It currently supports HS256, HS384, and HS512 signing algorithms.
<cfscript> // Initialize the component with the secret signing key jwtObj = jwt(secretkey); // Encode the data structure as a json web token // NB, using "token" as a variable name seems to cause issues thetoken = jwtObj.encode(payload); // Decode the thetoken and get the data structure back. This is will throw an error if the thetoken is invalid result = jwtObj.decode(thetoken); </cfscript>
Support for registered claims
exp registered claims that can be part of the payload. Verification of the token will fail if the token is not yet active or if the token is expired according to the
exp claims. They should be numeric dates in Unix epoch time according to the JWT spec.
To ignore the
exp claim during verification, pass
ignoreExpiration=true when instantiating the JWT instance. For example:
jwtObj = jwt(key=secretkey, ignoreExpiration=true);
Also supports the
iss registered claims during verification. If you don't pass
issuer during instantiation, the claims will be ignored during verification. If you do pass them, they'll be included during the verification process. Here's an example:
jwtObj = jwt(key=secretkey, audience="myaudiencevalue", issuer="myissuervalue");