@@ -19,14 +19,14 @@
 <parent>
 <artifactId>project</artifactId>
 <groupId>se.curity.examples.oauth</groupId>
-<version>1.0.0</version>
+<version>3.0.0</version>
 </parent>
 <modelVersion>4.0.0</modelVersion>
 
 <artifactId>api-example</artifactId>
 <name>OAuth protected API Example</name>
 <packaging>jar</packaging>
-<version>1.0.0</version>
+<version>3.0.0</version>
 
 <build>
 <plugins>
@@ -79,7 +79,7 @@
 
 <dependencies>
 <dependency>
-<groupId>se.curity.examples.oauth</groupId>
+<groupId>io.curity</groupId>
 <artifactId>oauth-filter</artifactId>
 <version>${project.version}</version>
 </dependency>
@@ -108,8 +108,8 @@
 <artifactId>httpclient</artifactId>
 </dependency>
 <dependency>
-<groupId>com.google.code.gson</groupId>
-<artifactId>gson</artifactId>
+<groupId>org.glassfish</groupId>
+<artifactId>javax.json</artifactId>
 </dependency>
 <dependency>
 <groupId>org.eclipse.jetty.aggregate</groupId>

@@ -34,14 +34,17 @@ public class EmbeddedSparkJwtFilterConfig implements FilterConfig
 
 public EmbeddedSparkJwtFilterConfig(String oauthHost, String oauthPort,
 String jsonWebKeysPath,
-String scope, String minKidReloadTimeInSeconds)
+String scope, String minKidReloadTimeInSeconds,
+String issuer, String audience)
 {
 _params = new HashMap<>();
 _params.put("oauthHost", oauthHost);
 _params.put("oauthPort", oauthPort);
 _params.put("jsonWebKeysPath", jsonWebKeysPath);
 _params.put("scope", scope);
 _params.put("minKidReloadTimeInSeconds", minKidReloadTimeInSeconds);
+_params.put("audience", audience);
+_params.put("issuer", issuer);
 }
 
 @Override

@@ -18,10 +18,10 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import se.curity.examples.oauth.AuthenticatedUser;
-import se.curity.examples.oauth.OAuthFilter;
-import se.curity.examples.oauth.OAuthJwtFilter;
-import se.curity.examples.oauth.OAuthOpaqueFilter;
+import io.curity.oauth.AuthenticatedUser;
+import io.curity.oauth.OAuthFilter;
+import io.curity.oauth.OAuthJwtFilter;
+import io.curity.oauth.OAuthOpaqueFilter;
 import spark.servlet.SparkApplication;
 
 import javax.servlet.ServletException;
@@ -40,7 +40,7 @@ public void init()
 {
 _logger.debug("Initializing OAuth protected API");
 get("/hello_world", (req, res) ->{
-AuthenticatedUser user = (AuthenticatedUser)req.attribute(OAuthFilter.PRINCIPAL);
+AuthenticatedUser user = req.attribute(OAuthFilter.PRINCIPAL_ATTRIBUTE_NAME);
 return "Hello "+ user.getSubject() + " from an OAuth protected world!";
 });
 }
@@ -70,7 +70,9 @@ private OAuthFilter getJwtFilter() throws ServletException
 "8443",
 "/oauth/v2/oauth-anonymous/jwks",
 "read",
-"3600");
+"3600",
+"https://localhost:8443/oauth/v2/oauth-anonymous",
+"client_id");
 OAuthFilter filter = new OAuthJwtFilter();
 
 filter.init(filterParams);

@@ -32,7 +32,7 @@
 -->
 <filter>
 <filter-name>OAuthJwtFilter</filter-name>
-<filter-class>se.curity.examples.oauth.OAuthFilter</filter-class>
+<filter-class>io.curity.oauth.OAuthJwtFilter</filter-class>
 <init-param>
 <param-name>oauthHost</param-name>
 <param-value>localhost</param-value>
@@ -66,7 +66,7 @@
 
 <filter>
 <filter-name>OAuthOpaqueFilter</filter-name>
-<filter-class>se.curity.examples.oauth.OAuthFilter</filter-class>
+<filter-class>io.curity.oauth.OAuthOpaqueFilter</filter-class>
 <init-param>
 <param-name>oauthHost</param-name>
 <param-value>localhost</param-value>
@@ -102,4 +102,4 @@
 -->
 
 
-</web-app>
+</web-app>

@@ -60,15 +60,6 @@ The API Example (api-example) and the OAuth Filter (oauth-filter) are licensed u
 > This product includes software developed at
 > The Apache Software Foundation (http://www.apache.org/).
 
