auth0 · jack-harrison · Aug 11, 2017
@@ -2,11 +2,35 @@
 
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTDecodeException;
+import com.auth0.jwt.impl.JWTParser;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.auth0.jwt.interfaces.Verification;
 
 @SuppressWarnings("WeakerAccess")
-public abstract class JWT {
+public class JWT {
+
+    private final JWTParser parser;
+
+    /**
+     * Constructs a new instance of the JWT library. Use this if you need to decode many JWT
+     * tokens on the fly and do not wish to instantiate a new parser for each invocation.
+     */
+    public JWT() {
+        parser = new JWTParser();
+    }
+
+    /**
+     * Decode a given Json Web Token.
+     * <p>
+     * Note that this method <b>doesn't verify the token's signature!</b> Use it only if you trust the token or you already verified it.
+     *
+     * @param token with jwt format as string.
+     * @return a decoded JWT.
+     * @throws JWTDecodeException if any part of the token contained an invalid jwt or JSON format of each of the jwt parts.
+     */
+    public DecodedJWT decodeJwt(String token) throws JWTDecodeException {
+        return new JWTDecoder(parser, token);
+    }
 
     /**
      * Decode a given Json Web Token.

@@ -24,8 +24,11 @@ final class JWTDecoder implements DecodedJWT {
     private final Payload payload;
 
     JWTDecoder(String jwt) throws JWTDecodeException {
+        this(new JWTParser(), jwt);
+    }
+
+    JWTDecoder(JWTParser converter, String jwt) throws JWTDecodeException {
         parts = TokenUtils.splitToken(jwt);
-        final JWTParser converter = new JWTParser();
         String headerJson;
         String payloadJson;
         try {

@@ -6,31 +6,50 @@
 import com.auth0.jwt.interfaces.Payload;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.ObjectReader;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 
 import java.io.IOException;
 
 public class JWTParser implements JWTPartsParser {
-    private ObjectMapper mapper;
+    private final ObjectReader payloadReader;
+    private final ObjectReader headerReader;
 
     public JWTParser() {
         this(getDefaultObjectMapper());
     }
 
     JWTParser(ObjectMapper mapper) {
         addDeserializers(mapper);
-        this.mapper = mapper;
+        this.payloadReader = mapper.readerFor(Payload.class);
+        this.headerReader = mapper.readerFor(Header.class);
     }
 
     @Override
     public Payload parsePayload(String json) throws JWTDecodeException {
-        return convertFromJSON(json, Payload.class);
+        if (json == null) {
+            throw decodeException();
+        }
+
+        try {
+            return payloadReader.readValue(json);
+        } catch (IOException e) {
+            throw decodeException(json);
+        }
     }
 
     @Override
     public Header parseHeader(String json) throws JWTDecodeException {
-        return convertFromJSON(json, Header.class);
+        if (json == null) {
+            throw decodeException();
+        }
+
+        try {
+            return headerReader.readValue(json);
+        } catch (IOException e) {
+            throw decodeException(json);
+        }
     }
 
     private void addDeserializers(ObjectMapper mapper) {
@@ -47,16 +66,11 @@ static ObjectMapper getDefaultObjectMapper() {
         return mapper;
     }
 
-    @SuppressWarnings("WeakerAccess")
-    <T> T convertFromJSON(String json, Class<T> tClazz) throws JWTDecodeException {
-        JWTDecodeException exception = new JWTDecodeException(String.format("The string '%s' doesn't have a valid JSON format.", json));
-        if (json == null) {
-            throw exception;
-        }
-        try {
-            return mapper.readValue(json, tClazz);
-        } catch (IOException e) {
-            throw exception;
-        }
+    private static JWTDecodeException decodeException() {
+        return decodeException(null);
+    }
+
+    private static JWTDecodeException decodeException(String json) {
+        return new JWTDecodeException(String.format("The string '%s' doesn't have a valid JSON format.", json));
     }
 }
@@ -46,6 +46,15 @@ public void shouldDecodeAStringToken() throws Exception {
         assertThat(jwt, is(notNullValue()));
     }
 
+    @Test
+    public void shouldDecodeAStringTokenUsingInstance() throws Exception {
+        String token = "eyJhbGciOiJIUzI1NiIsImN0eSI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.mZ0m_N1J4PgeqWmi903JuUoDRZDBPB7HwkS4nVyWH1M";
+        JWT jwt = new JWT();
+        DecodedJWT decodedJWT = jwt.decodeJwt(token);
+
+        assertThat(decodedJWT, is(notNullValue()));
+    }
+
     // getToken
     @Test
     public void shouldGetStringToken() throws Exception {
@@ -55,6 +64,15 @@ public void shouldGetStringToken() throws Exception {
         assertThat(jwt.getToken(), is("eyJhbGciOiJIUzI1NiJ9.e30.XmNK3GpH3Ys_7wsYBfq4C3M6goz71I7dTgUkuIa5lyQ"));
     }
 
