Skip to content

TimeZynk/clj-jwt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits

resources

resources

 
 

src/com/timezynk/clj_jwt

src/com/timezynk/clj_jwt

 
 

test/com/timezynk/clj_jwt

test/com/timezynk/clj_jwt

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

README.md

README.md

 
 

project.clj

project.clj

 
 

Repository files navigation

TimeZynk/clj-jwt Clojars Project

A Clojure library for JSON Web Token(JWT), forked from https://github.com/liquidz/clj-jwt

Supporting algorithms

  • HS256, HS384, HS512
  • RS256, RS384, RS512
  • ES256, ES384, ES512

Not supporting

  • JSON Web Encryption (JWE)

Usage

Leiningen

com.timezynk.clj-jwt

Generate

(ns foo
  (:require
   [com.timezynk.clj-jwt.core :refer [jwt sign to-str]]
   [com.timezynk.clj-jwt.key  :refer [private-key]]
   [java-time.api :refer [days plus zoned-date-time]]))

(def claim
  {:iss "foo"
   :exp (plus (zoned-date-time) (days 1))
   :iat (zoned-date-time)})

(def rsa-prv-key (private-key "rsa/private.key" "pass phrase"))
(def ec-prv-key  (private-key "ec/private.key"))

;; plain JWT
(-> claim jwt to-str)

;; HMAC256 signed JWT
(-> claim jwt (sign :HS256 "secret") to-str)

;; RSA256 signed JWT
(-> claim jwt (sign :RS256 rsa-prv-key) to-str)

;; ECDSA256 signed JWT
(-> claim jwt (sign :ES256 ec-prv-key) to-str)

Verify

(ns foo
  (:require
   [com.timezynk.clj-jwt.core :refer [jwt sign str->jwt to-str verify]]
   [com.timezynk.clj-jwt.key  :refer [private-key public-key]]
   [java-time.api :refer [days plus zoned-date-time]]))

(def claim
  {:iss "foo"
   :exp (plus (zoned-date-time) (days 1))
   :iat (zoned-date-time)})

(def rsa-prv-key (private-key "rsa/private.key" "pass phrase"))
(def rsa-pub-key (public-key  "rsa/public.key"))
(def ec-prv-key  (private-key "ec/private.key"))
(def ec-pub-key  (public-key  "ec/public.key"))

;; verify plain JWT
(let [token (-> claim jwt to-str)]
  (-> token str->jwt verify))

;; verify HMAC256 signed JWT
(let [token (-> claim jwt (sign :HS256 "secret") to-str)]
  (-> token str->jwt (verify "secret")))

;; verify RSA256 signed JWT
(let [token (-> claim jwt (sign :RS256 rsa-prv-key) to-str)]
  (-> token str->jwt (verify rsa-pub-key)))

;; verify ECDSA256 signed JWT
(let [token (-> claim jwt (sign :ES256 ec-prv-key) to-str)]
  (-> token str->jwt (verify ec-pub-key)))

You can specify algorithm name (OPTIONAL) for more secure verification.

(ns foo
  (:require
   [com.timezynk.clj-jwt.core :refer [jwt sign str->jwt to-str verify]]))

;; verify with specified algorithm
(let [key   "secret"
      token (-> {:foo "bar"} jwt (sign :HS256 key) to-str)]
  (-> token str->jwt (verify :HS256 key)) ;; => true
  (-> token str->jwt (verify :none key))) ;; => false

Decode

(ns foo
  (:require
   [com.timezynk.clj-jwt.core :refer [jwt sign str->jwt to-str verify]]
   [java-time.api :refer [days plus zoned-date-time]]))

(def claim
  {:iss "foo"
   :exp (plus (zoned-date-time) (days 1))
   :iat (zoned-date-time)})

;; decode plain JWT
(let [token (-> claim jwt to-str)]
  (println (-> token str->jwt :claims)))

;; decode signed JWT
(let [token (-> claim jwt (sign :HS256 "secret") to-str)]
  (println (-> token str->jwt :claims)))

About

Clojure library for JSON Web Token(JWT)

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 7

Languages