Java 21 Jwts parser() is deprecated

Question

I am trying to learn the Spring Security part and use a JWT token with Spring using the 'Jwts' library 0.12.5.

I was following a tutorial which presented this way:

private Claims extractAllClaims(String token){
    return Jwts.parser()
            .setSigningKey(getSignInKey())
            .build()
            .parseSignedClaims(token)
            .getBody();

    }

private Key getSignInKey(){
    byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY);
    return Keys.hmacShaKeyFor(keyBytes);
}

I saw the fact that 'getBody', 'parseSignedClaims' and 'setSigningKey' were deprecated, and I have tried to adapt to this:

private Claims extractAllClaims(String token){
    return Jwts.parser()
            .setSigningKey(getSignInKey())
            .build()
            .parseSignedClaims(token)
            .getPayload();
}

private Key getSignInKey(){
    byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY);
    return Keys.hmacShaKeyFor(keyBytes);
}

But I still use the 'setSigningKey'. I saw some old questions from the stack, but all of them contain deprecated parts. What is a better way to do it?

Thank you for your time!

Answer 1

to get claims

private Claims extractAllClaims(String token){
 return Jwts.parser()
.verifyWith(getSignInKey())
.build()
.parseSignedClaims(token)
.getPayload();
}

to generate token

 public String generateToken(UserDetails userDetails) {
  
    return Jwts.builder()
            .subject(userDetails.getUsername())
            .issuedAt(new Date(System.currentTimeMillis()))
            .expiration(new Date(System.currentTimeMillis() +    TOKEN_VALIDITY))
            .signWith(getSignInKey())
            .compact();
}

getSignInKey

 private SecretKey getSignInKey() {
 byte[] bytes = Base64.getDecoder()
.decode(SECRET_KEY.getBytes(StandardCharsets.UTF_8));
         return new SecretKeySpec(bytes, "HmacSHA256"); }