gwt
Types
Available JSON Web Algorithms used for encoding and decdoing signatures in from_signed_string and to_signed_string.
If JWT calls for a different algorithm than the ones listed here from_signed_string will fail
with the JwtDecodeError UnsupportedSigningAlgorithm.
pub type Algorithm {
HS256
HS384
HS512
}Constructors
-
HS256 -
HS384 -
HS512
pub type JwtDecodeError {
MissingHeader
MissingPayload
MissingSignature
InvalidHeader
InvalidPayload
InvalidSignature
InvalidExpiration
TokenExpired
TokenNotValidYet
InvalidNotBefore
NoAlg
InvalidAlg
UnsupportedSigningAlgorithm
MissingClaim
InvalidClaim(List(DecodeError))
}Constructors
-
MissingHeader -
MissingPayload -
MissingSignature -
InvalidHeader -
InvalidPayload -
InvalidSignature -
InvalidExpiration -
TokenExpired -
TokenNotValidYet -
InvalidNotBefore -
NoAlg -
InvalidAlg -
UnsupportedSigningAlgorithm -
MissingClaim -
InvalidClaim(List(DecodeError))
A phantom type representing an unverified Jwt.
pub type UnverifiedFunctions
pub fn from_signed_string(
jwt_string: String,
secret: String,
) -> Result(Jwt(Verified), JwtDecodeError)Decode a signed JWT string into a verified Jwt.
Returns Ok(Jwt(Unverified)) if it is a valid JWT and the JWT’s signature is successfully verified,
and Error(JwtDecodeError) otherwise.
At the moment this library only supports HS256, HS384, and HS512 hashing algorithms.
if a JWT’s alg claim calls for any other this function will return Error(UnsupportedSigningAlgorithm).
import gwt.{type Jwt, type Verified, type JwtDecodeError}
fn example(jwt_string: String) -> Result(Jwt(Verified), JwtDecodeError) {
gwt.from_signed_string(jwt_string, "some secret")
}
pub fn from_string(
jwt_string: String,
) -> Result(Jwt(Unverified), JwtDecodeError)Decode a JWT string into an unverified Jwt.
Returns Ok(Jwt(Unverified)) if it is a valid JWT, and Error(JwtDecodeError) otherwise.
import gwt.{type Jwt, type Unverified, type JwtDecodeError}
fn example(jwt_string: String) -> Result(Jwt(Unverified), JwtDecodeError) {
gwt.from_string(jwt_string)
}
pub fn get_audience(
from jwt: Jwt(a),
) -> Result(String, JwtDecodeError)Retrieve the aud from the JWT’s payload.
Returns Error(Nil) if the sub is not present or if it is invalid.
If you know the aud claim is not of type String you can use get_payload_claim
to retrieve and decode it manually.
import gwt
fn example() {
let jwt_with_aud =
gwt.new()
|> jwt.set_audience("gleam")
let assert Ok(audience) = gwt.get_audience(jwt_with_aud)
let jwt_without_aud = gwt.new()
let assert Error(MissingClaim) = gwt.get_audience(jwt_without_aud)
}
pub fn get_expiration(
from jwt: Jwt(a),
) -> Result(Int, JwtDecodeError)Retrieve the exp from the JWT’s payload.
Returns Error(Nil) if the exp is not present or if it is invalid.
If you know the exp claim is not of type String you can use get_payload_claim
to retrieve and decode it manually.
import gwt
fn example() {
let jwt_with_exp =
gwt.new()
|> jwt.set_not_before("gleam")
let assert Ok(expiration) = gwt.get_not_before(jwt_with_exp)
let jwt_without_exp = gwt.new()
let assert Error(MissingClaim) = gwt.get_not_before(jwt_without_exp)
}
pub fn get_header_claim(
from jwt: Jwt(a),
claim claim: String,
decoder decoder: fn(Dynamic) -> Result(b, List(DecodeError)),
) -> Result(b, Nil)Retrieve and decode a claim from a JWT’s header.
