deftomat / justjwt Goto Github PK

View Code? Open in Web Editor NEW

10.0 2.0 5.0 30 KB

A JWT library for Dart.

Home Page: https://pub.dartlang.org/packages/just_jwt

License: Other

Dart 99.67% Shell 0.33%

jwt dart

justjwt's Introduction

JustJWT

A simple JWT library for Dart with support for custom signature algorithms.

Library already supports HS256 and RS256 algorithms.

Usage

A simple encoding example:

import 'dart:async';
import 'package:just_jwt/just_jwt.dart';

main() async {
  var signers = {
    'HS256': toTokenSigner(createHS256Signer('secret')),
    'RS256': toTokenSigner(createRS256Signer('<private key>')),
    // additional supported algorithms
  };
  
  // Creates JWT encoder which supports ONLY tokens with HS256 or RS256 alg.
  var encoder = new Encoder(composeTokenSigners(signers));
  
  var jwt = new Jwt.HS256({'some': 'value'});
  // or var jwt = new Jwt.RS256({'some': 'value'});
  
  // Encodes JWT
  var encodedJwt = await encoder.convert(jwt);
  print(encodedJwt);
}

A simple decoding example:

import 'package:just_jwt/just_jwt.dart';

main() async {
  var verifiers = {
    'HS256': toTokenVerifier(createHS256Verifier('secret')),
    'RS256': toTokenVerifier(createRS256Verifier('<public key>')),
    // additional supported algorithms
  };
  
  // Creates decoder which support ONLY tokens with HS256 or RS256 alg.
  // Unsupported algorithm will cause an UnsupportedVerificationAlgError.
  var decoder = new Decoder(composeTokenVerifiers(verifiers));
  
  var encodedJwt = new EncodedJwt('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoidmFsdWUifQ==.ZHaHisAt9O9fcGFAFanEvsRjlSqAELN7NdXvue-E1PQ=');
  
  var jwt = await decoder.convert(encodedJwt);
}

Functional approach

Each Verifier and Signer is a function.

As you can see in code example, there are a functions like toTokenSigner, toTokenVerifier, composeTokenVerifiers, etc. These functions provide a way how to compose a verifiers and signers.

Also, you can combine a multiple TokenVerifiers into one TokenVerifier with combineTokenVerifiers function:

  var algorithmVerifier = toTokenVerifier(createHS256Verifier('secret'));
  var expirationVerifier = (ToVerify toVerify) async =>  // check token expiration
  
  var verifier = combineTokenVerifiers([algorithmVerifier, expirationVerifier]);
  var decoder = new Decoder(verifier);

Custom algorithm

Algorithm name is always stored in JWT. Encoders/Decoders tries to find a Signer/Verifier by its name in signers/verifiers map.

To support custom algorithm, just implement a JWT interface and create your own Signer/Verifier.

justjwt's People

Contributors

Stargazers

Watchers

Forkers

techyrajeev shamblett mzaenalmkalbe lotrofans

justjwt's Issues

Conflicts in resolving dependencies

Running "flutter packages get" in TestProject...

Because every version of just_jwt depends on pointycastle ^0.10.0 and pointycastle >=0.10.0+2 <1.0.0-rc1 depends on reflectable ^1.0.1, every version of just_jwt requires reflectable ^1.0.1 or pointycastle >=0.10.0 <=0.10.0+1.
And because pointycastle <=0.10.0+1 depends on reflectable ^0.5.1, every version of just_jwt requires reflectable ^0.5.1 or ^1.0.1.
Because reflectable >=0.5.3 <1.0.1 depends on analyzer ^0.27.2 and reflectable >=0.5.1 <0.5.3 depends on analyzer 0.27.1, reflectable >=0.5.1 <1.0.1 requires analyzer 0.27.1 or ^0.27.2.
Thus, every version of just_jwt requires analyzer 0.27.1 or ^0.27.2 or reflectable ^1.0.1.
Because reflectable >=1.0.1 <1.0.4 depends on analyzer >=0.27.2 <0.30.0 and reflectable >=1.0.4 <=2.0.0-dev.1.0 depends on path >=1.2.0 <1.5.0, reflectable >=1.0.1 <=2.0.0-dev.1.0 requires analyzer >=0.27.2 <0.30.0 or path >=1.2.0 <1.5.0.
Thus, every version of just_jwt requires analyzer 0.27.1 or >=0.27.2 <0.30.0 or path >=1.2.0 <1.5.0.
And because every version of flutter_test from sdk depends on both analyzer 0.31.2-alpha.2 and path 1.5.1, flutter_test from sdk is incompatible with just_jwt.
So, because TestProject depends on both just_jwt ^1.3.1 and flutter_test any from sdk, version solving failed.

