String compactSerialization = "eyJhbGciOiJFUzI1NiIsImtpZCI6InRoZSBrZXkifQ." +
"UEFZTE9BRCE."+
"Oq-H1lk5G0rl6oyNM3jR5S0-BZQgTlamIKMApq3RX8Hmh2d2XgB4scvsMzGvE-OlEmDY9Oy0YwNGArLpzXWyjw";
// Create a new JsonWebSignature object
JsonWebSignature jws = new JsonWebSignature();
// Set the compact serialization on the JWS
jws.setCompactSerialization(compactSerialization);
// Create a new JsonWebKeySet object with the JWK Set JSON
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(jsonWebKeySetJson);
// The JWS header contains a Key ID, which is a hint indicating which key
// was used to secure the JWS. In this case (as will hopefully often be the case) the JWS Key ID
// corresponds directly to the Key ID in the JWK Set.
String keyId = jws.getKeyIdHeaderValue();
// Find a JWK from the JWK Set that has the same Key ID, uses the same Key Type (EC)
// and is designated to be used for signatures.
JsonWebKey jwk = jsonWebKeySet.findJsonWebKey(keyId, jws.getKeyType(), Use.SIGNATURE, null);
// The verification key on the JWS is the public key from the JWK we pulled from the JWK Set.
jws.setKey(jwk.getKey());
// Check the signature
boolean signatureVerified = jws.verifySignature();
// Do something useful with the result of signature verification
System.out.println("JWS Signature is valid: " + signatureVerified);
// Get the payload, or signed content, from the JWS
String payload = jws.getPayload();
// Do something useful with the content
System.out.println("JWS payload: " + payload);
}