Zig implementation of JSON Web Tokens (RFC 7519).
const std = @import("std");
const jwt = @import("jwt");
const ExamplePayload = struct {
custom_data: []const u8,
};
pub fn main() !void {
var alg = jwt.algorithms.signature.Hs256{ .secret = "example" };
const codec = jwt.Codec{
.sig_algorithm = alg.algorithm(),
};
// Encode and print the encoded string
const payload = ExamplePayload{ .custom_data = "example data" };
const token = try codec.encode(std.heap.page_allocator, payload);
std.debug.print("JWT = {s}\n", .{token});
// Decode and show the decoded parts
const decoded = try codec.decode(ExamplePayload, std.heap.page_allocator, token);
std.debug.print(
"\nDECODED:\nalg = {s}\ntyp = {?s}\ncustom_data = {s}\n",
.{ decoded.header.alg, decoded.header.typ, decoded.payload.custom_data },
);
}
Claim verification is not implemented yet.
Future work includes adding features to verify aud
, exp
, iat
and nbf
claims as described in Section 4 of the RFC.
Supported | alg Parameter | Description |
---|---|---|
✅ | HS256 | HMAC using SHA-256 hash algorithm |
❌ | HS384 | HMAC using SHA-384 hash algorithm |
❌ | HS512 | HMAC using SHA-512 hash algorithm |
❌ | RS256 | RSASSA-PKCS1-v1_5 using SHA-256 hash algorithm |
❌ | RS384 | RSASSA-PKCS1-v1_5 using SHA-384 hash algorithm |
❌ | RS512 | RSASSA-PKCS1-v1_5 using SHA-512 hash algorithm |
❌ | PS256 | RSASSA-PSS using SHA-256 hash algorithm |
❌ | PS384 | RSASSA-PSS using SHA-384 hash algorithm |
❌ | PS512 | RSASSA-PSS using SHA-512 hash algorithm |
✅ | ES256 | ECDSA using P-256 curve and SHA-256 hash algorithm |
❌ | ES384 | ECDSA using P-384 curve and SHA-384 hash algorithm |
❌ | ES512 | ECDSA using P-521 curve and SHA-512 hash algorithm |
✅ | none | No digital signature or MAC value included |