Returns Error if the claim is not present or if it is invalid based on the passed in decoder.
import gwt
import gleam/json
import gleam/dynamic
fn example() {
let jwt_with_custom_claim =
gwt.new()
|> gwt.set_header_claim("gleam", json.string("lucy"))
let assert Ok("lucy") =
gwt.get_header_claim(jwt_with_custom_claim, "gleam", dynamic.string)
let assert Error(MissingClaim) =
gwt.get_header_claim(jwt_with_custom_claim, "gleam", dynamic.int)
}
pub fn get_issued_at(
from jwt: Jwt(a),
) -> Result(Int, JwtDecodeError)Retrieve the iat from the JWT’s payload.
Returns Error(Nil) if the iat is not present or if it is invalid.
If you know the iat claim is not of type String you can use get_payload_claim
to retrieve and decode it manually.
import gwt
fn example() {
let jwt_with_iat =
gwt.new()
|> jwt.set_issued_at("gleam")
let assert Ok(issued_at) = gwt.get_issued_at(jwt_with_iat)
let jwt_without_iat = gwt.new()
let assert Error(MissingClaim) = gwt.get_issued_at(jwt_without_iat)
}
pub fn get_issuer(
from jwt: Jwt(a),
) -> Result(String, JwtDecodeError)Retrieve the iss from the JWT’s payload.
Returns Error(Nil) if the iss is not present or if it is invalid.
If you know the iss claim is not of type String you can use get_payload_claim
to retrieve and decode it manually.
import gwt
fn example() {
let jwt_with_iss =
gwt.new()
|> jwt.set_issuer("gleam")
let assert Ok(issuer) = gwt.get_issuer(jwt_with_iss)
let jwt_without_iss = gwt.new()
let assert Error(MissingClaim) = gwt.get_issuer(jwt_without_iss)
}
pub fn get_jwt_id(
from jwt: Jwt(a),
) -> Result(String, JwtDecodeError)Retrieve the jti from the JWT’s payload.
Returns Error(Nil) if the jti is not present or if it is invalid.
If you know the jti claim is not of type String you can use get_payload_claim
to retrieve and decode it manually.
import gwt
fn example() {
let jwt_with_jti =
gwt.new()
|> jwt.set_jwt_id("gleam")
let assert Ok(jwt_id) = gwt.get_jwt_id(jwt_with_jti)
let jwt_without_jti = gwt.new()
let assert Error(MissingClaim) = gwt.get_jwt_id(jwt_without_jti)
}
pub fn get_not_before(
from jwt: Jwt(a),
) -> Result(Int, JwtDecodeError)Retrieve the nbf from the JWT’s payload.
Returns Error(Nil) if the nbf is not present or if it is invalid.
If you know the nbf claim is not of type String you can use get_payload_claim
to retrieve and decode it manually.
import gwt
fn example() {
let jwt_with_sub =
gwt.new()
|> jwt.set_not_before("gleam")
let assert Ok(not_before) = gwt.get_not_before(jwt_with_nbf)
let jwt_without_nbf = gwt.new()
let assert Error(MissingClaim) = gwt.get_not_before(jwt_without_nbf)
}
pub fn get_payload_claim(
from jwt: Jwt(a),
claim claim: String,
decoder decoder: fn(Dynamic) -> Result(b, List(DecodeError)),
) -> Result(b, JwtDecodeError)Retrieve and decode a claim from a JWT’s payload.
Returns Error if the claim is not present or if it is invalid based on the passed in decoder.
import gwt
import gleam/json
import gleam/dynamic
fn example() {
let jwt_with_custom_claim =
gwt.new()
|> gwt.set_payload_claim("gleam", json.string("lucy"))
let assert Ok("lucy") =
gwt.get_payload_claim(jwt_with_custom_claim, "gleam", dynamic.string)
let assert Error(MissingClaim) =
gwt.get_payload_claim(jwt_with_custom_claim, "gleam", dynamic.int)
}
pub fn get_subject(
from jwt: Jwt(a),
) -> Result(String, JwtDecodeError)Retrieve the sub from the JWT’s payload.
