jaguar_jwt library

JWT support for Jaguar.dart web server

This library can be used to generate and process JSON Web Tokens (JWT). For more information about JSON Web Tokens, see RFC 7519.

Currently, only the HMAC SHA-256 algorithm is supported to generate/process a JSON Web Signature (JWS).

To generate a JWT, create a JwtClaim and use issueJwtHS256:

final claimSet = new JwtClaim(
     issuer: '',
     subject: 'BD4A3FC4-9861-4171-8640-20C3004BD059',
     audience: <String>['', ''],
     jwtId: _randomString(32),
     otherClaims: <String, Object>{
       'typ': 'authnresponse',
       'pld': {'k': 'v'}
     maxAge: const Duration(minutes: 5));

// Generate a JWT from the claim set

final token = issueJwtHS256(claimSet, sharedSecret);

To process a JWT, use verifyJwtHS256Signature to verify its signature and to extract a claim set from it, then verify the claim set using the JwtClaim.validate method before using the claims from it.

const _expectedIssuer = '';
const _thisClient = '';

try {
  final claimSet = verifyJwtHS256Signature(token, sharedSecret);

  claimSet.validate(issuer: _expectedIssuer,  audience: _thisClient);

  final tokenIdentifier = claimSet.jwtId;
  final claimSubject = claimSet.subject;
  if (claimSet.containsKey('typ')) {
    final typValue = claimSet['typ'];
} on JwtException {


Implements "Base64url Encoding" as defined RFC 7515. [...]
An immutable set of claims for a Java Web Token (JWT). [...]


defaultJWTHeaderCheck(Map<Object, Object> h) → bool
Default JOSE Header checker. [...]
issueJwtHS256(JwtClaim claimSet, String hmacKey) → String
Issues a HMAC SHA-256 signed JWT. [...]
verifyJwtHS256Signature(String token, String hmacKey, { JOSEHeaderCheck headerCheck: defaultJWTHeaderCheck, bool defaultIatExp: true, Duration maxAge: JwtClaim.defaultMaxAge }) JwtClaim
Verifies the signature and extracts the claim set from a JWT. [...]


JOSEHeaderCheck(Map<Object, Object> joseHeader) → bool
Header checking function type used by verifyJwtHS256Signature.

Exceptions / Errors

JWT exception thrown when an invalid token is encountered while parsing JWT token.