-### Google Gson
-
-* License: [Apache v. 2](#apache-2)
-* Modifications: No
-* Link: <https://.com/google/gson>
-* Notices:
-
-> Copyright (C) 2009 Google Inc.
-
 ### Google Guava
 
 * License: [Apache v. 2](#apache-2)

@@ -20,12 +20,12 @@
 <groupId>se.curity.examples.oauth</groupId>
 <artifactId>project</artifactId>
 <packaging>pom</packaging>
-<version>1.0.0</version>
+<version>3.0.0</version>
 <name>Curity OAuth filter example - Project POM</name>
 
 <organization>
-<name>Curity I/O AB</name>
-<url>http://curity.io</url>
+<name>Curity AB</name>
+<url>https://curity.io</url>
 </organization>
 
 <properties>
@@ -34,7 +34,6 @@
 </properties>
 
 <modules>
-<module>oauth-filter</module>
 <module>api-example</module>
 </modules>
 
@@ -103,9 +102,9 @@
 <version>18.0</version>
 </dependency>
 <dependency>
-<groupId>com.google.code.gson</groupId>
-<artifactId>gson</artifactId>
-<version>2.3.1</version>
+<groupId>org.glassfish</groupId>
+<artifactId>javax.json</artifactId>
+<version>1.1.4</version>
 </dependency>
 <dependency>
 <groupId>com.google.code.findbugs</groupId>

@@ -3,29 +3,24 @@
 [![Quality](https://img.shields.io/badge/quality-demo-red)](https://curity.io/resources/code-examples/status/)
 [![Availability](https://img.shields.io/badge/availability-source-blue)](https://curity.io/resources/code-examples/status/)
 
-This project contains two modules
-
-1. api-example - an example web api that uses the OAuth filter
-2. oauth-filter - a servlet filter that authenticates and authorizes requests using OAuth access tokens.
-
-There are two `OAuthFilter` implementations. `OAuthJwtFilter` and `OAuthOpaqueFilter`.
-These implement Servlet filters `Filter` and can be used to protect APIs build using Java.
-
-The example also include a minimal web-server using `Spark` [sparkjava](http://sparkjava.com) that uses these filters
-in its `before` clause.
+This project contains an example web api that uses Curity's OAuth filter library. The example includes a minimal web-server
+using `Spark` [sparkjava](http://sparkjava.com) that uses the filter in its `before` clause.
 
 Depending on the format of the access token, there are two approaches that can be taken.
 
 1. If the token is a Json Web Token (JWT) then validate the token using a public key
 2. If the token is a reference (opaque) token, then validate by calling the OAuth server's
 [introspection](https://tools.ietf.org/search/rfc7662) endpoint.
 
+Each approach can be handled by using a proper `OAuthFilter` implementation: `OAuthJwtFilter` or `OAuthOpaqueFilter`.
+These implement Servlet filters `Filter` and can be used to protect APIs build using Java.
+
 ## Filter overview
 
 The filter is build to perform two tasks.
 
-1. Authenticate the caller by validating the incoming access token
-2. Authorize the operation by validating the scopes in the access token against the configured scopes
+1. Validate the integrity of the incoming access token.
+2. Authorize the operation by validating the scopes in the access token against the configured scopes.
 
 The authorization is very basic, and in this example only checks that all configured scopes are present in the
 token. A more advanced scenario would likely want to check the HTTP method, along with sub-paths in order to determine
@@ -63,29 +58,20 @@ configured ones. It is simple to override this method in the implementing classe
 
 When building with `mvn package`, a jar called `api-example-x.y.z.jar` is created in the
 `target` directory of the api-example module. A full image jar is added with all dependencies included called
-`api-example-1.0.0-jar-with-dependencies.jar`. This is a runnable JAR which can be
+`api-example-3.0.0-jar-with-dependencies.jar`. This is a runnable JAR which can be
 run with the following command:
 
 ```
-java -jar api-example/target/api-example-1.0.0-jar-with-dependencies.jar
+java -jar api-example/target/api-example-3.0.0-jar-with-dependencies.jar
 ```
 
-To use a specific HttpClientSupplier, just place a file called `OAuthFilter.properties` in
-the working directory. For example:
-
-```
-cp /path-to-properties-file/OAuthFilter.properties .
-java -jar api-example/target/api-example-1.0.0-jar-with-dependencies.jar
-```
-
-See more information about the properties file in the *Providing an external HttpClient* section.
+To learn how to provide your own HTTP client, check the [filter's documentation](https://.com/curityio/oauth-filter-for-java#providing-an-external-httpclient).
 
 *Note* Unsafe HTTP clients should *NEVER* be used in production.
 
 ## Configuring the Filter
 
-To configure the filter, use the `web.xml` file of your application as shown in the
-`server-example` project.
+To configure the filter, use the `web.xml` file of your application as shown in the `server-example` project.
 
 ### Init-params for the OAuthJwtFilter
 
@@ -104,34 +90,6 @@ To configure the filter, use the `web.xml` file of your application as shown in
 * clientId - your application's client id to use for introspection.
 * clientSecret - your application's client secret.
 
-
-## Providing an external HttpClient
-
-The `OAuthFilter` uses a [HttpClient](https://hc.apache.org/httpcomponents-client-ga/)
-to communicate with the authentication server.
-
-The HttpClient may be overridden by the web application by providing a properties
-file in the following locations:
-
-* `META-INF/services/OAuthFilter.properties` relative to the classpath
-* `OAuthFilter.properties` relative to the working directory
-
-The only accepted property is the name of a supplier class to be used to provide the HttpClient instance:
-
-```properties
-openid.httpClientSupplier.className=com.example.HttpClientSupplier
-```
-
-Replace `com.example.HttpClientSupplier` with the name of your own supplier class.
-
-This class must be an instance of Java 8's `java.util.function.Supplier` interface,
-and it must provide a `org.apache.http.client.HttpClient`.
-
-It also must have a default constructor.
-
-See `se.curity.examples.oauth.DefaultJwkHttpClientSupplier` for an example.
-This will be used if no properties file is found.
-
 ## More Information
 
 For more information, please contact [Curity](http://curity.io).