Skip to content

Latest commit

 

History

History
47 lines (35 loc) · 2.12 KB

README.md

File metadata and controls

47 lines (35 loc) · 2.12 KB

redbean-jwt  JSON Web Token for redbean

jwt.io badge-compatible

Compatible algorithms

none, HS256, HS384 and HS512

What is JSON Web Token?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
This information can be verified and trusted because it is digitally signed.
JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
source: jwt.io/introduction

How to use

Read the documentation

Notes

jwt.lua is possible because redbean 2.0.11 introduced EncodeJson and DecodeJson.
Previous versions did not have these functions.
If jwt.lua is needed for a previous version, a bit of work is required to make jwt.lua compatible.
json.stringify and json.parse in this gist can be used in place of EncodeJson and DecodeJson.

Consider the header & payload to be unencrypted and visible for the whole world.
So it is recommended not to use it for unencrypted credentials/personal data.

GetCryptoHash is used to create the JWT signature segment.
As of writing this, the function expects one of the following strings:
MD5, SHA1, SHA224, SHA256, SHA384, SHA512, BLAKE2B256.
The SHA256, SHA384, SHA512 are equal to HS256, HS384, HS512.
For compatibility’s sake the received HS algo's are renamed to SHA counterpart by a lookup table.
It is possible to use the other algorithms in a JWT, but this breaks compatibility.

More awesome projects

Check out this collection with awesome-cosmopolitan projects