JOSE & JSON Web Token (JWT) Examples


JSON Web Signature (JWS) secures content, such as text, JSON or binary data, with a digital signature (RSA, EC or EdDSA) or a Hash-based Message Authentication Code (HMAC).

Create / verify JWS with generic payload and compact serialisation:

JWS with JSON serialisation:

JWS with detached and unencoded payload (RFC 7797):

JWS can also secure JSON Web Tokens (JWT):

JWS with Android PIN or biometric prompt to unlock the private key for signing:

JWS with the BouncyCastle FIPS provider:

Cloud KMS:


JSON Web Encryption (JWE) is for sending confidential content with integrity protection. Public / private (RSA and EC) as well as symmetric AES and ChaCha encryption are supported.

Create / decrypt JWE examples:

Framework for minting JWS objects and signed JWTs

Simple framework to aid the creation of JWS objects and signed JWTs:

Framework for processing JOSE objects and JWTs

The library includes a framework for handling tokens and messages secured with JOSE, such as JWT-encoded access tokens and OpenID Connect ID tokens. The framework follows the best current practises and was tested with a wide range of use cases.

JSON entity mapping

JSON entities are mapped to their most natural Java class counterparts.

Parsing JOSE and JWT objects

Parsing objects and tokens of a particular type (unsecured, JWS, JWE):

Parsing objects and tokens of any type (unsecured, JWS, JWE):


JSON Web Key (JWK):

X.509 certificates

Smart cards and Hardware Security Modules (HSM)