A JWT library for Janet.
You can install it directly using jpm
jpm install https://github.com/rokf/janet-jwt
or by adding it into your project's dependency tuple
(declare-project
:dependencies [
{ :url "https://github.com/rokf/janet-jwt" :tag "main" }
])
The jwt
module that is part of this library exposes three functions:
encode
decode
verify
The encode
function expects a table or struct, which will represent the token's
claims (payload object). Optionally you can also pass it a signing algorithm
identifier (keyword or string) and a function that implements that signing algorithm.
The signing function is expected to take a string ({header}.{payload}
) and return a
string (the generated signature).
The algorithm will default to :none
if not specified. If the algorithm identifier
is not nil
or :none
then the signing function must be provided as well.
The encode
function will return an encoded and signed JWT token (string).
The decode
function takes an encoded JWT (string
), splits it into parts,
takes the header and payload (claims), decodes them and returns a struct with
:header
and :payload
keys, where values are tables
with
the content.
It does not do any validation or signature verification.
The verify
function takes an encoded JWT (string
) and optionally a
verification function, which is expected to take a signature (string
)
and a message (string
) and return a boolean (true
or false
),
telling if the signature is valid or not.
The message will contain the still encoded header and payload, separated by a dot - basically the JWT without the signature part.
If the verification function is absent the function will check if the
encoded JWT has the :alg
header set to "none"
and if the signature
is an empty string
.
Take a look at the files in the test
folder. The tests are using judge. You can run them by simply running judge
in the root of the repository.
MIT - see the LICENSE
file at the root of the repository for details.