guicedee-jwt
MicroProfile JWT Auth bridge for GuicedEE with Vert.x 5: VertxJsonWebToken (Vert.x User → JsonWebToken), @Claim injection without @Inject, MicroProfileJwtContext (CallScope-aware request context), ClaimValueProvider, SPI registration (InjectionPointProvider, NamedAnnotationProvider, BindingAnnotationProvider), type-specific claim bindings (String, Set<String>, Long, Integer, Boolean, Optional<T>), Keycloak/OIDC integration via JWKS, and Guice-managed JsonWebToken. Use when bridging Vert.x JWT auth to MicroProfile JWT, injecting JWT claims, configuring @Claim fields, implementing JWT context propagation, or integrating with Keycloak/OIDC identity providers.
Best use case
guicedee-jwt is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
MicroProfile JWT Auth bridge for GuicedEE with Vert.x 5: VertxJsonWebToken (Vert.x User → JsonWebToken), @Claim injection without @Inject, MicroProfileJwtContext (CallScope-aware request context), ClaimValueProvider, SPI registration (InjectionPointProvider, NamedAnnotationProvider, BindingAnnotationProvider), type-specific claim bindings (String, Set<String>, Long, Integer, Boolean, Optional<T>), Keycloak/OIDC integration via JWKS, and Guice-managed JsonWebToken. Use when bridging Vert.x JWT auth to MicroProfile JWT, injecting JWT claims, configuring @Claim fields, implementing JWT context propagation, or integrating with Keycloak/OIDC identity providers.
Teams using guicedee-jwt should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/guicedee-jwt/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How guicedee-jwt Compares
| Feature / Agent | guicedee-jwt | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
MicroProfile JWT Auth bridge for GuicedEE with Vert.x 5: VertxJsonWebToken (Vert.x User → JsonWebToken), @Claim injection without @Inject, MicroProfileJwtContext (CallScope-aware request context), ClaimValueProvider, SPI registration (InjectionPointProvider, NamedAnnotationProvider, BindingAnnotationProvider), type-specific claim bindings (String, Set<String>, Long, Integer, Boolean, Optional<T>), Keycloak/OIDC integration via JWKS, and Guice-managed JsonWebToken. Use when bridging Vert.x JWT auth to MicroProfile JWT, injecting JWT claims, configuring @Claim fields, implementing JWT context propagation, or integrating with Keycloak/OIDC identity providers.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# GuicedEE MicroProfile JWT
Bridges the MicroProfile JWT Auth specification to Vert.x 5 JWT authentication inside GuicedEE.
## Core Concept
The module converts a Vert.x `User` (authenticated via `JWTAuth`) into an `org.eclipse.microprofile.jwt.JsonWebToken`, making all standard and custom JWT claims available through the MP JWT API. Claims can be injected directly using `@Claim` — no `@Inject` required.
## Architecture
```
Vert.x JWTAuth → User → VertxJsonWebToken (implements JsonWebToken)
↓
MicroProfileJwtContext (CallScope + ThreadLocal)
↓
MicroProfileJwtModule (Guice bindings)
↓
@Claim("sub") String subject ← injected per-request
```
## Required Flow
1. Add `com.guicedee.microprofile:jwt` dependency.
2. Configure JWT authentication via `@JwtAuthOptions` on `package-info.java` (from the auth module).
3. Use `@Claim` to inject claims into your classes:
```java
@Claim("sub")
private String subject;
@Claim("groups")
private Set<String> roles;
@Claim("exp")
private Long expiration;
```
4. Access the full token when needed:
```java
@Inject
private JsonWebToken jwt;
```
5. Configure `module-info.java`:
```java
module my.app {
requires com.guicedee.microprofile.jwt;
opens my.app to com.google.guice;
}
```
## Key Classes
### `VertxJsonWebToken`
Bridge from Vert.x `User` to MP `JsonWebToken`. Extracts claims from the User's `principal()` and `accessToken` attribute.
- `getName()` resolves via MP JWT spec: `upn` → `preferred_username` → `sub`
- `getGroups()` maps from the `groups` claim
- `getAudience()` handles both string and array formats
- `getClaim(String)` returns typed values, converting `JsonArray` → `Set<String>` and `JsonObject` → `Map`
### `MicroProfileJwtContext`
Request-scoped holder for the current `JsonWebToken`:
- **Primary:** Stores in `CallScopeProperties` when a CallScope is active (Vert.x HTTP handlers)
- **Fallback:** Uses `ThreadLocal` when no call scope is active (unit tests, non-HTTP code)
```java
// In a route handler or auth filter:
User user = routingContext.user();
MicroProfileJwtContext.setCurrent(new VertxJsonWebToken(user));
// ... handle request ...
MicroProfileJwtContext.clear();
```
Or use the convenience method:
```java
MicroProfileJwtPreStartup.setCurrentUser(routingContext.user());
```
### `ClaimValueProvider<T>`
Guice `Provider<T>` that resolves a claim from the current `JsonWebToken` at injection time.
