JwtProcessorRegistry
A centralised store of signing and encryption keys shared across co.touchlab.kjwt.builder.JwtBuilder and co.touchlab.kjwt.parser.JwtParser instances.
A JwtProcessorRegistry decouples key management from individual builder and parser configurations. Populate it once, then reuse it across multiple call sites:
Pass it to co.touchlab.kjwt.builder.JwtBuilder.signWith or co.touchlab.kjwt.builder.JwtBuilder.encryptWith to sign or encrypt tokens using the registered keys.
Pass it to co.touchlab.kjwt.parser.JwtParserBuilder.useKeysFrom so one or more parsers delegate key look-up to it.
Key lookup order
When a key is requested the registry searches in this order:
Exact match — a key registered in this registry whose algorithm and key ID both match the request.
Algorithm-only fallback — if the request includes a key ID that has no exact match, a key registered without a key ID for the same algorithm is used as a catch-all.
Delegate registry — if no local key is found and a delegate was configured (via co.touchlab.kjwt.parser.JwtParserBuilder.useKeysFrom), the delegate is searched last.
This means locally registered keys always take precedence over the delegate. For signing-key lookups an additional alg=none sentinel is tried first when insecure mode is active (used internally by co.touchlab.kjwt.parser.JwtParserBuilder.noVerify).
Example
val registry = JwtProcessorRegistry()
// populate via JwtParserBuilder and share the reference, or
// register signing keys directly (see registerSigningKey)
val token = Jwt.builder()
.subject("user-123")
.signWith(JwsAlgorithm.HS256, registry)
val parser = Jwt.parser()
.useKeysFrom(registry)
.build()See also
Inheritors
Functions
Sets other as the delegate registry for this registry.