Fork of hunt-jwt to stay up to date with current versions of OpenSSL
Find a file
2021-04-26 15:36:22 +08:00
.vscode ECC token decoding and encoding passed 2021-03-04 20:38:00 +08:00
examples/simple ECC token decoding and encoding passed 2021-03-04 20:38:00 +08:00
source/hunt Minor fixes 2021-04-26 15:36:22 +08:00
.gitignore Import all the source code. 2019-10-11 11:27:44 +08:00
dub.json ECC token decoding and encoding passed 2021-03-04 20:38:00 +08:00
LICENSE Initial commit 2019-10-11 11:24:18 +08:00
README.md ECC token decoding and encoding passed 2021-03-04 20:38:00 +08:00

Dub version

JWT

A Simple D implementation of JSON Web Tokens. It's forked from https://github.com/zolamk/jwt.

Supported Algorithms

  • none
  • HS256
  • HS384
  • HS512
  • RS256
  • RS384
  • RS512
  • ES256
  • ES384
  • ES512

This library uses semantic versioning 2.0.0

What's New

  • added support for arrays and objects in claims
  • removed verify function that doesn't take algorithm type, see why here
  • changed verify function to take an array of algorithms to support multiple algorithms
  • renamed InvalidSignature to InvalidSignatureException

How To Use

Encoding

import jwt.jwt;
import jwt.algorithms;
import std.json;

void main() {

    JSONValue user = ["id": JSONValue(60119), "uri": JSONValue("https://api.we.are/60119")];

    JwtToken token = new JwtToken(JwtAlgorithm.HS512);

    token.claims.exp = Clock.currTime.toUnixTime();

    token.claims.set("user", user);

    token.claims.set("data", [JSONValue("zm"), JSONValue(58718)]);

    string encodedToken = token.encode("supersecret");

    // work with the encoded token

}

Verifying

import jwt.jwt;
import jwt.exceptions;
import jwt.algorithms;

void main() {

    // get encoded token from header or ...

    try {

        JwtToken token = JwtToken.verify(encodedToken, "supersecret");

        writeln(token.claims.getInt("id"));

        JSONValue user = token.claims.getObject("user");

        JSONValue[] a = token.claims.getArray("data");

        long userID = user["id"].integer();

        string uri = user["uri"].str();

        writeln(userID);

        writeln(uri);

        writeln(a[0].str());

        writeln(a[1].integer());

    } catch (InvalidAlgorithmException e) {

        writeln("token has an invalid algorithm");

    } catch (InvalidSignatureException e) {

        writeln("This token has been tampered with");

    } catch (NotBeforeException e) {

        writeln("Token is not valid yet");

    } catch (ExpiredException e) {

        writeln("Token has expired");

    }

}

Encoding without signature

import jwt.jwt;
import jwt.algorithms;

void main() {

    JwtToken token = new JwtToken(JwtAlgorithm.NONE);

    token.claims.exp = Clock.currTime.toUnixTime();

    token.claims.set("id", 60119);

    string encodedToken = token.encode();

    // work with the encoded token

}

Verifying without signature

import jwt.jwt;
import jwt.exceptions;
import jwt.algorithms;

void main() {

    // get encoded token from header or ...

    try {

        JwtToken token = JwtToken.verify(encodedToken);

        writeln(token.claims.getInt("id"));

    } catch (NotBeforeException e) {

        writeln("Token is not valid yet");

    } catch (ExpiredException e) {

        writeln("Token has expired");

    }

}

Limitations

  • Since Phobos doesn't(hopefully yet) support RSA algorithms this library only provides HMAC signing.

Note

this library uses code and ideas from jwtd and jwt-go