View Source JOSE.JWT (JOSE v1.11.5)
JWT stands for JSON Web Token which is defined in RFC 7519.
encryption-examples
Encryption Examples
signature-examples
Signature Examples
All of the example keys generated below can be found here: https://gist.github.com/potatosalad/925a8b74d85835e285b9
See JOSE.JWS
for more Signature examples. For security purposes, verify_strict/3
is recommended over verify/2
.
hs256
HS256
# let's generate the key we'll use below and define our jwt
jwk_hs256 = JOSE.JWK.generate_key({:oct, 16})
jwt = %{ "test" => true }
# HS256
iex> signed_hs256 = JOSE.JWT.sign(jwk_hs256, %{ "alg" => "HS256" }, jwt) |> JOSE.JWS.compact |> elem(1)
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXN0Ijp0cnVlfQ.XYsFJDhfBZCAKnEZjR0WWd1l1ZPDD4bYpZYMHizexfQ"
# verify_strict/3 is recommended over verify/2
iex> JOSE.JWT.verify_strict(jwk_hs256, ["HS256"], signed_hs256)
{true, %JOSE.JWT{fields: %{"test" => true}},
%JOSE.JWS{alg: {:jose_jws_alg_hmac, {:jose_jws_alg_hmac, :sha256}},
b64: :undefined, fields: %{"typ" => "JWT"}}}
# verify/2 returns the same thing without "alg" whitelisting
iex> JOSE.JWT.verify(jwk_hs256, signed_hs256)
{true, %JOSE.JWT{fields: %{"test" => true}},
%JOSE.JWS{alg: {:jose_jws_alg_hmac, {:jose_jws_alg_hmac, :sha256}},
b64: :undefined, fields: %{"typ" => "JWT"}}}
# the default signing algorithm is also "HS256" based on the type of jwk used
iex> signed_hs256 == JOSE.JWT.sign(jwk_hs256, jwt) |> JOSE.JWS.compact |> elem(1)
true
Link to this section Summary
Functions
Decrypts an encrypted JOSE.JWT
using the jwk
. See JOSE.JWE.block_decrypt/2
.
Encrypts a JOSE.JWT
using the jwk
and the jwe
algorithm. See JOSE.JWK.block_encrypt/3
.
Converts a binary or map into a JOSE.JWT
.
Converts a binary into a JOSE.JWT
.
Reads file and calls from_binary/1
to convert into a JOSE.JWT
.
Converts a map into a JOSE.JWT
.
Converts a :jose_jwt
record into a JOSE.JWT
.
Merges map on right into map on left.
Returns the decoded payload as a JOSE.JWT
of a signed binary or map without verifying the signature. See JOSE.JWS.peek_payload/1
.
Returns the decoded protected as a JOSE.JWS
of a signed binary or map without verifying the signature. See JOSE.JWS.peek_protected/1
.
Signs a JOSE.JWT
using the jwk
and the jws
algorithm. See JOSE.JWK.sign/3
.
Converts a JOSE.JWT
into a binary.
Calls to_binary/1
on a JOSE.JWT
and then writes the binary to file.
Converts a JOSE.JWT
into a map.
Converts a JOSE.JWT
struct to a :jose_jwt
record.
Verifies the signed
using the jwk
and calls from/1
on the payload. See JOSE.JWS.verify/2
.
Verifies the signed
using the jwk
, whitelists the "alg"
using allow
, and calls from/1
on the payload. See JOSE.JWS.verify_strict/3
.
Link to this section Types
@type t() :: %JOSE.JWT{fields: term()}
Link to this section Functions
Decrypts an encrypted JOSE.JWT
using the jwk
. See JOSE.JWE.block_decrypt/2
.
Encrypts a JOSE.JWT
using the jwk
and the default block encryptor algorithm jwe
for the key type. See encrypt/3
.
Encrypts a JOSE.JWT
using the jwk
and the jwe
algorithm. See JOSE.JWK.block_encrypt/3
.
If "typ"
is not specified in the jwe
, %{ "typ" => "JWT" }
will be added.
Converts a binary or map into a JOSE.JWT
.
iex> JOSE.JWT.from(%{ "test" => true })
%JOSE.JWT{fields: %{"test" => true}}
iex> JOSE.JWT.from("{"test":true}")
%JOSE.JWT{fields: %{"test" => true}}
Converts a binary into a JOSE.JWT
.
Reads file and calls from_binary/1
to convert into a JOSE.JWT
.
Converts a map into a JOSE.JWT
.
Converts a :jose_jwt
record into a JOSE.JWT
.
Merges map on right into map on left.
See peek_payload/1
.
Returns the decoded payload as a JOSE.JWT
of a signed binary or map without verifying the signature. See JOSE.JWS.peek_payload/1
.
Returns the decoded protected as a JOSE.JWS
of a signed binary or map without verifying the signature. See JOSE.JWS.peek_protected/1
.
Signs a JOSE.JWT
using the jwk
and the default signer algorithm jws
for the key type. See sign/3
.
Signs a JOSE.JWT
using the jwk
and the jws
algorithm. See JOSE.JWK.sign/3
.
If "typ"
is not specified in the jws
, %{ "typ" => "JWT" }
will be added.
Converts a JOSE.JWT
into a binary.
Calls to_binary/1
on a JOSE.JWT
and then writes the binary to file.
Converts a JOSE.JWT
into a map.
Converts a JOSE.JWT
struct to a :jose_jwt
record.
Verifies the signed
using the jwk
and calls from/1
on the payload. See JOSE.JWS.verify/2
.
Verifies the signed
using the jwk
, whitelists the "alg"
using allow
, and calls from/1
on the payload. See JOSE.JWS.verify_strict/3
.