Skip to content
This repository has been archived by the owner on Nov 8, 2021. It is now read-only.

deftomat/JustJWT

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

JustJWT

Build Status

A simple JWT library for Dart with support for custom signature algorithms.

Library already supports HS256 and RS256 algorithms.

Usage

A simple encoding example:

import 'package:just_jwt/just_jwt.dart';

main() {
  var signers = {
    'HS256': toTokenSigner(createHS256Signer('secret'))
    'RS256': toTokenSigner(createRS256Signer('<private key>')),
    // additional supported algorithms
  };
  
  // Creates JWT encoder which supports ONLY tokens with HS256 or RS256 alg.
  var encoder = new Encoder(composeTokenSigners(signers));
  
  var jwt = new Jwt.HS256({'some': 'value'});
  // or var jwt = new Jwt.RS256({'some': 'value'});
  
  // Encodes JWT
  var encodedJwt = encoder.convert(jwt);
  print(encodedJwt);
}

A simple decoding example:

import 'package:just_jwt/just_jwt.dart';

main() {
  var verifiers = {
    'HS256': toTokenVerifier(createHS256Verifier('secret')),
    'RS256': toTokenVerifier(createRS256Verifier('<public key>')),
    // additional supported algorithms
  };
  
  // Creates decoder which support ONLY tokens with HS256 or RS256 alg.
  // Unsupported algorithm will cause an UnsupportedVerificationAlgError.
  var decoder = new Decoder(composeTokenVerifiers(verifiers));
  
  var encodedJwt = new EncodedJwt('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoidmFsdWUifQ==.ZHaHisAt9O9fcGFAFanEvsRjlSqAELN7NdXvue-E1PQ=');
  
  var jwt = decoder.convert(encodedJwt);
}

Functional approach

Each Verifier and Signer is a function.

As you can see in code example, there are a functions like toTokenSigner, toTokenVerifier, composeTokenVerifiers, etc. These functions provide a way how to compose a verifiers and signers.

Also, you can combine a multiple TokenVerifiers into one TokenVerifier with combineTokenVerifiers function:

  var algorithmVerifier = toTokenVerifier(createHS256Verifier('secret'));
  var expirationVerifier = (ToVerify toVerify) => // check token expiration
  
  var verifier = combineTokenVerifiers([algorithmVerifier, expirationVerifier]);
  var decoder = new Decoder(verifier);

Custom algorithm

Algorithm name is always stored in JWT. Encoders/Decoders tries to find a Signer/Verifier by its name in signers/verifiers map.

To support custom algorithm, just implement a JWT interface and create your own Signer/Verifier.