What substitute can I use for Java Spring's Jwts.signWith() deprecated method?

Question

I need to use JWT in mi API, and the IDE tells me that the .signWith() method is deprecated. So far I use the @Deprecated annotation, but I think this is not so good practice.

This is my example code:

@Deprecated
public String generateToken(UserDetails userDetails) {
    return Jwts.builder().setSubject(userDetails.getUsername()).setIssuedAt(new Date())
            .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 10))
            .signWith(SignatureAlgorithm.HS256, KEY).compact();
}

Check this answer: https://stackoverflow.com/questions/55102937/how-to-create-a-spring-security-key-for-signing-a-jwt-token — Santiago Carrillo, Feb 14 '23 at 23:53

sorifiend · Answer 1 · 2022-09-08T02:02:03.013

As per the source code you need to flip the variables so that Key comes first:

@deprecated since 0.10.0: use {@link #signWith(Key, SignatureAlgorithm)} instead. This method will be removed in the 1.0 release.
@Deprecated
JwtBuilder signWith(SignatureAlgorithm alg, Key key) throws InvalidKeyException;

So as per the deprecated comment, the correct usage would be:

signWith(KEY, SignatureAlgorithm)

Using the deprecated method and @deprecated annotation is not a solution if you ever intend to upgrade to version 1.0 or a newer version of the library in the future.

What substitute can I use for Java Spring's Jwts.signWith() deprecated method?

1 Answers1