30 open-source projects similar to auth0/java-jwt, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Java Jwt alternative.
PyJWT is a Python library for encoding, decoding, and verifying JSON Web Tokens (JWTs). It provides comprehensive JWT functionality including algorithm-agnostic signing and verification, supporting both symmetric HMAC shared-secret cryptography and asymmetric RSA/ECDSA public-key cryptography for flexible trust models. The library implements a claim-based validation pipeline that checks issuer, audience, expiration, and other time-based claims during token decoding, with configurable clock skew tolerance for distributed systems. It requires callers to explicitly specify allowed signing algori
This project is a JSON Web Token implementation library and toolkit for encoding, signing, and validating tokens. It provides the necessary functions to manage token claims and payloads for user authentication and authorization. The library supports both symmetric and asymmetric cryptography, allowing for the use of shared secrets or public-private key pairs. It enables the creation of signed tokens and the verification of their authenticity and integrity to prevent data tampering. The toolkit covers a broad range of identity and access control capabilities, including the embedding of custom
jwt-go is a Go library for creating, parsing, and verifying signed JSON Web Tokens. It provides a pluggable signing interface that supports multiple cryptographic algorithms, including HMAC, RSA, ECDSA, and RSA-PSS, allowing tokens to be signed and verified with different security properties. The library is built around a signing-method registry and a token-parsing pipeline that splits a JWT string into its header, payload, and signature segments for validation. It includes typed error classification for common failure modes such as invalid signatures, expired tokens, or malformed input, and
This is a Java library and framework for creating, parsing, and validating JSON Web Tokens within Java and Android applications. It provides a comprehensive toolkit for handling signed and encrypted tokens, including the generation and verification of JWS and JWE objects. The project differentiates itself through a flexible architecture that supports pluggable JSON serialization and custom signature algorithms. It includes a dedicated key manager for generating, encoding, and organizing JSON Web Keys and key sets, as well as support for hardware security module integration. The library cover
Authlib is a comprehensive Python library for building and integrating OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a unified set of tools to manage authentication and authorization flows, allowing applications to either act as a client connecting to external identity providers or as a provider issuing tokens and managing user identities. The project distinguishes itself through a full implementation of the JOSE standards, offering a suite of cryptographic tools for generating, signing, encrypting, and validating JSON Web Tokens, Signatures, Encryption, and Keys.
This project is a PHP library for implementing a spec-compliant OAuth 2.0 authorization server. It serves as an authentication framework for managing user identities and client authorizations, providing the necessary components to issue and validate access and refresh tokens. The server supports a wide range of standardized authorization flows, including authorization code exchange, device grants, implicit flows, and PKCE enforcement. It handles complex token lifecycles through refresh token rotation, scope management, and the use of asymmetric keys for signing digital tokens. The system pro
This project is a command-line tool for managing public key infrastructure and digital identities. It provides a comprehensive suite for X.509 certificate lifecycle management, including the generation, signing, renewal, and revocation of certificates and signing requests. The tool distinguishes itself through specialized security capabilities such as binding cryptographic credentials to TPMs and HSMs for hardware-backed identity attestation. It also provides dedicated support for machine identity security, using short-lived SSH certificates and mTLS to secure non-human workloads. Broad capa
This is a PHP library for generating, parsing, and validating JSON Web Tokens and JSON Web Signatures. It serves as a cryptographic claim handler and token validation engine used to securely exchange identity information between services. The project provides an implementation of the JSON Web Signature standard to create signed digital tokens. It allows for the encoding of identity claims and the application of cryptographic signatures to ensure data transmission remains secure. The library covers the full lifecycle of token management, including the creation of signed tokens, decoding of to
Satellizer is an authentication library for AngularJS applications designed to manage user sign-in and session persistence using security tokens. It functions as a client-side implementation for exchanging credentials for tokens and attaching authorization headers to network requests. The library handles identity integration through a token manager that supports both email-based authentication and external OAuth providers. It enables the authorization of users via third-party services using secure popup windows and allows for linking or unlinking external accounts to a user profile. The proj
