2013-04-29 13:24:41 +00:00
|
|
|
# clj-jwt
|
|
|
|
|
2018-02-28 12:09:28 +00:00
|
|
|
[![clj-jwt](https://img.shields.io/clojars/v/yogsototh/clj-jwt.svg)](https://clojars.org/yogsototh/clj-jwt)
|
2014-04-19 12:21:35 +00:00
|
|
|
[![Dependency Status](https://www.versioneye.com/user/projects/53462a37e97a46e756000308/badge.png)](https://www.versioneye.com/user/projects/53462a37e97a46e756000308)
|
2018-02-28 12:09:28 +00:00
|
|
|
[![Build Status](https://travis-ci.org/yogsototh/clj-jwt.png?branch=master)](https://travis-ci.org/liquidz/clj-jwt)
|
2013-05-02 16:04:34 +00:00
|
|
|
|
2014-04-19 12:21:35 +00:00
|
|
|
A Clojure library for JSON Web Token(JWT) [draft-ietf-oauth-json-web-token-19](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19)
|
2013-04-29 13:24:41 +00:00
|
|
|
|
2013-05-02 15:47:25 +00:00
|
|
|
## Supporting algorithms
|
|
|
|
* HS256, HS384, HS512
|
|
|
|
* RS256, RS384, RS512
|
2013-05-05 16:27:03 +00:00
|
|
|
* ES256, ES384, ES512
|
2013-05-02 15:47:25 +00:00
|
|
|
|
2013-05-02 16:15:27 +00:00
|
|
|
## Not supporting
|
|
|
|
* JSON Web Encryption (JWE)
|
|
|
|
|
2013-04-29 13:24:41 +00:00
|
|
|
## Usage
|
|
|
|
|
2013-05-02 15:47:25 +00:00
|
|
|
### Generate
|
|
|
|
|
2013-04-29 13:24:41 +00:00
|
|
|
```clojure
|
|
|
|
(ns foo
|
|
|
|
(:require
|
2013-05-05 16:26:11 +00:00
|
|
|
[clj-jwt.core :refer :all]
|
|
|
|
[clj-jwt.key :refer [private-key]]
|
|
|
|
[clj-time.core :refer [now plus days]]))
|
2013-04-29 13:24:41 +00:00
|
|
|
|
|
|
|
(def claim
|
|
|
|
{:iss "foo"
|
|
|
|
:exp (plus (now) (days 1))
|
2014-04-20 09:34:15 +00:00
|
|
|
:iat (now)})
|
2013-04-29 13:24:41 +00:00
|
|
|
|
2013-05-05 16:26:11 +00:00
|
|
|
(def rsa-prv-key (private-key "rsa/private.key" "pass phrase"))
|
|
|
|
(def ec-prv-key (private-key "ec/private.key"))
|
2013-05-02 15:47:25 +00:00
|
|
|
|
2014-04-20 09:34:15 +00:00
|
|
|
;; plain JWT
|
2013-04-29 13:24:41 +00:00
|
|
|
(-> claim jwt to-str)
|
|
|
|
|
2014-04-20 09:34:15 +00:00
|
|
|
;; HMAC256 signed JWT
|
2013-05-02 15:47:25 +00:00
|
|
|
(-> claim jwt (sign :HS256 "secret") to-str)
|
|
|
|
|
2014-04-20 09:34:15 +00:00
|
|
|
;; RSA256 signed JWT
|
2013-05-05 16:26:11 +00:00
|
|
|
(-> claim jwt (sign :RS256 rsa-prv-key) to-str)
|
|
|
|
|
2014-04-20 09:34:15 +00:00
|
|
|
;; ECDSA256 signed JWT
|
2013-05-05 16:26:11 +00:00
|
|
|
(-> claim jwt (sign :ES256 ec-prv-key) to-str)
|
2013-05-02 15:47:25 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
### Verify
|
|
|
|
|
|
|
|
```clojure
|
|
|
|
(ns foo
|
|
|
|
(:require
|
2013-05-05 16:26:11 +00:00
|
|
|
[clj-jwt.core :refer :all]
|
|
|
|
[clj-jwt.key :refer [private-key public-key]]
|
|
|
|
[clj-time.core :refer [now plus days]]))
