Include the dependency

For Apache Maven:


For Gradle:

compile 'com.okta.jwt:okta-jwt-verifier:0.2.0'

Use the API

We can create a simple Servlet example by creating a Filter:

@WebFilter(urlPatterns = {"/api/*"})
public static class OktaAccessTokenFilter implements Filter {

    private JwtVerifier jwtVerifier;

    public void init(FilterConfig filterConfig) throws ServletException {

        try {
            this.jwtVerifier = new JwtHelper()

        } catch (IOException e) {
            throw new ServletException("Failed to create JWT Verifier", e);

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 
                                                 throws IOException, ServletException {

        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;

        String authHeader = httpRequest.getHeader("Authorization");

        if (authHeader != null
                && !authHeader.isEmpty()
                && authHeader.startsWith("Bearer ")) {

            // Strip the auth type
            String jwtString = authHeader.replaceFirst("^Bearer ", "");

            try {
                chain.doFilter(request, response);

            } catch (JoseException e) {
                httpRequest.getServletContext().log("Failed to decode Access Token", e);

        httpResponse.setHeader("WWW-Authenticate", "Bearer realm=\"Okta-Servlet-Example\"");
        httpResponse.sendError(401, "Unauthorized");

Next up is to create a Servlet for the ‘/api/messages’ endpoint we defined in the above client:

public class ExampleServlet extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response) 
                                                     throws ServletException, IOException {
        // handle request

For more examples and other project information check out okta/okta-jwt-verifier-java on Github.