pub get failed (1)

just_jwt has a conflict with built_value

This is my pubspec.yaml.

dependencies:
  flutter_markdown: 0.1.5
  built_value: ^5.4.5
  shared_preferences: ^0.4.1
  just_jwt: ^1.3.1

  http: ^0.11.3+16

  flutter:
    sdk: flutter

  cupertino_icons: ^0.1.2

dev_dependencies:
  build_runner: ^0.7.9
  built_value_generator: ^5.5.1

This is the conflict information.

Because reflectable >=0.5.1 <0.5.3 depends on analyzer 0.27.1 and pointycastle <=0.10.0+1 depends on reflectable ^0.5.1, pointycastle <=0.10.0+1 requires analyzer 0.27.1 or reflectable ^0.5.3.
And because every version of just_jwt depends on pointycastle ^0.10.0 and pointycastle >=0.10.0+2 <1.0.0-rc1 depends on reflectable ^1.0.1, every version of just_jwt requires analyzer 0.27.1 or reflectable ^0.5.3 or ^1.0.1.
And because reflectable >=1.0.4 <=2.0.0-dev.1.0 depends on analyzer ^0.30.0 and reflectable >=1.0.1 <1.0.4 depends on analyzer >=0.27.2 <0.30.0, every version of just_jwt requires analyzer 0.27.1 or >=0.27.2 <0.30.0 or ^0.30.0 or reflectable ^0.5.3.
And because reflectable >=0.5.3 <1.0.1 depends on analyzer ^0.27.2 and built_value_generator >=5.5.1 depends on analyzer ^0.32.1, built_value_generator >=5.5.1 is incompatible with just_jwt.
So, because tornado_blog_flutter depends on both just_jwt ^1.3.1 and built_value_generator ^5.5.1, version solving failed.
pub get failed (1)

Upgrade to Dart 2.0

I have a package I need to upgrade to dart 2.0 that depends on this, is a Dart 2.0 upgrade in the works?

Hi,
I have been looking for a good JWT dart package, but haven't really found it. Yours is coming close.
I try to use firebase auth and that returns a JWT.
The formate is given here:
https://firebase.google.com/docs/auth/admin/verify-id-tokens

They are signed asymmetric and the public keys can be found here:
https://www.googleapis.com/robot/v1/metadata/x509/[email protected]

However, they are in the format with BEGIN CERTIFICATE instead of BEGIN PUBLIC KEY and probably the content is also a bit different. Can you build support for this or help me in the direction to support this, because I can find very little documentation on this.

rsa_pkcs and pointycastle version constraint

Hi,

This package can't be used because the version constraints in it.

Package pointycastle has no versions that match >=0.10.0+1 <0.11.0 derived from:

just_jwt 1.3.1 depends on version ^0.10.0
rsa_pkcs 0.1.2 depends on version >=0.10.0+1 <0.11.0

Cannot access private name _NullSecureRandom

Have this error trying to create rs256 verifier.

var verifiers = {
'RS256': toTokenVerifier(createRS256Verifier(publicKey)),
};

I fix it for me by making it public in rs256.dart file.

Also RS256 not working while this:

dependencies:
reflectable: '1.0.1'
transformers:

reflectable:
entry_points: web/main.dart # The path to your main file
formatted: true # Optional.

not in pubspec.yaml

deftomat / justjwt Goto Github PK

justjwt's Introduction

JustJWT

Usage

Functional approach

Custom algorithm

justjwt's People

Contributors

Stargazers

Watchers

Forkers

justjwt's Issues

Conflicts in resolving dependencies

just_jwt has a conflict with built_value

Upgrade to Dart 2.0

Support for certificates

rsa_pkcs and pointycastle version constraint

Cannot access private name _NullSecureRandom

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent