jaguar_jwt library
JWT support for Jaguar.dart web server
This library can be used to generate and process JSON Web Tokens (JWT). For more information about JSON Web Tokens, see RFC 7519.
Currently, only the HMAC SHA-256 algorithm is supported to generate/process a JSON Web Signature (JWS).
To generate a JWT, create a JwtClaim
and use issueJwtHS256:
final claimSet = JwtClaim(
issuer: 'issuer.example.com',
subject: 'BD4A3FC4-9861-4171-8640-20C3004BD059',
audience: <String>['client1.example.com', 'client2.example.com'],
jwtId: _randomString(32),
otherClaims: <String, dynamic>{
'typ': 'authnresponse',
'pld': {'k': 'v'}
},
maxAge: const Duration(minutes: 5));
// Generate a JWT from the claim set
final token = issueJwtHS256(claimSet, sharedSecret);
To process a JWT, use verifyJwtHS256Signature
to verify its signature
and to extract a claim set from it, then verify the claim set using the
JwtClaim.validate
method before using the claims from it.
const _expectedIssuer = 'issuer.example.com';
const _thisClient = 'client1.example.com';
try {
final claimSet = verifyJwtHS256Signature(token, sharedSecret);
claimSet.validate(issuer: _expectedIssuer, audience: _thisClient);
final tokenIdentifier = claimSet.jwtId;
final claimSubject = claimSet.subject;
if (claimSet.containsKey('typ')) {
final typValue = claimSet['typ'];
...
}
...
} on JwtException {
...
}
Classes
- B64urlEncRfc7515
- Implements "Base64url Encoding" as defined RFC 7515.
- JwtClaim
- An immutable set of claims for a Java Web Token (JWT).
Functions
-
defaultJWTHeaderCheck(
Map< String, dynamic> h) → bool - Default JOSE Header checker.
-
issueJwtHS256(
JwtClaim claimSet, String hmacKey) → String - Issues a HMAC SHA-256 signed JWT.
-
verifyJwtHS256Signature(
String token, String hmacKey, {JOSEHeaderCheck? headerCheck = defaultJWTHeaderCheck, bool defaultIatExp = true, Duration maxAge = JwtClaim.defaultMaxAge}) → JwtClaim - Verifies the signature and extracts the claim set from a JWT.
Typedefs
-
JOSEHeaderCheck
= bool Function(Map<
String, dynamic> joseHeader) - Header checking function type used by verifyJwtHS256Signature.
Exceptions / Errors
- JwtException
- JWT exception thrown when an invalid token is encountered while parsing JWT token.