search

Zaubrik / djwt

Create and verify JSON Web Tokens (JWT) with Deno or the browser.
MIT License
228 stars 23 forks source link

need some real world examples #61

Open ralyodio opened 3 years ago

ralyodio commented 3 years ago

All the tutorials out there I could find seem to use an outdated api for djwt.

I'm looking to just authetnicate a user upon login and validate them for authorized api calls.

ausgomez commented 3 years ago

Hi ,

I have created a very simple Auth Deno Api using this same repo and some other tools. It includes some examples on how to login, register and use your JWT token to do some requests

https://github.com/Anstroy/deno-api/

I invite you to take a look at it, I am updating some of the README.md file for documentation, let me know if you have any questions about it.

Thanks

authcompanion commented 3 years ago

Check out https://github.com/authcompanion/authcompanion - recently updated for the latest djwt apis

transtone commented 2 years ago

please add a importKey example:

const key = await crypto.subtle.importKey(
  "raw",
  new TextEncoder().encode("your secret string"),
  { name: "HMAC", hash: "SHA-256" },
  true,
  ["sign", "verify"],
)
timonson commented 2 years ago

@transtone if this is not enough you can find other examples here or on mdn.

transtone commented 2 years ago

for someone who not know much about decode/encode/base64/cryptokey etc like me, can't find a way to get binaryDer in https://github.com/timonson/djwt/blob/master/examples/pkcs8_storing.ts#L19

a fine example like https://jwt.io does is very nice.

KaKi87 commented 2 years ago

Switching from this :

import {
    create,
    verify
} from 'https://deno.land/x/djwt@v2.2/mod.ts';

export const
    signJwt = async (
        data,
        secret
    ) => await create(
        {
            alg: 'HS256',
            typ: 'JWT'
        },
        data,
        secret
    ),
    verifyJwt = async (
        jwt,
        secret
    ) => await verify(
        jwt,
        secret,
        'HS256'
    );

To this :

import {
    create,
    verify
} from 'https://deno.land/x/djwt@v2.7/mod.ts';

const
    cryptoArgs = [
        { name: 'HMAC', hash: 'SHA-256' },
        true,
        ['sign', 'verify']
    ],
    keyToSecret = async key => (await crypto.subtle.exportKey(
        'jwk',
        key
    )).k,
    secretToKey = secret => crypto.subtle.importKey(
        'raw',
        new TextEncoder().encode(secret),
        ...cryptoArgs
    );

export const
    generateSecret = async () => await keyToSecret(await crypto.subtle.generateKey(...cryptoArgs)),
    signJwt = async (
        data,
        secret
    ) => await create(
        {
            alg: 'HS256',
            typ: 'JWT'
        },
        data,
        await secretToKey(secret)
    ),
    verifyJwt = async (
        jwt,
        secret
    ) => await verify(
        jwt,
        await secretToKey(secret)
    );

took me much more time than it would have if all of those methods were documented on the README.

Also, PR #54, which introduced those changes, should have been released as a new major version according to article 8 of SemVer specification :

Major version X (X.y.z | X > 0) MUST be incremented if any backwards incompatible changes are introduced to the public API.

Thanks

timonson commented 2 years ago

took me much more time than it would have if all of those methods were documented on the README

PRs are welcome!

should have been released as a new major version

Good point, thank you!