sign function
Signs payload with secret and returns a compact JWT string.
payload may be a JwtPayload or a raw Map<String, dynamic>.
alg defaults to 'HS256'; supported values: HS256, HS384, HS512.
// Positional
final token = await sign(payload, secret);
// With explicit algorithm
final token = await sign(payload, secret, alg: 'HS512');
Implementation
Future<String> sign(
dynamic payload,
String secret, {
String alg = 'HS256',
}) async {
final Map<String, dynamic> claims = switch (payload) {
JwtPayload p => p.toMap(),
Map<String, dynamic> m => m,
_ => throw ArgumentError(
'payload must be a JwtPayload or Map<String, dynamic>'),
};
final hmac = _hmacFor(alg, utf8.encode(secret));
if (hmac == null) throw ArgumentError('Unsupported algorithm: $alg');
final header = _b64url(utf8.encode(jsonEncode({'alg': alg, 'typ': 'JWT'})));
final body = _b64url(utf8.encode(jsonEncode(claims)));
final sig = _b64url(hmac.convert(utf8.encode('$header.$body')).bytes);
return '$header.$body.$sig';
}