Search code examples
spring-bootjwted25519nimbus-jose-jwteddsa

How to verify jwt token in spring boot?


I want to implement JWT verification in my spring boot application. The algorithm we used for signing token is Ed25519\EDDSA .

I don't find right dependency/library to implement Jwt verifier using ED25519 algorithm.

Can someone suggest maven dependency to validate JWT token ?


Solution

  • The answer comes late but I just tried to solve the same problem and decided to share my conclusions.

    I'd use Spring Security with the OAuth 2.0 Resource Server to validate JWTs.

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
    </dependency>
    

    However, Spring Security's default JWT Decoder NimbusJwtDecoder does not support EdDSA (see list of supported signature algorithms. You will have to write your own JWTDecoder.

    Luckily, Spring Security depends on Nimbus JOSE+JWT library that already supports EdDSA. To validate an EdDSA signature with the library, add the following dependency:

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.6.1</version>
    </dependency>
    

    Your code will at some point call the following lines, where encodedJwt is the encoded jwt string.

    SignedJWT signedJWT = SignedJWT.parse(encodedJwt);
    
    JWSVerifier verifier = new Ed25519Verifier(publicJWK);
    assertTrue(signedJWT.verify(verifier));
    
    

    The complete example can be found here: https://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-eddsa