How does it compare to https://github.com/tanmaykm/JWTs.jl

[schlichtanders]

need to choose between this package and JWTs.jl

can you tell what is the difference?

[JBlaschke]

I think one of the main differences is the workflow: JWTs.jl wants a URI (either on a server or a file) to a json payload containing the private key params. This has the format of a list of keys with key IDs (kid field in the json structure). JWTs.jl then references those keys by kid.

JSONWebTokens.jl on the other hand constructs encoding objects from files (e.g. RSA requires a file in .pem format). Encoding / signing then happens by passing the encoding object together with the payload.

If you take a look here:

• JSONWebTokens.jl/src/rs.jl

  Line 111 in 4f0e080

  signature = MbedTLS.sign(encoding.key, md, MbedTLS.digest(md, data), MersenneTwister(0))

• https://github.com/tanmaykm/JWTs.jl/blob/8eeb3181239772f8ea92c8f6001605e5b4433b32/src/JWTs.jl#L225

Then you can see that -- at least for RSA -- they do the same.

Personally I think that JSONWebTokens.jl's workflow is less clumsy (i.e. I don't have to specify a URI to a list of keys, and fetch those keys, and keep track of their IDs). With JSONWebTokens.jl I simply generate an encoding object from a file -- and this encoding object can then be passed around. I would love to add the ability to ingest JSON-formatted keys to JSONWebTokens.jl though, as the server I work with doesn't generate .pem formatted keys.