Lightweight implementation of JSON Web Tokens (JWT).

Usage

import 'package:corsac_jwt/corsac_jwt.dart';

void main() {
  var builder = new JWTBuilder();
  var token = builder
    ..issuer = 'https://api.foobar.com'
    ..expiresAt = new DateTime.now().add(new Duration(minutes: 3))
    ..setClaim('data', {'userId': 836})
    ..getToken(); // returns token without signature

  var signer = new JWTHmacSha256Signer('sharedSecret');
  var signedToken = builder.getSignedToken(signer);
  print(signedToken); // prints encoded JWT
  var stringToken = signedToken.toString();

  var decodedToken = new JWT.parse(stringToken);
  // Verify signature:
  print(decodedToken.verify(signer)); // true

  // Validate claims:
  var validator = new JWTValidator() // uses DateTime.now() by default
    ..issuer = 'https://api.foobar.com'; // set claims you wish to validate
  Set<String> errors = validator.validate(decodedToken);
  print(errors); // (empty list)
}

Supported signers:

  • HS256 (JwtHmacSha256Signer).
  • RS256 (JwtRsaSha256Signer)

Refer to documentation for more details.

License

BSD-2

Libraries

corsac_jwt
Lightweight JSON Web Token (JWT) implementation.