JWTDecode.Android
A library to help you decode JWTs for Android
> **Note** > As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience. > > While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a re... The project is written primarily in Java, distributed under the MIT License license, first published in 2016. Key topics include: dx-sdk.
Note
As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.
📚 Documentation • 🚀 Getting Started • 💬 Feedback
Documentation
Getting Started
Installation
The library is be available both in Maven Central and JCenter. To start using it add this line to your build.gradle dependencies file:
groovyimplementation 'com.auth0.android:jwtdecode:2.0.2'
Usage
Decode a JWT token
javaString token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"; JWT jwt = new JWT(token); String issuer = jwt.getIssuer(); //get registered claims String claim = jwt.getClaim("isAdmin").asString(); //get custom claims boolean isExpired = jwt.isExpired(10); // Do time validation with 10 seconds leeway
A DecodeException will raise with a detailed message if the token has:
- An invalid part count.
- A part not encoded as Base64 + UTF-8.
- A Header or Payload without a valid JSON format.
Checkout EXAMPLES for more details on how to use the library
Feedback
Contributing
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
Raise an issue
To provide feedback or report a bug, please raise an issue on our issue tracker.
Vulnerability Reporting
Please do not report security vulnerabilities on the public Github issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
<p align="center"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150"> <source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150"> <img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150"> </picture> </p> <p align="center">Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout <a href="https://auth0.com/why-auth0">Why Auth0?</a></p> <p align="center"> This project is licensed under the MIT license. See the <a href="https://github.com/auth0/JWTDecode.Android/blob/master/LICENSE"> LICENSE</a> file for more info.</p>
Contributors
Showing top 12 contributors by commit count.
Related Repositories
auth0/java-jwt
Java implementation of JSON Web Token (JWT)
auth0/jwt-decode
Decode JWT tokens; useful for browser applications.
auth0/angular2-jwt
Helper library for handling JWTs in Angular apps
auth0/nextjs-auth0
Next.js SDK for signing in with Auth0
auth0/go-jwt-middleware
A Middleware for Go Programming Language to check for JWTs on HTTP requests
auth0/lock
Auth0's signin solution