[SDK-3695] Update README based on new design (#158)

jimmyjames · web-flow · commit 0c7f4e0d44ad · 2022-10-26T09:42:10.000+01:00
diff --git a/EXAMPLES.md b/EXAMPLES.md
@@ -0,0 +1,93 @@
+# Examples using jwks-rsa-java
+
+- [Provider configuration](#provider-configuration)
+- [Error handling](#error-handling)
+
+## Provider configuration
+
+This library contains several `JwkProvider` implementations, which is used to obtain a JWK.
+
+The `JwkProviderBuilder` is the preferred way to create a `JwkProvider`. Configurations can be combined to suit your needs.
+
+### Cache retrieved JWK
+
+To create a provider for domain `https://samples.auth0.com` that will cache a JWK using an LRU in-memory cache:
+
+```java
+JwkProvider provider = new JwkProviderBuilder("https://samples.auth0.com/")
+        // cache up to 10 JWKs for up to 24 hours
+        .cached(10, 24, TimeUnit.HOURS)
+        .build(); 
+```
+
+### Configure rate limits
+
+`RateLimitJwkProvider` will limit the amounts of different signing keys to get in a given time frame.
+
+> By default the rate is limited to 10 different keys per minute but these values can be changed.
+
+```java
+JwkProvider provider = new JwkProviderBuilder("https://samples.auth0.com/")
+        // up to 10 JWKs can be retrieved within one minute
+        .rateLimited(10, 1, TimeUnit.MINUTES)
+        .build();
+```
+
+### Configure network timeout settings
+
+The connect and read network timeouts can be configured using the builder:
+
+```java
+JwkProvider provider = new JwkProviderBuilder("https://samples.auth0.com/")
+        // Connect timeout of 1 second, read timeout of 2 seconds (values are in milliseconds)
+        .timeouts(1000, 2000)
+        .build();
+```
+
+See the [JwkProviderBuilder JavaDocs](https://javadoc.io/doc/com.auth0/jwks-rsa/latest/com/auth0/jwk/JwkProviderBuilder.html) for all available configurations.
+
+## Error handling
+
+There are certain scenarios in which this library can fail. Read below to understand what to expect and how to handle the errors.
+
+### Missing JSON Web Key
+This error may arise when the hosted JSON Web Key set (JWKS) file doesn't represent a valid set of keys, or is empty.
+They are raised as a `SigningKeyNotFoundException`. The cause should to be inspected in order to understand the specific failure reason.
+
+#### Network error
+There's a special case for Network errors. These errors represent timeouts, invalid URLs, or a faulty internet connection.
+They may occur when fetching the keys from the given URL. They are raised as a `NetworkException` instance.
+
+If you need to detect this scenario, make sure to check it before the catch of `SigningKeyNotFoundException`.
+
+```java
+try {
+    // ...
+} catch (NetworkException e) {
+    // Network error
+} catch (SigningKeyNotFoundException e) {
+    // Key is invalid or not found
+}
+```
+
+### Unsupported JSON Web Key
+When the received key is not of a supported type, or the attribute values representing it are wrong, an `InvalidPublicKeyException` will be raised.
+The following key types are supported:
+- RSA
+- Elliptic Curve
+    - P-256
+    - P-384
+    - P-521
+
+### Rate limits
+When using a rate-limited provider, a `RateLimitReachedException` error will be raised when the limit is breached.
+The exception can help determine how long to wait until the next call is available.
+
+```java
+try {
+    // ...
+} catch (RateLimitReachedException e) {
+    long waitTime = e.getAvailableIn()
+    // wait until available
+}
+```
diff --git a/README.md b/README.md
@@ -1,38 +1,52 @@
-# jwks-rsa
+![A Java library for obtaining JSON Web Keys from a JWKS (JSON Web Key Set) endpoint.](https://cdn.auth0.com/website/sdks/banners/jwks-rsa-java-banner.png)
 
-[![CircleCI](https://circleci.com/gh/auth0/jwks-rsa-java.svg?style=svg)](https://circleci.com/gh/auth0/jwks-rsa-java)
-[![Maven Central](https://img.shields.io/maven-central/v/com.auth0/jwks-rsa.svg)](http://search.maven.org/#search%7Cga%7C1%7Cg%3A%20com.auth0%20a%3Ajwks-rsa)
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fjwks-rsa-java.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fjwks-rsa-java?ref=badge_shield)
+[![CircleCI](https://img.shields.io/circleci/project/github/auth0/jwks-rsa-java.svg?style=flat-square)](https://circleci.com/gh/auth0/jwks-rsa-java/tree/master)
+[![Coverage Status](https://codecov.io/gh/auth0/jwks-rsa-java/branch/master/graph/badge.svg?style=flat-square)](https://codecov.io/github/auth0/jwks-rsa-java)
+[![License](http://img.shields.io/:license-mit-blue.svg?style=flat)](https://doge.mit-license.org/)
+[![Maven Central](https://img.shields.io/maven-central/v/com.auth0/jwks-rsa.svg?style=flat-square)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%20com.auth0%20a%3Ajwks-rsa)
+[![javadoc](https://javadoc.io/badge2/com.auth0/jwks-rsa-java/javadoc.svg)](https://javadoc.io/doc/com.auth0/jwks-rsa)
 