This project is a boilerplate for building RESTful web services using Node.js, Express, and Mongoose. It provides a structured foundation for developing backend applications, incorporating schema-driven data modeling to manage database interactions and a middleware-based pipeline to handle request processing and validation. The framework distinguishes itself by integrating token-based stateless authentication to secure API endpoints and manage user identity. It includes built-in support for containerization, allowing the application to be packaged into portable images for consistent deploymen
SpringBoot-Shiro-Vue is a permission management framework and role-based access control system. It provides a backend implemented with Spring Boot and a frontend built with Vue.js to manage user roles and map them to specific interface and API access rights. The project utilizes a token-based authentication system to verify user identities and enable stateless communication between the frontend and backend. It implements granular UI permission control to show or hide specific buttons and interface elements based on the current user's assigned access rights. The framework covers API security
Sinopia is a private npm registry server used for hosting, managing, and distributing private packages and scoped modules within an internal network. It functions as a private package manager that controls access to internal code through user authentication and encrypted tokens. The system provides a caching layer that stores public registry packages locally to reduce bandwidth and improve installation speeds. It also includes a web-based interface for exploring packages, viewing documentation, and managing the state of the registry. The project covers a broad range of package management cap
Pocket ID is a self-hosted OpenID Connect (OIDC) identity provider that replaces traditional passwords with passkey-based authentication using WebAuthn public-key cryptography. It runs as a standalone service on user-managed infrastructure, eliminating shared secrets entirely by authenticating users through passkeys instead of passwords. The project distinguishes itself through security-hardened deployment patterns, including distroless container images, non-root user execution, and read-only root filesystems to reduce the attack surface. It supports configurable token signing algorithms (RSA
This project is a Node.js library for implementing and managing JSON Web Tokens. It functions as a cryptographic token manager and authentication tool used to sign, verify, and decode tokens to securely transmit claims between parties. The library supports both symmetric and asymmetric signing algorithms, including HMAC and RSA. It enables the creation of digitally signed tokens using secrets or private keys, and provides mechanisms to validate token signatures and verify embedded claims such as expiration and issuer. The tool covers a range of identity and access capabilities, including sta
The Hugging Face Hub Python client is a library that provides programmatic access to the Hugging Face Hub, a centralized platform for hosting and collaborating on machine learning models, datasets, and demo applications. It serves as the primary SDK for interacting with the Hub's API, enabling users to download and upload models and datasets, manage repositories, authenticate via tokens or OAuth, and run inference on hosted models through a unified interface. The client distinguishes itself through a comprehensive set of capabilities that go beyond basic file transfer. It includes a CLI exten
This project is a technical tutorial and guide for implementing user identity and session management using JSON Web Tokens. It focuses on building a secure login system that verifies user identities in web and mobile applications. The material covers the full lifecycle of token-based security, including the issuance and validation of authentication tokens and the management of stateless sessions. It provides instructions on maintaining persistent user sessions through client-side storage and implementing session revocation to invalidate specific or all active tokens. The implementation detai
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
Authlib is a comprehensive Python framework for implementing OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a complete toolkit for identity management, spanning the development of authorization servers, resource servers, and client-side integrations. The library distinguishes itself through a full implementation of the JOSE specifications, including JSON Web Tokens, Encryption, Signatures, and Keys. It features specialized capabilities for non-interactive authentication via service account assertion frameworks and a compliance-correction layer designed to handle ide
This is a JSON Web Token authentication package for the Django REST Framework that manages stateless user identities. It serves as an authentication provider and token manager used to issue and validate signed tokens to maintain user sessions across multiple requests. The project implements a dual-token lifecycle, issuing short-lived access tokens and long-lived refresh tokens to balance security with session persistence. It features token rotation to prevent replay attacks and a blacklisting system to invalidate compromised credentials. Additionally, it supports sliding-window expiration to
Moltworker is an AI agent sandbox and model orchestrator designed for the secure execution of untrusted code and shell commands generated by large language models. It functions as a gateway proxy that routes requests to multiple AI providers through a unified interface, integrating a container runtime backed by S3-compatible object storage to persist state across ephemeral lifecycles. The system distinguishes itself by combining an AI model orchestrator with a headless browser controller for automated web scraping and screenshot capture. It manages the full lifecycle of AI agents, including m
