[SOLVED] How to set JWT type in JWT Header

How to set JWT type in JWT Header

Not able to set the JWT token typ in token header.

This is for making secure API's which I have already developed in JAX-RS. Basically i have generating a token by Jwts.builder() method, and in return i am getting token in APPLICATION_JSON, ant i paste this token at https://jwt.io/ Debugger. So i got to know that there is no token type specified token header, there is only { "alg": "HS512" }

Maybe this could be a reason that I cannot access secured API's. When I try to access secured API's then i got "Signed Claims JWSs are not supported" exception.

private String issueToken(String login, String password) {

        LocalDateTime now = LocalDateTime.now().plusMinutes(10L);
        Instant instant = now.atZone(ZoneId.systemDefault()).toInstant();
        Date jwtExpiry = Date.from(instant);
        
        String jwtToken = Jwts.builder().setSubject(login).setIssuer("XYZ").setIssuedAt(new Date())
                .setExpiration(jwtExpiry).signWith(SignatureAlgorithm.HS512, "secretKey").compact();
        return jwtToken;
}

public class JWTTokenNeededFilter implements ContainerRequestFilter 
{
    public static final Logger logger = Logger.getLogger(JWTTokenNeededFilter.class);

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        String token = requestContext.getHeaderString("userToken");
        if (token == null) {
            requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        }

        try {
            Jwts.parser().setSigningKey("secretKey").parseClaimsJwt(token);

            logger.info("Valid Token " + token);

        } catch (ExpiredJwtException expiredJwtException) {
            logger.info("Token Expires " + expiredJwtException);
            requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        }

        catch (Exception exception) {
            logger.info("Exceptioin " + exception);
            requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        }
    }
}

I am expecting token header like this

{ "alg": "HS512", "typ": "JWT" }

Solution

You can set using header as explained here : https://github.com/jwtk/jjwt/issues/174

Header header = Jwts.header();
header.setType("JWT");

Then set header to builder (I haven't compiled the code)

private String issueToken(String login, String password) {

    LocalDateTime now = LocalDateTime.now().plusMinutes(10L);
    Instant instant = now.atZone(ZoneId.systemDefault()).toInstant();
    Date jwtExpiry = Date.from(instant);

    Header header = Jwts.header();
    header.setType("JWT");
    //set additional headers
    String jwtToken = 
       Jwts.builder().setHeader((Map<String, Object>) 
        header).setSubject(login).setIssuer("XYZ").setIssuedAt(new 
        Date())
            .setExpiration(jwtExpiry).signWith(SignatureAlgorithm.HS512, 
          "secretKey").compact();
    return jwtToken;
}