Programming language: Java
License: MIT License
Tags: Security     Projects    
Latest version: v0.21.2

Jwks RSA alternatives and similar libraries

Based on the "Security" category.
Alternatively, view Jwks RSA alternatives based on common mentions on social networks and blogs.

  • Tink

    DISCONTINUED. Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
  • DependencyCheck

    OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
  • Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
    Promo www.influxdata.com
    InfluxDB Logo
  • OpenAM

    OpenAM is an open access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.
  • Topaz

    Cloud-native authorization for modern applications and APIs
  • SSLContext-Kickstart

    ๐Ÿ” A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Available client examples are: Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, Vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k Kohttp and Ktor. Also gRPC, WebSocket and ElasticSearch examples are included
  • Passay

    Password policy enforcement for Java.
  • Kalium

    DISCONTINUED. Java binding to the Networking and Cryptography (NaCl) library with the awesomeness of libsodium
  • Password4j

    Java cryptographic library that supports Argon2, bcrypt, scrypt and PBKDF2 aimed to protect passwords in databases. Easy to use by design, highly customizable, secure and portable. All the implementations follow the standards and have been reviewed to perform better in the JVM.
  • OTP-Java

    A small and easy-to-use one-time password generator library for Java implementing RFC 4226 (HOTP) and RFC 6238 (TOTP).
  • SecurityBuilder

    Fluent builders with typesafe API for the JCA
  • JObfuscator

    JObfuscator is a source code obfuscator for the Java language. Protect Java source code & algorithms from hacking, cracking, reverse engineering, decompilation & technology theft.
  • jwt-java

    JSON Web Token implementation for Java according to RFC 7519. Easily create, parse and validate JSON Web Tokens using a fluent API.

Do you think we are missing an alternative of Jwks RSA or a related project?

Add another 'Security' Library


A Java library for obtaining JSON Web Keys from a JWKS (JSON Web Key Set) endpoint.

CircleCI Coverage Status License Maven Central javadoc

:books: Documentation - :rocket: Getting Started - :computer: API Reference :speech_balloon: Feedback


  • [Examples](./EXAMPLES.md) - code samples for common jwks-rsa-java scenarios.
  • Docs site - explore our docs site and learn more about Auth0.

Getting Started


Java 8 or above.


Add the dependency via Maven:


or Gradle:

implementation 'com.auth0:jwks-rsa:0.21.2'


The JSON Web Tokens you obtain from an authorization server include a key id header parameter ("kid"), used to uniquely identify the Key used to sign the token.

Given the following JWT:


Decode it using a JWT library or tool like jwt.io and extract the kid parameter from the Header claims.

  "typ": "JWT",
  "alg": "RS256",

The kid value can then be used to obtain the JWK using a JwkProvider.

Create a JWKProvider using the domain from which to fetch the JWK. The provider will use the domain to build the URL https:{your-domain}/.well-known/jwks.json:

JwkProvider provider = new JwkProviderBuilder("https://samples.auth0.com/")

A Jwk can be obtained using the get(String keyId) method:

java Jwk jwk = provider.get("{kid of the signing key}"); // throws Exception when not found or can't get one

The provider can be configured to cache JWKs to avoid unnecessary network requests, as well as only fetch the JWKs within a defined rate limit:

JwkProvider provider = new JwkProviderBuilder("https://samples.auth0.com/")
        // up to 10 JWKs will be cached for up to 24 hours
        .cached(10, 24, TimeUnit.HOURS)
        // up to 10 JWKs can be retrieved within one minute
        .rateLimited(10, 1, TimeUnit.MINUTES)

See the [examples](./EXAMPLES.md) for additional configurations.

API Reference



We appreciate feedback and contribution to this repo! Before you get started, please see the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public Github issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0? This project is licensed under the MIT license. See the LICENSE file for more info.

*Note that all licence references and agreements mentioned in the Jwks RSA README section above are relevant to that project's source code only.