Name: JWTDecode.Android
Owner: Auth0
Description: A library to help you decode JWTs for Android
Created: 2016-10-17 21:44:20.0
Updated: 2018-05-24 15:20:08.0
Pushed: 2018-02-02 23:26:49.0
Homepage: https://jwt.io
Size: 124
Language: Java
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Java library with focus on Android that provides Json Web Token (JWT) decoding.
The library is be available both in Maven Central and JCenter. To start using it add this line to your build.gradle
dependencies file:
ile 'com.auth0.android:jwtdecode:1.1.1'
Decode a JWT token
ng token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ";
jwt = new JWT(token);
A DecodeException
will raise with a detailed message if the token has:
Returns the Issuer value or null if it's not defined.
ng issuer = jwt.getIssuer();
Returns the Subject value or null if it's not defined.
ng subject = jwt.getSubject();
Returns the Audience value or an empty list if it's not defined.
<String> audience = jwt.getAudience();
Returns the Expiration Time value or null if it's not defined.
expiresAt = jwt.getExpiresAt();
Returns the Not Before value or null if it's not defined.
notBefore = jwt.getNotBefore();
Returns the Issued At value or null if it's not defined.
issuedAt = jwt.getIssuedAt();
Returns the JWT ID value or null if it's not defined.
ng id = jwt.getId();
The JWT token may include DateNumber fields that can be used to validate that the token was issued in a past date "iat" < TODAY
and that the expiration date is in the future "exp" > TODAY
. This library includes a method that checks both of this fields and returns the validity of the token. If any of the fields is missing they wont be considered. You must provide a positive amount of seconds as leeway to consider in the Date comparison.
ean isExpired = jwt.isExpired(10); // 10 seconds leeway
Additional Claims defined in the token can be obtained by calling getClaim
and passing the Claim name. If the claim can't be found, a BaseClaim will be returned. BaseClaim will return null on every method call except for the asList
and asArray
.
m claim = jwt.getClaim("isAdmin");
The Claim class is a wrapper for the Claim values. It allows you to get the Claim as different class types. The available helpers are:
To obtain a Claim as a Collection you'll need to provide the Class Type of the contents to convert from.
If the values inside the JSON Array can't be converted to the given Class Type, a DecodeException
will raise.
The JWT
class implements Parcelable so you can send it inside a Bundle
on any Android intent. i.e. using Android Activities:
n the first Activity
jwt = new JWT("header.payload.signature");
nt intent = new Intent(ProfileActivity.class, MainActivity.this);
nt.putExtra("jwt", jwt);
tActivity(intent);
hen in another Activity
jwt = (JWT) getIntent().getParcelableExtra("jwt");
You can also call at any time jwt.toString()
to get the String representation of the token that has given instance to this JWT. This is useful for instance if you need to validate some claims when you get a response, and then send the token back in the request header.
jwt = new JWT(res.getHeader("Authorization"));
!jwt.isExpired(0) && "auth0".equals(jwt.getIssuer())){
req.putHeader("Authorization", "Bearer " + jwt);
return;
se {
// Get a fresh token
Auth0 helps you to:
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
This project is licensed under the MIT license. See the LICENSE file for more info.