-## Install
+:books: [Documentation](#documentation) - :rocket: [Getting Started](#getting-started) - :computer: [API Reference](#api-reference) :speech_balloon: [Feedback](#feedback)
 
-### Maven
+## Documentation
+- [Examples](./EXAMPLES.md) - code samples for common jwks-rsa-java scenarios.
+- [Docs site](https://www.auth0.com/docs) - explore our docs site and learn more about Auth0.
+
+## Getting Started
+
+### Requirements
+
+Java 8 or above.
+
+### Installation
+
+Add the dependency via Maven:
 
 ```xml
 <dependency>
-    <groupId>com.auth0</groupId>
-    <artifactId>jwks-rsa</artifactId>
-    <version>0.21.2</version>
+  <groupId>com.auth0</groupId>
+  <artifactId>jwks-rsa</artifactId>
+  <version>0.21.2</version>
 </dependency>
 ```
 
-### Gradle
+or Gradle:
 
 ```gradle
 implementation 'com.auth0:jwks-rsa:0.21.2'
 ```
 
-## Usage
+### Usage
 
-The JSON Web Tokens you get from the Authorization Server include a [key id](https://tools.ietf.org/html/rfc7515#section-4.1.4) header parameter ("kid"), used to uniquely identify the Key used to sign the token.
+The JSON Web Tokens you obtain from an authorization server include a [key id](https://tools.ietf.org/html/rfc7515#section-4.1.4) header parameter ("kid"), used to uniquely identify the Key used to sign the token.
 
-i.e.: Given the following JWT:
+Given the following JWT:
 
 ```
 eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlJrSTVNakk1T1VZNU9EYzFOMFE0UXpNME9VWXpOa1ZHTVRKRE9VRXpRa0ZDT1RVM05qRTJSZyJ9.eyJpc3MiOiJodHRwczovL3NhbmRyaW5vLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1NjMyNTAxZjQ2OGYwZjE3NTZmNGNhYjAiLCJhdWQiOiJQN2JhQnRTc3JmQlhPY3A5bHlsMUZEZVh0ZmFKUzRyViIsImV4cCI6MTQ2ODk2NDkyNiwiaWF0IjoxNDY4OTI4OTI2fQ.NaNeRSDCNu522u4hcVhV65plQOiGPStgSzVW4vR0liZYQBlZ_3OKqCmHXsu28NwVHW7_KfVgOz4m3BK6eMDZk50dAKf9LQzHhiG8acZLzm5bNMU3iobSAJdRhweRht544ZJkzJ-scS1fyI4gaPS5aD3SaLRYWR0Xsb6N1HU86trnbn-XSYSspNqzIUeJjduEpPwC53V8E2r1WZXbqEHwM9_BGEeNTQ8X9NqCUvbQtnylgYR3mfJRL14JsCWNFmmamgNNHAI0uAJo84mu_03I25eVuCK0VYStLPd0XFEyMVFpk48Bg9KNWLMZ7OUGTB_uv_1u19wKYtqeTbt9m1YcPMQ
 ```
 
