt for a user name and password
    if (callbackHandler == null) {
        throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
    }
    Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback("user name: ");
    callbacks[1] = new PasswordCallback("password: ", false);
    try {
        callbackHandler.handle(callbacks);
        username = ((NameCallback) callbacks[0]).getName();
        char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
        if (tmpPassword == null) {
            tmpPassword = new char[0];
        }
        String token = new String(tmpPassword);
        ((PasswordCallback) callbacks[1]).clearPassword();
        // Password should be a valid JWT
        RSAKeyProvider keyProvider = new AwsCognitoRSAKeyProvider(region, poolId);
        Algorithm algorithm = Algorithm.RSA256(keyProvider);
        JWTVerifier jwtVerifier = JWT.require(algorithm).withAudience(clientId).build();
        jwtVerifier.verify(token);
        return true;
    } catch (IOException ioe) {
        throw new LoginException(ioe.toString());
    } catch (UnsupportedCallbackException uce) {
        throw new LoginException("Error: " + uce.getCallback().toString() + " not available to garner authentication information " + "from the user");
    }
}

Also used : RSAKeyProvider(com.auth0.jwt.interfaces.RSAKeyProvider) IOException(java.io.IOException) Algorithm(com.auth0.jwt.algorithms.Algorithm) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) LoginException(javax.security.auth.login.LoginException) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) JWTVerifier(com.auth0.jwt.JWTVerifier)

Example 25 with JWT

use of com.auth0.android.jwt.JWT in project blogSpringBoot by lurenha.

the class TokenUtil method verify.

/**
 * 签名验证
 *
 * @param token
 * @return
 */
public static boolean verify(String token) {
    try {
        JWTVerifier verifier = JWT.require(Algorithm.HMAC256(TOKEN_SECRET)).withIssuer("peng").build();
        DecodedJWT jwt = verifier.verify(token);
        // System.out.println("过期时间：      " + jwt.getExpiresAt());
        return true;
    } catch (Exception e) {
        return false;
    }
}

Also used : JWTVerifier(com.auth0.jwt.JWTVerifier) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) JWTDecodeException(com.auth0.jwt.exceptions.JWTDecodeException)

Aggregations

DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)305 Test (org.junit.Test)217 Algorithm (com.auth0.jwt.algorithms.Algorithm)110 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)82 JWTVerifier (com.auth0.jwt.JWTVerifier)79 IOException (java.io.IOException)60 JWTVerificationException (com.auth0.jwt.exceptions.JWTVerificationException)54 ECDSAAlgorithmTest (com.auth0.jwt.algorithms.ECDSAAlgorithmTest)53 Date (java.util.Date)50 Claim (com.auth0.jwt.interfaces.Claim)36 RSAPublicKey (java.security.interfaces.RSAPublicKey)34 ECPublicKey (java.security.interfaces.ECPublicKey)27 ECDSAKeyProvider (com.auth0.jwt.interfaces.ECDSAKeyProvider)26 HashMap (java.util.HashMap)25 JWTDecodeException (com.auth0.jwt.exceptions.JWTDecodeException)20 Instant (java.time.Instant)20 JsonObject (com.google.gson.JsonObject)19 ServletException (javax.servlet.ServletException)19 JWT (com.auth0.jwt.JWT)18 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)18