WeakKeyException when trying to retreive JWT Token

I am trying to write Java code (to be run on the server side) to get the JWT token programatically. I have a JWT App with API Key and secret from the same. When running the code, I get an exception

The full error message or issue you are running into.
Exception in thread “main” io.jsonwebtoken.security.WeakKeyException: The specified key byte array is 80 bits which is not secure enough for any JWT HMAC-SHA algorithm. The JWT JWA Specification (RFC 7518, Section 3.2) states that keys used with HMAC-SHA algorithms MUST have a size >= 256 bits (the key size must be greater than or equal to the hash output size). Consider using the io.jsonwebtoken.security.Keys#secretKeyFor(SignatureAlgorithm) method to create a key guaranteed to be secure enough for your preferred HMAC-SHA algorithm. See https://tools.ietf.org/html/rfc7518#section-3.2 for more information.
at io.jsonwebtoken.security.Keys.hmacShaKeyFor(Keys.java:96)

Which App Type (OAuth / Chatbot / JWT / Webhook)?

Which Endpoint/s?
Not yet got there

How To Reproduce (If applicable)
private** void createJWTToken() {
Map<String, Object> header = new HashMap<>();
header.put(“alg”, “HS256”);
header.put(“type”, “JWT”);
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm. HS256 ;
SecretKey key = Keys. hmacShaKeyFor (“SECRET_KEY”.getBytes(StandardCharsets. UTF_8 ));
String jwt = null ;
jwt = Jwts. builder ()
.setIssuer( API_KEY )
.setExpiration( new Date( new Date().getTime()+80000000))
.signWith(key, signatureAlgorithm).compact();
System. out .println(jwt);

Screenshots (If applicable)
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Modified code to

private void createJWTToken() {

SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm. HS256 ;

//SecretKey key = Keys.hmacShaKeyFor(SECRET_KEY.getBytes(StandardCharsets.UTF_8));

String jwt = null ;

try {

jwt = Jwts. builder ()

.setHeaderParam(“typ”, “JWT”)

.setIssuer( API_KEY )

.setExpiration( new Date( new Date().getTime()+80000000))

//.signWith(key, signatureAlgorithm)

.signWith(signatureAlgorithm, SECRET_KEY .getBytes(“UTF-8”))


} catch (InvalidKeyException | UnsupportedEncodingException e) {



System. out .println(jwt);


and now getting
Exception in thread “main” java.lang.AbstractMethodError: io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(Ljava/security/Key;Lio/jsonwebtoken/SignatureAlgorithm;)Lio/jsonwebtoken/JwtBuilder;

Used oracle.security.restsec.jwt.JwtToken and it works fine.

1 Like

Happy to hear you got it working @ajay.prabhakaran! :slight_smile:


This error is thrown when an application tries to call an abstract method without actual implementation. Abstract methods have no body and cannot be executed. This error can only occur at run time if the definition of some class has incompatibly changed since the currently executing method was last compiled. It usually happens after some library is upgraded while some is not. The dependencies are missing somehow. This means that you are using an old java version of an interface implementation which is missing a new interface method. For example java.sql.Connection interface got a new getSchema method in 1.7. If you have 1.6 JDBC driver and call Connection.getSchema you will get AbstractMethodError. So, make sure you have the latest jar file in your class path not a older copy.

Thanks for jumping in with this context, @larryhems! :100: