Atlassian JWT is a library for authenticating requests containing JWTs (JSON Web Tokens) in the query string or Authorization header. It is based on the 11th draft of the JSON Web Token IETF memo by the OAuth Working Group.
See the JWT draft for more information on making JWT authenticated requests.
How do I..
mvn clean install from the root directory. (Append
-DskipTests if you want to skip the tests.)
Run atlassian-jwt in an Atlassian product
Build atlassian-jwt, install the Atlassian SDK, then run
atlas-debug -Dproduct=jira from the
The collection of interfaces and utility classes that form the stable API of atlassian-jwt.
The reference implementation of jwt-api.
A set of services for issuing and verifying JWTs to/from applications linked via application-links.
An Atlassian plugin that bundles jwt-api, jwt-core and jwt-applinks modules.
An Atlassian plugin that is deployed alongside jwt-test-plugin to expose test functionality needed by the jwt-integration-tests module.
This module should never be deployed in production.
A light-weight Jetty application and set of test classes that run against an Atlassian application.
Supported Signing Algorithms
Atlassian JWT supports the following JWA signing algorithms:
- HMAC SHA-256 ("HS256")
Atlassian products should add the jwt-plugin as a bundled plugin.
Optionally, an Atlassian product may include the jwt-api, jwt-core and jwt-applinks libraries in their WEB-INF/lib directory and look up the implementations provided by jwt-plugin via OSGi. In this way JWT services may be used from the product core.
3rd party applications
Since atlassian-applinks is non-trivial to implement, 3rd party applications should embed only the jwt-api and jwt-core libraries. The integration-tests module contains an example Jetty application that embed jwt-api and jwt-core as a reference.