avaje · rbygrave · Mar 25, 2025 · Mar 25, 2025
diff --git a/avaje-oauth2-core/README.md b/avaje-oauth2-core/README.md
@@ -0,0 +1,37 @@
+# avaje-oauth2-core
+
+Provides core OAuth2 features.
+
+
+### JwtVerifier
+
+JwtVerifier verifies a Signed JWT Access token is valid.
+
+```java
+String issuer = "https://cognito-idp.REGION.amazonaws.com/REGION_FOO";
+
+JwtVerifier jwtVerifier = JwtVerifier.builder()
+    .issuer(issuer)
+    .build();
+
+String rawAccessToken = ...;
+
+try {
+    // verify that the raw access token is valid, and return
+    // the parsed AccessToken
+    AccessToken accessToken = verifier.verifyAccessToken(rawAccessToken);
+} catch (JwtVerifyException exception) {
+    // invalid access token
+}
+```
+
+
+### SignedJwt
+
+Parse a SignedJwt.
+
+```java
+String rawToken = "eyJraWQiOiJqR3lQcEc4MDNTc1ZmSjRtZERkVktE...";
+SignedJwt token = SignedJwt.parse(rawToken);
+
+```
diff --git a/avaje-oauth2-helidon-jwtfilter/README.md b/avaje-oauth2-helidon-jwtfilter/README.md
@@ -0,0 +1,35 @@
+
+# avaje-oauth2-helidon-jwtfilter
+
+Provides a Helidon Filter that ensures a valid Signed JWT access token
+is supplied as a `Authorization` `Bearer` http header.
+
+### Typical use
+
+- Build a JwtVerifier typically using an issuer endpoint
+- Build a JwtAuthFilter 
+- Register the JwtAuthFilter as a Filter with the Helidon Webserver
+
+```java
+String issuer = "https://cognito-idp.REGION.amazonaws.com/REGION_FOO";
+
+JwtVerifier jwtVerifier = JwtVerifier.builder()
+    .issuer(issuer)
+    .build();
+
+JwtAuthFilter filter = JwtAuthFilter.builder()
+    .permit("/health")
+    .permit("/ping")
+    .verifier(jwtVerifier)
+    .build();
+```
+
+## Dependency
+
+```xml
+<dependency>
+    <groupId>io.avaje</groupId>
+    <artifactId>avaje-oauth2-helidon-jwtfilter</artifactId>
+    <version>0.1</version>
+</dependency>
+```