An Elixir implementation of the JSON Web Token (JWT) standard RFC 7519
Add JsonWebToken as a dependency in your mix.exs
file:
defp deps do
[{:json_web_token, "~> 0.2"}]
end
Returns a JSON Web Token string
claims
(required) string or map
options
(required) map
"HS256"
)Include any JWS JOSE header parameters (RFC 7515) in the options map
Example
# sign with default algorithm, HMAC SHA256
jwt = JsonWebToken.sign(%{foo: "bar"}, %{key: "gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C"})
# sign with RSA SHA256 algorithm
private_key = JsonWebToken.Algorithm.RsaUtil.private_key("path/to/", "key.pem")
opts = %{
alg: "RS256",
key: private_key
}
jwt = JsonWebToken.sign(%{foo: "bar"}, opts)
# unsecured token (algorithm is "none")
jwt = JsonWebToken.sign(%{foo: "bar"}, %{alg: "none"})
Returns a tuple, either:
"jwt"
(required) is a JSON web token string
options
(required) map
"HS256"
)Example
secure_jwt_example = "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt.cGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
# verify with default algorithm, HMAC SHA256
{:ok, claims} = JsonWebToken.verify(secure_jwt_example, %{key: "gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C"})
# verify with RSA SHA256 algorithm
opts = %{
alg: "RS256",
key: < RSA public key >
}
{:ok, claims} = JsonWebToken.verify(jwt, opts)
# unsecured token (algorithm is "none")
unsecured_jwt_example = "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt."
{:ok, claims} = JsonWebToken.verify(unsecured_jwt_example, %{alg: "none"})
alg Param Value | Digital Signature or MAC Algorithm |
---|---|
HS256 | HMAC using SHA-256 per RFC 2104 |
HS384 | HMAC using SHA-384 |
HS512 | HMAC using SHA-512 |
RS256 | RSASSA-PKCS-v1_5 using SHA-256 per RFC3447 |
RS384 | RSASSA-PKCS-v1_5 using SHA-384 |
RS512 | RSASSA-PKCS-v1_5 using SHA-512 |
ES256 | ECDSA using P-256 and SHA-256 per DSS |
ES384 | ECDSA using P-384 and SHA-384 |
ES512 | ECDSA using P-521 and SHA-512 |
none | No digital signature or MAC performed (unsecured) |
A companion Hex package, JWT Claims, provides support for verifying these optional, registered claim names:
Elixir 1.4 and up
Future implementation may include these features: