How to verify a JWT token in Java | JWT, Keycloak, RSA256 and Auth0
Рет қаралды 16,735
Күн бұрынIn this video, I will show you how to validate the JWT token in a Java application. We will use the Auth0 library to check if a Keycloak issued JWT token comes from a trusted issuer if the signature verification (RSA256 in this case) is correct and if the token has not expired yet.
As part of the process, we will also load the Keycloak public key and talk about storing the public key locally and how to make everything faster with guava cache.
We will wrap everything in a nice JwtValidator class to be used anywhere you want to.
What are JWT tokens and how to use them: • What is JWT? The JSON ...
Code example: github.com/ps-after-hours/jwt...
#quadmeup #jwt #keycloak
If you want to support me:
✅ Patreon / pawelspychalski
✅ Banggood affiliate bit.ly/2P8oAxr
✅ Paypal paypal.me/pawelspychalski
▶ Discord server quadmeup.com/discord
▶ My website quadmeup.com/
@PSAfterHours 2 жыл бұрын
What are JWT tokens and how to use them: kzfaq.info/get/bejne/b9RyqJii2bzcfYE.html
@himanshutech8320 8 ай бұрын
excellent video explaining what is required to validate the token.
@chanakadushmantha3775 7 ай бұрын
most explained video on KZfaq for jwt validation.
@mikedodds1227 5 ай бұрын
This video and supplies code was very helpful to me. Thanks!
@ahmadalkhatib3487 2 жыл бұрын
You made it absolutely clear, Thanks !
@PSAfterHours 2 жыл бұрын
Glad it helped!
@juroltv3119 Жыл бұрын
Thank you, so much sir. This really helps me, I can now go to bed peacefully 😅
@manikantamani3054 2 жыл бұрын
Salute for you🙏🏻 saved me
@PSAfterHours 2 жыл бұрын
glad I could help1
@user-pp3rs6qz3o Жыл бұрын
Thank you so much. That is great!
@PSAfterHours Жыл бұрын
Thanks
@manikantamani3054 2 жыл бұрын
Much Thanks 🙏🏻
@PSAfterHours 2 жыл бұрын
You're welcome!
@user-cf2jo7vo8p 10 ай бұрын
Cool🎉❤
@mritunjaydwivedi1753 8 ай бұрын
Explained very nicely. I have some points though, I am actually interested as Keycloak was mentioned. 1. ES256 algo curve P-256 public key using OpenSSL commands import the public key in keycloak throws an error. InvalidKeySpecException: Encode key spec did not recognize: algorithm identifiers ***** 2. RS/HS256 JWT is working. 3. Added ES256 provider in Keycloak. Am I supposed to make some custom implementation in keycloak adapters?
@davolidobry 2 жыл бұрын
How to deactivate JWT at backend? It is needed to blacklist them? Are we forced to log out at frontend-only (by deleting token from our client)?
@PSAfterHours 2 жыл бұрын
1 - keep access token short lived - if you deactivate the user then he would have to relogin with refresh token 2 - token can not be revoked. You can have a "blacklist" of revoked tokens, but if they are short lived (a few seconds) that it makes no sense to be honest 3 - if user logs out, then you have to remove the token from the client (assuming you have the control over the client app)
@cbsflows1041 2 жыл бұрын
Pawel i try to contact you about somethings. Is there any email adres to contact you?
@PSAfterHours 2 жыл бұрын
sure, pspychalski@gmail.com
KiKiDo
Рет қаралды 3,5 МЛН
KiKiDo
Рет қаралды 3,5 МЛН