-Decode it using any JWT library or tool like [jwt.io](https://jwt.io/?value=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlJrSTVNakk1T1VZNU9EYzFOMFE0UXpNME9VWXpOa1ZHTVRKRE9VRXpRa0ZDT1RVM05qRTJSZyJ9.eyJpc3MiOiJodHRwczovL3NhbmRyaW5vLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1NjMyNTAxZjQ2OGYwZjE3NTZmNGNhYjAiLCJhdWQiOiJQN2JhQnRTc3JmQlhPY3A5bHlsMUZEZVh0ZmFKUzRyViIsImV4cCI6MTQ2ODk2NDkyNiwiaWF0IjoxNDY4OTI4OTI2fQ.NaNeRSDCNu522u4hcVhV65plQOiGPStgSzVW4vR0liZYQBlZ_3OKqCmHXsu28NwVHW7_KfVgOz4m3BK6eMDZk50dAKf9LQzHhiG8acZLzm5bNMU3iobSAJdRhweRht544ZJkzJ-scS1fyI4gaPS5aD3SaLRYWR0Xsb6N1HU86trnbn-XSYSspNqzIUeJjduEpPwC53V8E2r1WZXbqEHwM9_BGEeNTQ8X9NqCUvbQtnylgYR3mfJRL14JsCWNFmmamgNNHAI0uAJo84mu_03I25eVuCK0VYStLPd0XFEyMVFpk48Bg9KNWLMZ7OUGTB_uv_1u19wKYtqeTbt9m1YcPMQ) and extract the `kid` parameter from the Header claims.
+Decode it using a JWT library or tool like [jwt.io](https://jwt.io/?value=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlJrSTVNakk1T1VZNU9EYzFOMFE0UXpNME9VWXpOa1ZHTVRKRE9VRXpRa0ZDT1RVM05qRTJSZyJ9.eyJpc3MiOiJodHRwczovL3NhbmRyaW5vLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1NjMyNTAxZjQ2OGYwZjE3NTZmNGNhYjAiLCJhdWQiOiJQN2JhQnRTc3JmQlhPY3A5bHlsMUZEZVh0ZmFKUzRyViIsImV4cCI6MTQ2ODk2NDkyNiwiaWF0IjoxNDY4OTI4OTI2fQ.NaNeRSDCNu522u4hcVhV65plQOiGPStgSzVW4vR0liZYQBlZ_3OKqCmHXsu28NwVHW7_KfVgOz4m3BK6eMDZk50dAKf9LQzHhiG8acZLzm5bNMU3iobSAJdRhweRht544ZJkzJ-scS1fyI4gaPS5aD3SaLRYWR0Xsb6N1HU86trnbn-XSYSspNqzIUeJjduEpPwC53V8E2r1WZXbqEHwM9_BGEeNTQ8X9NqCUvbQtnylgYR3mfJRL14JsCWNFmmamgNNHAI0uAJo84mu_03I25eVuCK0VYStLPd0XFEyMVFpk48Bg9KNWLMZ7OUGTB_uv_1u19wKYtqeTbt9m1YcPMQ) and extract the `kid` parameter from the Header claims.
 
 ```json
 {
@@ -42,140 +56,62 @@ Decode it using any JWT library or tool like [jwt.io](https://jwt.io/?value=eyJ0
 }
 ```
 
-Use this `kid` on any of the `JwkProviders` enumerated below to obtain the signing key provided by the JWKS endpoint you've configured.
-
-
-### UrlJwkProvider
-
-`UrlJwkProvider` fetches the jwk from `/.well-known/jwks.json` of the supplied domain issuer and returns a `Jwk` if the `kid` matches one of the registered keys.
-
-```java
-JwkProvider provider = new UrlJwkProvider("https://samples.auth0.com/");
-Jwk jwk = provider.get("{kid of the signing key}"); //throws Exception when not found or can't get one
-```
-
+The `kid` value can then be used to obtain the JWK using a `JwkProvider`.
 
-Also it can load `jwks.json` file from any given Url (even to a local file in your filesystem).
-
-```java
-JwkProvider provider = new UrlJwkProvider(new URL("https://samples.auth0.com/"));
-Jwk jwk = provider.get("{kid of the signing key}"); //throws Exception when not found or can't get one
-```
-
-### GuavaCachedJwkProvider
-
-`GuavaCachedJwkProvider` cache the jwk in a LRU in memory cache, if the jwk is not found in the cache it will ask another provider for it and store it's result in the cache.
-
-> By default it stores 5 keys for 10 minutes, but these values can be changed.
-
-```java
-JwkProvider http = new UrlJwkProvider("https://samples.auth0.com/");
-JwkProvider provider = new GuavaCachedJwkProvider(http);
-Jwk jwk = provider.get("{kid of the signing key}"); //throws Exception when not found or can't get one
-```
-
-### RateLimitJwkProvider
-
-`RateLimitJwkProvider` will limit the amounts of different signing keys to get in a given time frame.
-
-> By default the rate is limited to 10 different keys per minute but these values can be changed.
-
-```java
-JwkProvider url = new UrlJwkProvider("https://samples.auth0.com/");
-Bucket bucket = new Bucket(10, 1, TimeUnit.MINUTES);
-JwkProvider provider = new RateLimitJwkProvider(url, bucket);
-Jwk jwk = provider.get("{kid of the signing key}"); //throws Exception when not found or can't get one
-```
-
-### JwkProviderBuilder
-
-To create a provider for domain `https://samples.auth0.com` with cache and rate limit:
-
-```java
-JwkProvider provider = new JwkProviderBuilder("https://samples.auth0.com/")
-    .build();
-Jwk jwk = provider.get("{kid of the signing key}"); //throws Exception when not found or can't get one
-```
-
-and specifying cache and rate limit attributes:
+Create a `JWKProvider` using the domain from which to fetch the JWK. The provider will use the domain to build the URL `https:{your-domain}/.well-known/jwks.json`: 
 
 ```java
 JwkProvider provider = new JwkProviderBuilder("https://samples.auth0.com/")
-    .cached(10, 24, TimeUnit.HOURS)
-    .rateLimited(10, 1, TimeUnit.MINUTES)
     .build();
-Jwk jwk = provider.get("{kid of the signing key}"); //throws Exception when not found or can't get one
 ```
 