Fonoster is a conversational AI framework and multi-tenant communications platform as a service. It serves as a programmable voice gateway and SIP telephony platform, enabling the creation of voice-based assistants and automated communication workflows using large language models. The project distinguishes itself through a vendor-agnostic speech integration engine that abstracts speech-to-text and text-to-speech providers. It features a multi-tenant architecture that isolates telephony resources and user identities into distinct organizational workspaces. The system covers a broad range of t
Vapor is a comprehensive server-side web framework designed for building scalable, high-performance applications and APIs in Swift. It provides a non-blocking, event-loop-based runtime that manages concurrent task processing, background job queues, and asynchronous request handling. The framework is built around a dependency injection container that manages the lifecycle and resolution of services, configurations, and database connections throughout the request pipeline. The framework distinguishes itself through a protocol-oriented design that emphasizes type safety across all layers of the
Salvo is a comprehensive Rust web framework for building asynchronous HTTP servers and web applications. It features a hierarchical web router that uses a tree-based structure to map requests to handlers and an asynchronous middleware pipeline based on the onion model for request and response pre- and post-processing. The framework is distinguished by its native support for modern network protocols, including a QUIC-based HTTP/3 implementation alongside HTTP/1 and HTTP/2. It includes an integrated OpenAPI documentation generator that extracts schemas directly from handler signatures to produc
Vendure is a Node.js e-commerce engine and headless commerce framework built with NestJS and TypeScript. It serves as a multi-channel commerce platform that manages product catalogs, orders, and customers via a strongly typed GraphQL API. The platform is distinguished by its highly extensible architecture, featuring a customizable administrative dashboard where developers can inject custom React components and entity views. It supports multi-channel commerce, allowing the isolation of products, currencies, and regional catalogs from a single unified backend. The engine covers a broad range o
release-it is a Git release automation tool designed to coordinate software versioning, changelog generation, and package publishing. It functions as a semantic versioning manager that increments project versions and updates configuration files based on semantic standards or custom schemes. The project distinguishes itself through a plugin-based extension system that allows for custom versioning and publishing logic. It supports complex project structures via monorepo versioning automation to synchronize internal dependencies across multiple workspaces. The tool covers a broad range of capab
FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone
jose is a cryptography library for signing, encrypting, and verifying tokens and messages using the JSON Object Signing and Encryption standards. It provides a toolkit for the implementation of JSON Web Tokens, JSON Web Signatures, and JSON Web Encryption. The library serves as a high-level interface for the Web Crypto API, allowing for the generation, import, and export of symmetric secrets and asymmetric key pairs. It handles the encryption and decryption of web messages and the validation of digital signatures to ensure data integrity and identity. Its capabilities cover cryptographic key
slskd is a headless network daemon and peer-to-peer file-sharing server for the Soulseek network. It functions as a network client and API gateway, allowing users to search for and share files via a web interface or a REST API. The project distinguishes itself through a focus on automation and remote management, featuring event-driven triggers that can execute system scripts or send webhooks. It supports advanced network routing via SOCKS5 proxies and provides a flexible deployment model that includes a dockerized client with volume mapping and environment-based configuration. The system cov
This project is a comprehensive educational resource designed to help developers master object-oriented design and architectural patterns. It serves as a structured reference for understanding how to organize classes and objects to improve code maintainability, resolve recurring development challenges, and prepare for technical engineering assessments. The guide covers the three primary categories of design patterns: creational, structural, and behavioral. Each pattern is explained through practical examples that demonstrate how to manage object instantiation, simplify complex interfaces, and
Mercure is an HTTP-based message broker and real-time pub/sub server that routes asynchronous data updates to authorized subscribers. It functions as a centralized hub that receives data via standard HTTP requests and broadcasts it to web clients using the Server-Sent Events protocol. The project distinguishes itself by replacing WebSockets with a unidirectional HTTP connection, leveraging HTTP/2 and HTTP/3 for multiplexed, low-latency delivery. It implements a secure access control layer using JSON Web Tokens and JSON Web Signatures to validate the identity of publishers and subscribers, and