### `MicroProfileJwtModule`
Guice module (auto-discovered via SPI) that:
1. Binds `JsonWebToken` → `MicroProfileJwtContext::getCurrent`
2. Scans `@Claim`-annotated fields via ClassGraph
3. Creates type-specific `@Named("claimName")` bindings for each discovered claim
Supported field types:
| Type | Example | Null/absent behavior |
|---|---|---|
| `String` | `@Claim("sub") String subject` | `null` |
| `Set<String>` | `@Claim("groups") Set<String> roles` | `Set.of()` |
| `Long` / `long` | `@Claim("exp") Long expiration` | `0L` |
| `Integer` / `int` | `@Claim("level") Integer level` | `0` |
| `Boolean` / `boolean` | `@Claim("email_verified") Boolean verified` | `false` |
| `Optional<String>` | `@Claim("sub") Optional<String> subject` | `Optional.empty()` |
| `Object` | `@Claim("custom") Object data` | `null` |
### `MicroProfileJwtPreStartup`
Pre-startup hook that validates the JWT auth provider availability. Also provides:
```java
MicroProfileJwtPreStartup.setCurrentUser(User user);
```
## SPI Registrations
The module registers three Guice SPIs so `@Claim` works without `@Inject`:
| SPI | Implementation | Purpose |
|---|---|---|
| `InjectionPointProvider` | `ClaimInjectionPointProvider` | Marks `@Claim` as injection point |
| `NamedAnnotationProvider` | `ClaimNamedAnnotationProvider` | Converts `@Claim("sub")` → `@Named("sub")` |
| `BindingAnnotationProvider` | `ClaimBindingAnnotationProvider` | Registers `@Claim` as binding annotation |
## JPMS Module
```java
module com.guicedee.microprofile.jwt {
requires transitive com.guicedee.vertx;
requires transitive com.guicedee.guicedinjection;
requires transitive io.vertx.auth.jwt;
requires transitive microprofile.jwt.auth.api;
requires transitive jakarta.json;
exports com.guicedee.microprofile.jwt;
exports com.guicedee.microprofile.jwt.implementations;
provides IGuiceModule with MicroProfileJwtModule;
provides IGuicePreStartup with MicroProfileJwtPreStartup;
provides InjectionPointProvider with ClaimInjectionPointProvider;
provides NamedAnnotationProvider with ClaimNamedAnnotationProvider;
provides BindingAnnotationProvider with ClaimBindingAnnotationProvider;
}
```
## Keycloak / OIDC Integration
When using Keycloak or any OIDC provider:
1. Configure `@JwtAuthOptions` or `@OAuth2Options` for the provider.
2. Fetch JWKS from the provider's certs endpoint.
3. Filter signing keys only (`use=sig`) to avoid `RSA-OAEP` encryption key errors.
4. Use `JWTAuthOptions.addJwk(JsonObject)` for JWKS JSON keys (not `PubSecKeyOptions`).
Keycloak JWTs include `preferred_username`, `realm_access`, `resource_access`, `email`, `given_name`, `family_name` as standard claims — all accessible via `getClaim()`.
## Startup Flow
```
IGuiceContext.instance().inject()
└─ MicroProfileJwtPreStartup (validates JWT provider availability)
└─ MicroProfileJwtModule (Guice bindings)
├─ Binds JsonWebToken → MicroProfileJwtContext::getCurrent
├─ Scans @Claim-annotated fields via ClassGraph
└─ Creates per-type @Named("claimName") providers
└─ HTTP Request arrives
├─ Auth handler authenticates → User
├─ MicroProfileJwtContext.setCurrent(new VertxJsonWebToken(user))
├─ @Claim fields resolved from current JWT
└─ MicroProfileJwtContext.clear() at request end
```
## Non-Negotiable Constraints
- Module must `requires com.guicedee.microprofile.jwt;`.
- Classes with `@Claim` fields must `opens` their package to `com.google.guice`.
- `@Claim` works **without** `@Inject` (via SPI registration).
- `MicroProfileJwtContext.clear()` **must** be called at end of request to prevent memory leaks.
- The Vert.x auth JWT dependency (`io.vertx:vertx-auth-jwt`) is required at runtime for token verification.
- `JsonWebToken` binding resolves from `MicroProfileJwtContext` — it is `null` outside a request scope.
