Get401 Auth Core

get401-auth-core is the foundational Java library for the Get401 identity platform. It provides core security annotations, JWT verification primitives, and dynamic Ed25519 public key provisioning. Framework-specific integrations (such as Spring SDK) are built on top of this library.

GitHub: get401/get401-java-auth-core

Requirements

  • Java 21 or higher

Installation

Gradle

dependencies {
    implementation 'com.get401:get401-auth-core:0.0.1-SNAPSHOT'
}

Maven

<dependency>
    <groupId>com.get401</groupId>
    <artifactId>get401-auth-core</artifactId>
    <version>0.0.1-SNAPSHOT</version>
</dependency>

Security Annotations

Three annotations cover the full range of token-based access control.

Annotation Description
@AuthGet401 Requires a valid, verifiable JWT (via aact cookie)
@VerifyRoles({"role"}) JWT must contain at least one of the specified roles
@VerifyScope({"scope"}) JWT scope string must contain all of the specified scopes

Annotations can be applied at the class level (all methods) or individual method level.

import com.get401.auth.core.annotation.AuthGet401;
import com.get401.auth.core.annotation.VerifyRoles;
import com.get401.auth.core.annotation.VerifyScope;
 
@AuthGet401
public class SecureController {
 
    @VerifyRoles({"admin", "editor"})
    public String editArticle() {
        return "Editing authorized.";
    }
 
    @VerifyScope({"read:billing", "write:billing"})
    public String updateBilling() {
        return "Billing updated.";
    }
}

JwtPublicKeyProvider

JwtPublicKeyProvider is a thread-safe component that fetches and caches your application's Ed25519 public key from the Get401 API. It uses your appId and origin as authentication headers against https://app.get401.com/v1/apps/auth/public-key.

import com.get401.auth.core.JwtPublicKeyProvider;
import java.security.PublicKey;
 
String appId = "your-get401-app-id";
String origin = "https://yourdomain.com";
String get401BaseUrl = "https://app.get401.com"; // or null for default
 
JwtPublicKeyProvider keyProvider = new JwtPublicKeyProvider(appId, origin, get401BaseUrl);
 
// Fetches once, then returns from cache on every subsequent call
PublicKey publicKey = keyProvider.getPublicKey();

The parsed key is cached in memory after the first successful fetch, so subsequent calls have virtually zero latency.

Technical Details

  • Algorithm - Ed25519 elliptic curve, verified via Java KeyFactory
  • Transport - Java 21 built-in HTTP Client with HTTP/2
  • API headers - X-App-Id and Origin are sent on every key fetch request
  • Dependencies - Exposes jackson-databind, jjwt-api, and slf4j-api to dependent applications

Relationship to Other SDKs

get401-auth-core is a pure library with no framework dependencies. It is used internally by the Spring SDK (get401-auth-spring), which wires the interceptor into the Spring MVC request lifecycle automatically.

← PreviousSpring SDKNext →Express SDK