How to fix parser() is deprecated and 'setSigningKey(java.security.Key)' is deprecated?

Question

public boolean validateToken(String jwt){

    Jwts.parser().setSigningKey(key).parseClaimsJws(jwt);

    return true;

}

Usually when methods are deprecated the documentation contains an explanation of why this is the case and what alternative approach you should take. — Jeroen Steenbeeke, Aug 25 '22 at 11:56

Charles · Answer 1 · 2022-11-19T22:19:13.887

11

Take a look at this documentation. You might want to do something like this.

Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(jwt);

edited Nov 19 '22 at 22:19

answered Sep 26 '22 at 15:13

Charles

251
4
12

Carl Hyslop · Answer 2 · 2023-02-19T11:28:07.213

4

Charles answer solves one problem, but there are two deprecated methods here: parser() and setSigningKey(). In order to avoid both deprecations, the following code is required:

SecretKey secret = Keys.hmacShaKeyFor(Decoders.BASE64.decode(key));
Jwts.parserBuilder().setSigningKey(secret).build().parseClaimsJws(jwt);

You can read more about this at https://github.com/jwtk/jjwt#jws-create-key

edited Feb 19 '23 at 11:28

answered Feb 19 '23 at 11:27

Carl Hyslop

41
5

How to fix parser() is deprecated and 'setSigningKey(java.security.Key)' is deprecated?

2 Answers2