- Claim name resolution: `@Claim("name")` → value attribute; `@Claim(standard = Claims.sub)` → standard enum name.Related Skills
guicedee-websockets
RFC 6455 WebSocket support for GuicedEE using Vert.x 5: call-scoped connections, action-based message routing via IWebSocketMessageReceiver SPI, group management and broadcasting, WebSocketServerOptions, and lifecycle hooks. Use when adding WebSocket messaging, implementing real-time communication, managing WebSocket groups, or creating message receivers.
guicedee-webservices
SOAP web services for GuicedEE using Apache CXF conventions: JAX-WS annotations (@WebService, @WebMethod, @WebParam, @WebResult), code-first and WSDL-first approaches, endpoint publishing, CXF interceptors and logging, MTOM, WS-Security (WSS4J), SOAP 1.1/1.2 bindings, and Guice DI integration. Use when creating SOAP services, publishing JAX-WS endpoints, configuring CXF bindings, or adding WS-Security.
guicedee-web
Bootstrap reactive HTTP/HTTPS servers with Vert.x 5 inside GuicedEE: Router setup, BodyHandler configuration, TLS/HTTPS, SPI extension points (VertxRouterConfigurator, VertxHttpServerOptionsConfigurator, VertxHttpServerConfigurator), per-verticle sub-routers, and environment-driven configuration. Use when setting up the Vert.x web server, configuring HTTP/HTTPS, adding custom routes or middleware, or managing server options.
guicedee-vertx
Build reactive services using Vert.x 5 inside the GuicedEE DI lifecycle: event-bus consumers, publishers, verticle deployment, codecs, throttling, clustering, SPI hooks, and JPMS module setup. Use when adding Vert.x event-bus messaging, deploying verticles, wiring reactive endpoints with Guice injection, configuring Vert.x runtime options, or implementing custom codecs and cluster managers.
guicedee-service-registry
Named service registry with health-aware resolution for GuicedEE. Register services by simple name, auto-construct URLs from cloud DNS suffix, monitor health status, resolve services via registry:name prefix or bare name in rest-client @Endpoint. Supports aliases, multiple external URLs, Kubernetes internal URLs, and per-service health paths. Use when registering named services, checking service health, resolving service URLs by name, or integrating with rest-client for service-to-service calls.
guicedee-rest
Build Jakarta REST (JAX-RS) services on Vert.x 5 inside GuicedEE: @Path/@GET/@POST route registration, parameter binding (@PathParam, @QueryParam, @HeaderParam, etc.), Guice-managed resource classes, response handling, content negotiation, and JPMS module setup. Use when creating REST endpoints, configuring Jakarta REST resources, or wiring JAX-RS services with Guice injection.
guicedee-rest-client
Annotation-driven REST client for GuicedEE using Vert.x 5 WebClient: @Endpoint declarations, RestClient<Send, Receive> injection, authentication strategies (Bearer, Basic, API Key, OAuth2, mTLS), path parameters, environment variable overrides, package-level endpoints, service registry integration (bare name or registry: prefix), and RestClientConfigurator SPI. Use when making outbound REST calls, configuring REST client endpoints, or wiring reactive HTTP clients with Guice injection.
guicedee-rabbitmq
Annotation-driven RabbitMQ integration for GuicedEE with Vert.x 5: @RabbitConnectionOptions, @QueueExchange, @QueueDefinition, QueueConsumer/QueuePublisher injection, exchange management, queue options (priority, TTL, prefetch), publisher confirms, environment variable overrides, and verticle-scoped connections. Use when adding RabbitMQ messaging, declaring exchanges and queues, creating consumers and publishers, or configuring AMQP topology.
guicedee-persistence
Reactive JPA persistence with Hibernate Reactive 7, Vert.x 5 SQL clients, and Mutiny sessions inside GuicedEE: DatabaseModule setup, persistence.xml configuration, multi-database support, @EntityManager scoping, and environment variable resolution. Use when adding database persistence, configuring Hibernate Reactive, creating DatabaseModule subclasses, wiring Mutiny.SessionFactory, or managing multiple persistence units.
guicedee-openapi
Automatic OpenAPI 3.1 spec generation and serving for GuicedEE with Vert.x 5: scans Jakarta REST resources at startup, serves /openapi.json and /openapi.yaml endpoints, Swagger annotations support, @OpenAPIDefinition configuration, and companion Swagger UI module. Use when generating API documentation, serving OpenAPI specs, or configuring Swagger annotations on REST resources.
guicedee-metrics
Application metrics for GuicedEE using Vert.x 5 Dropwizard Metrics and MicroProfile Metrics 5.1: @Counted, @Timed, @MetricMethod annotations, Guice AOP interceptors, Prometheus scrape endpoint, Graphite reporting, JMX exposure, @MetricsOptions configuration, environment variable overrides, and Vert.x built-in metrics (event bus, HTTP, pools). Use when adding application metrics, configuring Prometheus endpoints, creating custom counters/timers, or monitoring Vert.x internals.
guicedee-mail-client
Annotation-driven SMTP mail client for GuicedEE with Vert.x 5: @MailConnectionOptions for SMTP server configuration, MailService injection for sending text/HTML/multipart emails with attachments, connection pooling, StartTLS/SSL support, DKIM signing, environment variable overrides, and graceful shutdown. Use when sending emails via SMTP, configuring mail connections, or injecting mail services.