+    // getToken
+    @Test
+    public void shouldGetStringTokenUsingInstance() throws Exception {
+        JWT jwt = new JWT();
+        DecodedJWT decodedJWT = jwt.decodeJwt("eyJhbGciOiJIUzI1NiJ9.e30.XmNK3GpH3Ys_7wsYBfq4C3M6goz71I7dTgUkuIa5lyQ");
+        assertThat(decodedJWT, is(notNullValue()));
+        assertThat(decodedJWT.getToken(), is(notNullValue()));
+        assertThat(decodedJWT.getToken(), is("eyJhbGciOiJIUzI1NiJ9.e30.XmNK3GpH3Ys_7wsYBfq4C3M6goz71I7dTgUkuIa5lyQ"));
+    }
 
     // Verify
 

@@ -5,6 +5,7 @@
 import com.auth0.jwt.interfaces.Payload;
 import com.fasterxml.jackson.databind.Module;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.ObjectReader;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import org.junit.Before;
 import org.junit.Rule;
@@ -17,6 +18,7 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 public class JWTParserTest {
 
@@ -47,10 +49,12 @@ public void shouldAddDeserializers() throws Exception {
     @Test
     public void shouldParsePayload() throws Exception {
         ObjectMapper mapper = mock(ObjectMapper.class);
+        ObjectReader reader = mock(ObjectReader.class);
+        when(mapper.readerFor(Payload.class)).thenReturn(reader);
         JWTParser parser = new JWTParser(mapper);
         parser.parsePayload("{}");
 
-        verify(mapper).readValue("{}", Payload.class);
+        verify(reader).readValue("{}");
     }
 
     @Test
@@ -65,10 +69,12 @@ public void shouldThrowOnInvalidPayload() throws Exception {
     @Test
     public void shouldParseHeader() throws Exception {
         ObjectMapper mapper = mock(ObjectMapper.class);
+        ObjectReader reader = mock(ObjectReader.class);
+        when(mapper.readerFor(Header.class)).thenReturn(reader);
         JWTParser parser = new JWTParser(mapper);
         parser.parseHeader("{}");
 
-        verify(mapper).readValue("{}", Header.class);
+        verify(reader).readValue("{}");
     }
 
     @Test
@@ -81,27 +87,30 @@ public void shouldThrowOnInvalidHeader() throws Exception {
     }
 
     @Test
-    public void shouldConvertFromValidJSON() throws Exception {
-        String json = "\r\n { \r\n } \r\n";
-        Object object = parser.convertFromJSON(json, Object.class);
-        assertThat(object, is(notNullValue()));
+    public void shouldThrowWhenConvertingHeaderIfNullJson() throws Exception {
+        exception.expect(JWTDecodeException.class);
+        exception.expectMessage("The string 'null' doesn't have a valid JSON format.");
+        parser.parseHeader(null);
+    }
+
+    @Test
+    public void shouldThrowWhenConvertingHeaderFromInvalidJson() throws Exception {
+        exception.expect(JWTDecodeException.class);
+        exception.expectMessage("The string '}{' doesn't have a valid JSON format.");
+        parser.parseHeader("}{");
     }
 
     @Test
-    public void shouldThrowWhenConvertingIfNullJson() throws Exception {
+    public void shouldThrowWhenConvertingPayloadIfNullJson() throws Exception {
         exception.expect(JWTDecodeException.class);
         exception.expectMessage("The string 'null' doesn't have a valid JSON format.");
-        String json = null;
-        Object object = parser.convertFromJSON(json, Object.class);
-        assertThat(object, is(nullValue()));
+        parser.parsePayload(null);
     }
 
     @Test
-    public void shouldThrowWhenConvertingFromInvalidJson() throws Exception {
+    public void shouldThrowWhenConvertingPayloadFromInvalidJson() throws Exception {
         exception.expect(JWTDecodeException.class);
         exception.expectMessage("The string '}{' doesn't have a valid JSON format.");
-        String json = "}{";
-        Object object = parser.convertFromJSON(json, Object.class);
-        assertThat(object, is(nullValue()));
+        parser.parsePayload("}{");
     }
-}
+}