|
2013-05-02 15:47:25 +00:00
|
|
|
|
|
|
|
(def claim
|
|
|
|
{:iss "foo"
|
|
|
|
:exp (plus (now) (days 1))
|
2014-04-20 09:34:15 +00:00
|
|
|
:iat (now)})
|
2013-05-02 15:47:25 +00:00
|
|
|
|
2013-05-05 16:26:11 +00:00
|
|
|
(def rsa-prv-key (private-key "rsa/private.key" "pass phrase"))
|
|
|
|
(def rsa-pub-key (public-key "rsa/public.key"))
|
|
|
|
(def ec-prv-key (private-key "ec/private.key"))
|
|
|
|
(def ec-pub-key (public-key "ec/public.key"))
|
2013-05-02 15:47:25 +00:00
|
|
|
|
2014-04-20 09:34:15 +00:00
|
|
|
;; verify plain JWT
|
2013-05-02 15:47:25 +00:00
|
|
|
(let [token (-> claim jwt to-str)]
|
|
|
|
(-> token str->jwt verify))
|
|
|
|
|
2014-04-20 09:34:15 +00:00
|
|
|
;; verify HMAC256 signed JWT
|
2013-05-02 15:47:25 +00:00
|
|
|
(let [token (-> claim jwt (sign :HS256 "secret") to-str)]
|
|
|
|
(-> token str->jwt (verify "secret")))
|
2013-04-29 13:24:41 +00:00
|
|
|
|
2014-04-20 09:34:15 +00:00
|
|
|
;; verify RSA256 signed JWT
|
2013-05-05 16:26:11 +00:00
|
|
|
(let [token (-> claim jwt (sign :RS256 rsa-prv-key) to-str)]
|
|
|
|
(-> token str->jwt (verify rsa-pub-key)))
|
|
|
|
|
2014-04-20 09:34:15 +00:00
|
|
|
;; verify ECDSA256 signed JWT
|
2013-05-05 16:26:11 +00:00
|
|
|
(let [token (-> claim jwt (sign :ES256 ec-prv-key) to-str)]
|
|
|
|
(-> token str->jwt (verify ec-pub-key)))
|
2013-04-29 13:24:41 +00:00
|
|
|
```
|
|
|
|
|
2015-04-02 11:39:21 +00:00
|
|
|
You can specify algorithm name (OPTIONAL) for more secure verification.
|
|
|
|
|
|
|
|
```clj
|
|
|
|
(ns foo
|
|
|
|
(:require
|
|
|
|
[clj-jwt.core :refer :all]))
|
|
|
|
|
|
|
|
;; verify with specified algorithm
|
|
|
|
(let [key "secret"
|
|
|
|
token (-> {:foo "bar"} jwt (sign :HS256 key) to-str)]
|
|
|
|
(-> token str->jwt (verify :HS256 key)) ;; => true
|
|
|
|
(-> token str->jwt (verify :none key))) ;; => false
|
|
|
|
```
|
|
|
|
|
2015-05-02 05:50:33 +00:00
|
|
|
### Decode
|
|
|
|
|
|
|
|
```clj
|
|
|
|
(ns foo
|
|
|
|
(:require
|
|
|
|
[clj-jwt.core :refer :all]))
|
|
|
|
|
|
|
|
(def claim
|
|
|
|
{:iss "foo"
|
|
|
|
:exp (plus (now) (days 1))
|
|
|
|
:iat (now)})
|
|
|
|
|
|
|
|
;; decode plain JWT
|
|
|
|
(let [token (-> claim jwt to-str)]
|
|
|
|
(println (-> token str->jwt :claims)))
|
|
|
|
|
|
|
|
;; decode signed JWT
|
|
|
|
(let [token (-> claim jwt (sign :HS256 "secret") to-str)]
|
|
|
|
(println (-> token str->jwt :claims)))
|
|
|
|
```
|
|
|
|
|
2013-04-29 13:24:41 +00:00
|
|
|
## License
|
|
|
|
|
2015-02-25 22:43:08 +00:00
|
|
|
Copyright © 2015 [uochan](http://twitter.com/uochan)
|
2013-04-29 13:24:41 +00:00
|
|
|
|
|
|
|
Distributed under the Eclipse Public License, the same as Clojure.
|