Home Original page

GitHub - deftomat/JustJWT: A JWT library for Dart.

JustJWT

Build Status

A simple JWT library for Dart with support for custom signature algorithms.

Library already supports HS256 and RS256 algorithms.

Usage

A simple encoding example:

import 'dart:async';
import 'package:just_jwt/just_jwt.dart';

main() async {
  var signers = {
    'HS256': toTokenSigner(createHS256Signer('secret')),
    'RS256': toTokenSigner(createRS256Signer('<private key>')),
    // additional supported algorithms
  };
  
  // Creates JWT encoder which supports ONLY tokens with HS256 or RS256 alg.
  var encoder = new Encoder(composeTokenSigners(signers));
  
  var jwt = new Jwt.HS256({'some': 'value'});
  // or var jwt = new Jwt.RS256({'some': 'value'});
  
  // Encodes JWT
  var encodedJwt = await encoder.convert(jwt);
  print(encodedJwt);
}

A simple decoding example:

import 'package:just_jwt/just_jwt.dart';

main() async {
  var verifiers = {
    'HS256': toTokenVerifier(createHS256Verifier('secret')),
    'RS256': toTokenVerifier(createRS256Verifier('<public key>')),
    // additional supported algorithms
  };
  
  // Creates decoder which support ONLY tokens with HS256 or RS256 alg.
  // Unsupported algorithm will cause an UnsupportedVerificationAlgError.
  var decoder = new Decoder(composeTokenVerifiers(verifiers));
  
  var encodedJwt = new EncodedJwt('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoidmFsdWUifQ==.ZHaHisAt9O9fcGFAFanEvsRjlSqAELN7NdXvue-E1PQ=');
  
  var jwt = await decoder.convert(encodedJwt);
}

Functional approach

Each Verifier and Signer is a function.

As you can see in code example, there are a functions like toTokenSigner, toTokenVerifier, composeTokenVerifiers, etc. These functions provide a way how to compose a verifiers and signers.

Also, you can combine a multiple TokenVerifiers into one TokenVerifier with combineTokenVerifiers function:

  var algorithmVerifier = toTokenVerifier(createHS256Verifier('secret'));
  var expirationVerifier = (ToVerify toVerify) async =>  // check token expiration
  
  var verifier = combineTokenVerifiers([algorithmVerifier, expirationVerifier]);
  var decoder = new Decoder(verifier);

Custom algorithm

Algorithm name is always stored in JWT. Encoders/Decoders tries to find a Signer/Verifier by its name in signers/verifiers map.

To support custom algorithm, just implement a JWT interface and create your own Signer/Verifier.