jaguar_jwt 3.0.0 copy "jaguar_jwt: ^3.0.0" to clipboard
jaguar_jwt: ^3.0.0 copied to clipboard

Provides JWT utilities for Dart including issuing a token, verifing a token and parsing a token.

Build Status

jaguar_jwt #

JWT utilities for Dart and Jaguar.dart

This library can be used to generate and process JSON Web Tokens (JWT). For more information about JSON Web Tokens, see RFC 7519.

Currently, only the HMAC SHA-256 algorithm is supported to generate/process a JSON Web Signature (JWS).

Usage #

Issuing a JWT #

  final key = 's3cr3t';
  final claimSet = JwtClaim(
      subject: 'kleak',
      issuer: 'teja',
      audience: <String>['audience1.example.com', 'audience2.example.com'],
      otherClaims: <String,dynamic>{
        'typ': 'authnresponse',
        'pld': {'k': 'v'}},
      maxAge: const Duration(minutes: 5));

  String token = issueJwtHS256(claimSet, key);
  print(token);

Processing a JWT #

To process a JWT:

  1. Verify the signature and extract the claim set.
  2. Validate the claim set.
  3. Extract claims from the claim set.
  try {
    final JwtClaim decClaimSet = verifyJwtHS256Signature(token, key);
    // print(decClaimSet);

    decClaimSet.validate(issuer: 'teja', audience: 'audience1.example.com');

    if (claimSet.jwtId != null) {
       print(claimSet.jwtId);
    }
    if (claimSet.containsKey('typ')) {
      final v = claimSet['typ'];
      if (v is String) {
         print(v);
      } else {
        ...
      }
    }

    ...
  } on JwtException {
    ...
  }

Configuration #

JwtClaimSet #

JwtClaimSet is the model to holds JWT claim set information.

These are the registered claims:

  1. issuer
    Authority issuing the token. This will be used during authorization to verify that expected issuer has issued the token. Fills the iss field of the JWT.
  2. subject
    Subject of the token. Usually stores the user ID of the user to which the token is issued. Fills the sub field of the JWT.
  3. audience
    List of audience that accept this token. This will be used during authorization to verify that JWT has expected audience for the service. Fills aud field in JWT.
  4. expiry
    Time when the token becomes no longer acceptable for process. Fills exp field in JWT.
  5. notBefore
    Time when the token becomes acceptable for processing. Fills the nbf field in the JWT.
  6. issuedAt
    Time when the token was issued. Fills the iat field in the JWT.
  7. jwtId
    Unique identifier across services that identifies the token. Fills jti field in JWT.

Additional claims may also be included in the JWT.

75
likes
140
points
17.8k
downloads

Publisher

unverified uploader

Weekly Downloads

Provides JWT utilities for Dart including issuing a token, verifing a token and parsing a token.

Repository (GitHub)
View/report issues

Documentation

API reference

License

BSD-3-Clause (license)

Dependencies

auth_header, crypto

More

Packages that depend on jaguar_jwt