Returns Error(Nil) if the sub is not present or if it is invalid.
If you know the sub claim is not of type String you can use get_payload_claim
to retrieve and decode it manually.
import gwt
fn example() {
let jwt_with_sub =
gwt.new()
|> jwt.set_subject("gleam")
let assert Ok(subject) = gwt.get_issuer(jwt_with_sub)
let jwt_without_sub = gwt.new()
let assert Error(MissingClaim) = gwt.get_subject(jwt_without_sub)
}
pub fn new() -> Jwt(Unverified)Creates an Unverified Jwt with an empty payload and a header that only
contains the cliams "typ": "JWT", and "alg": "none".
import gwt.{type Jwt, type Unverified}
fn example() -> Jwt(Unverified) {
gwt.new()
}
pub fn set_audience(
jwt: Jwt(a),
to aud: String,
) -> Jwt(Unverified)Set the aud claim of a payload, and changing the JWT to unverified.
import gwt
fn example() {
gwt.new()
|> gwt.set_audience("gleam")
}
pub fn set_expiration(
jwt: Jwt(a),
to exp: Int,
) -> Jwt(Unverified)Set the exp claim of a payload, and changing the JWT to unverified.
import gwt
import birl
fn example() {
let five_minutes = birl.to_unix(birl.now()) + 300
gwt.new()
|> gwt.set_expiration(five_minutes)
}
pub fn set_header_claim(
jwt: Jwt(a),
set claim: String,
to value: Json,
) -> Jwt(Unverified)Set a custom header claim to a given JSON value, and changing the JWT to unverified.
import gleam/json
import gwt
fn example() {
gwt.new()
|> gwt.set_header_claim("gleam", json.string("lucy"))
}
pub fn set_issued_at(jwt: Jwt(a), to iat: Int) -> Jwt(Unverified)Set the nbf claim of a payload, and changing the JWT to unverified.
import gwt
import birl
fn example() {
gwt.new()
|> gwt.set_not_before(birl.to_unix(birl.now()))
}
pub fn set_issuer(jwt: Jwt(a), to iss: String) -> Jwt(Unverified)Set the iss claim of a payload, and changing the JWT to unverified.
import gwt
fn example() {
gwt.new()
|> gwt.set_issuer("gleam")
}
pub fn set_jwt_id(jwt: Jwt(a), to jti: String) -> Jwt(Unverified)Set the jti claim of a payload, and changing the JWT to unverified.
import gwt
import birl
fn example() {
gwt.new()
|> gwt.set_jwt_id("gleam")
}
pub fn set_not_before(
jwt: Jwt(a),
to nbf: Int,
) -> Jwt(Unverified)Set the nbf claim of a payload, and changing the JWT to unverified.
import gwt
import birl
fn example() {
let five_minutes = birl.to_unix(birl.now()) + 300
gwt.new()
|> gwt.set_not_before(five_minutes)
}
pub fn set_payload_claim(
jwt: Jwt(a),
set claim: String,
to value: Json,
) -> Jwt(Unverified)Set a custom payload claim to a given JSON value, and changing the JWT to unverified.
import gleam/json
import gwt
fn example() {
gwt.new()
|> gwt.set_payload_claim("gleam", json.string("lucy"))
}
pub fn set_subject(
jwt: Jwt(a),
to sub: String,
) -> Jwt(Unverified)Set the sub claim of a payload, and changing the JWT to unverified.
import gwt
fn example() {
gwt.new()
|> gwt.set_subject("gleam")
}
pub fn to_signed_string(
jwt: Jwt(a),
alg: Algorithm,
secret: String,
) -> String