View Source JOSE.JWT (JOSE v1.11.5)
JWT stands for JSON Web Token which is defined in RFC 7519.
encryption-examples
Encryption Examples
signature-examples
Signature Examples
All of the example keys generated below can be found here: https://gist.github.com/potatosalad/925a8b74d85835e285b9
See JOSE.JWS for more Signature examples. For security purposes, verify_strict/3 is recommended over verify/2.
hs256
HS256
# let's generate the key we'll use below and define our jwt
jwk_hs256 = JOSE.JWK.generate_key({:oct, 16})
jwt = %{ "test" => true }
# HS256
iex> signed_hs256 = JOSE.JWT.sign(jwk_hs256, %{ "alg" => "HS256" }, jwt) |> JOSE.JWS.compact |> elem(1)
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXN0Ijp0cnVlfQ.XYsFJDhfBZCAKnEZjR0WWd1l1ZPDD4bYpZYMHizexfQ"
# verify_strict/3 is recommended over verify/2
iex> JOSE.JWT.verify_strict(jwk_hs256, ["HS256"], signed_hs256)
{true, %JOSE.JWT{fields: %{"test" => true}},
%JOSE.JWS{alg: {:jose_jws_alg_hmac, {:jose_jws_alg_hmac, :sha256}},
b64: :undefined, fields: %{"typ" => "JWT"}}}
# verify/2 returns the same thing without "alg" whitelisting
iex> JOSE.JWT.verify(jwk_hs256, signed_hs256)
{true, %JOSE.JWT{fields: %{"test" => true}},
%JOSE.JWS{alg: {:jose_jws_alg_hmac, {:jose_jws_alg_hmac, :sha256}},
b64: :undefined, fields: %{"typ" => "JWT"}}}
# the default signing algorithm is also "HS256" based on the type of jwk used
iex> signed_hs256 == JOSE.JWT.sign(jwk_hs256, jwt) |> JOSE.JWS.compact |> elem(1)
trueLink to this section Summary
Functions
Decrypts an encrypted JOSE.JWT using the jwk. See JOSE.JWE.block_decrypt/2.
Encrypts a JOSE.JWT using the jwk and the jwe algorithm. See JOSE.JWK.block_encrypt/3.
Converts a binary or map into a JOSE.JWT.
Converts a binary into a JOSE.JWT.
Reads file and calls from_binary/1 to convert into a JOSE.JWT.
Converts a map into a JOSE.JWT.
Converts a :jose_jwt record into a JOSE.JWT.
Merges map on right into map on left.
Returns the decoded payload as a JOSE.JWT of a signed binary or map without verifying the signature. See JOSE.JWS.peek_payload/1.
Returns the decoded protected as a JOSE.JWS of a signed binary or map without verifying the signature. See JOSE.JWS.peek_protected/1.
Signs a JOSE.JWT using the jwk and the jws algorithm. See JOSE.JWK.sign/3.
Converts a JOSE.JWT into a binary.
Calls to_binary/1 on a JOSE.JWT and then writes the binary to file.
Converts a JOSE.JWT into a map.
Converts a JOSE.JWT struct to a :jose_jwt record.
Verifies the signed using the jwk and calls from/1 on the payload. See JOSE.JWS.verify/2.
Verifies the signed using the jwk, whitelists the "alg" using allow, and calls from/1 on the payload. See JOSE.JWS.verify_strict/3.
Link to this section Types
@type t() :: %JOSE.JWT{fields: term()}
Link to this section Functions
Decrypts an encrypted JOSE.JWT using the jwk. See JOSE.JWE.block_decrypt/2.
Encrypts a JOSE.JWT using the jwk and the default block encryptor algorithm jwe for the key type. See encrypt/3.
Encrypts a JOSE.JWT using the jwk and the jwe algorithm. See JOSE.JWK.block_encrypt/3.
If "typ" is not specified in the jwe, %{ "typ" => "JWT" } will be added.
Converts a binary or map into a JOSE.JWT.
iex> JOSE.JWT.from(%{ "test" => true })
%JOSE.JWT{fields: %{"test" => true}}
iex> JOSE.JWT.from("{"test":true}")
%JOSE.JWT{fields: %{"test" => true}}Converts a binary into a JOSE.JWT.
Reads file and calls from_binary/1 to convert into a JOSE.JWT.
Converts a map into a JOSE.JWT.
Converts a :jose_jwt record into a JOSE.JWT.
Merges map on right into map on left.
See peek_payload/1.
Returns the decoded payload as a JOSE.JWT of a signed binary or map without verifying the signature. See JOSE.JWS.peek_payload/1.
Returns the decoded protected as a JOSE.JWS of a signed binary or map without verifying the signature. See JOSE.JWS.peek_protected/1.
Signs a JOSE.JWT using the jwk and the default signer algorithm jws for the key type. See sign/3.
Signs a JOSE.JWT using the jwk and the jws algorithm. See JOSE.JWK.sign/3.
If "typ" is not specified in the jws, %{ "typ" => "JWT" } will be added.
Converts a JOSE.JWT into a binary.
Calls to_binary/1 on a JOSE.JWT and then writes the binary to file.
Converts a JOSE.JWT into a map.
Converts a JOSE.JWT struct to a :jose_jwt record.
Verifies the signed using the jwk and calls from/1 on the payload. See JOSE.JWS.verify/2.
Verifies the signed using the jwk, whitelists the "alg" using allow, and calls from/1 on the payload. See JOSE.JWS.verify_strict/3.