Docs
Browse docs

Java SDK

Java 17+ SDK. Uses standard JWT verification + JWKS resolution under the hood. Works with Spring Boot, Micronaut, Quarkus, Helidon, or bare servlet apps.

Install (Maven)

<dependency>
  <groupId>com.kolaylogin</groupId>
  <artifactId>kolaylogin</artifactId>
  <version>0.1.0</version>
</dependency>

Verify a session

var verifier = new com.kolaylogin.SessionVerifier(
  "https://api.kolaylogin.com",
  "https://example.com"
);
var claims = verifier.verify(sessionCookieValue);
String userId = claims.getSubject();
String orgId  = claims.getClaim("org").asString();

Admin client

var client = new com.kolaylogin.KolayLoginClient(
  "https://api.kolaylogin.com",
  System.getenv("KL_SECRET_KEY")
);

Map<String, Object> users = client.get("/v1/admin/users?limit=10");
Map<String, Object> org   = client.post("/v1/admin/organizations",
  Map.of("name", "Acme", "slug", "acme"));

Spring Security integration

Bridge SessionVerifier into a OncePerRequestFilter:

@Component
public class KolayLoginFilter extends OncePerRequestFilter {
  private final SessionVerifier verifier = new SessionVerifier("https://api.kolaylogin.com", null);
  @Override protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain next) throws IOException, ServletException {
    Cookie c = Arrays.stream(req.getCookies()).filter(x -> "__session".equals(x.getName())).findFirst().orElse(null);
    if (c != null) {
      try {
        var claims = verifier.verify(c.getValue());
        var auth = new UsernamePasswordAuthenticationToken(claims.getSubject(), null, List.of());
        SecurityContextHolder.getContext().setAuthentication(auth);
      } catch (Exception ignored) {}
    }
    next.doFilter(req, res);
  }
}
← Previous
Ruby
Next →
C# / .NET