-## Error handling
-There are certain scenarios in which this library can fail. Read below to understand what to expect and how to handle the errors.
-
-### Missing JSON Web Key
-This error may arise when the hosted JSON Web Key set (JWKS) file doesn't represent a valid set of keys, or is empty. They are raised as a `SigningKeyNotFoundException`. The cause would need to be inspected in order to understand the specific failure reason. 
+A `Jwk` can be obtained using the `get(String keyId)` method:
 
-#### Network error
-There's a special case for Network errors. These errors represent timeouts, invalid URLs, or a faulty internet connection. They may occur when fetching the keys from the given URL. They are raised as a `NetworkException` instance. 
+``java
+Jwk jwk = provider.get("{kid of the signing key}"); // throws Exception when not found or can't get one
+``
 
-If you need to detect this scenario, make sure to check it before the catch of `SigningKeyNotFoundException`.
+The provider can be configured to cache JWKs to avoid unnecessary network requests, as well as only fetch the JWKs within a defined rate limit:
 
 ```java
-try {
-    // ...
-} catch (NetworkException e) {
-    // Network error
-} catch (SigningKeyNotFoundException e) {
-    // Key is invalid or not found
-}
+JwkProvider provider = new JwkProviderBuilder("https://samples.auth0.com/")
+        // up to 10 JWKs will be cached for up to 24 hours
+        .cached(10, 24, TimeUnit.HOURS)
+        // up to 10 JWKs can be retrieved within one minute
+        .rateLimited(10, 1, TimeUnit.MINUTES)
+        .build();
 ```
 
-### Unsupported JSON Web Key
-When the received key is not of a supported type, or the attribute values representing it are wrong, an `InvalidPublicKeyException` will be raised.
-The following key types are supported:
-- RSA
-- Elliptic Curve
-    - P-256
-    - P-384
-    - P-521
-
-### Rate limits
-When using a rate-limited provider, a `RateLimitReachedException` error might be raised when the limit is breached. The instance can help determine how long to wait until the next call would be available. 
-
-```java
-try {
-    // ...
-} catch (RateLimitReachedException e) {
-    long waitTime = e.getAvailableIn()
-    // wait until available
-}
-```  
-
-## What is Auth0?
-
-Auth0 helps you to:
-
-* Add authentication with [multiple authentication sources](https://docs.auth0.com/identityproviders), either social like **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, amont others**, or enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider**.
-* Add authentication through more traditional **[username/password databases](https://docs.auth0.com/mysql-connection-tutorial)**.
-* Add support for **[linking different user accounts](https://docs.auth0.com/link-accounts)** with the same user.
-* Support for generating signed [Json Web Tokens](https://docs.auth0.com/jwt) to call your APIs and **flow the user identity** securely.
-* Analytics of how, when and where users are logging in.
-* Pull data from other sources and add it to the user profile, through [JavaScript rules](https://docs.auth0.com/rules).
+See the [examples](./EXAMPLES.md) for additional configurations.
 
-## Create a free Auth0 Account
+## API Reference
 
-1. Go to [Auth0](https://auth0.com) and click Sign Up.
-2. Use Google, GitHub or Microsoft Account to login.
+- [jwks-rsa-java JavaDocs](https://javadoc.io/doc/com.auth0/jwks-rsa/latest/)
 
-## Issue Reporting
+## Feedback
 
-If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
+### Contributing
 
-## Author
+We appreciate feedback and contribution to this repo! Before you get started, please see the following:
 
-[Auth0](https://auth0.com)
+- [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
+- [Auth0's code of conduct guidelines]((https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md))
 
-## License
+### Raise an issue
+To provide feedback or report a bug, [please raise an issue on our issue tracker](https://github.com/auth0/jwks-rsa-java/issues).
 
-This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.
+### Vulnerability Reporting
+Please do not report security vulnerabilities on the public Github issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
 
+---
 
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fjwks-rsa-java.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fjwks-rsa-java?ref=badge_large)
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png"   width="150">
+    <source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150">
+    <img alt="Auth0 Logo" src="./auth0_light_mode.png" width="150">
+  </picture>
+</p>
+<p align="center">Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout <a href="https://auth0.com/why-auth0">Why Auth0?</a></p>
+<p align="center">
+This project is licensed under the MIT license. See the <a href="./LICENSE"> LICENSE</a> file for more info.</p>
