Coder Social home page Coder Social logo

justjwt's Introduction

JustJWT

Build Status

A simple JWT library for Dart with support for custom signature algorithms.

Library already supports HS256 and RS256 algorithms.

Usage

A simple encoding example:

import 'dart:async';
import 'package:just_jwt/just_jwt.dart';

main() async {
  var signers = {
    'HS256': toTokenSigner(createHS256Signer('secret')),
    'RS256': toTokenSigner(createRS256Signer('<private key>')),
    // additional supported algorithms
  };
  
  // Creates JWT encoder which supports ONLY tokens with HS256 or RS256 alg.
  var encoder = new Encoder(composeTokenSigners(signers));
  
  var jwt = new Jwt.HS256({'some': 'value'});
  // or var jwt = new Jwt.RS256({'some': 'value'});
  
  // Encodes JWT
  var encodedJwt = await encoder.convert(jwt);
  print(encodedJwt);
}

A simple decoding example:

import 'package:just_jwt/just_jwt.dart';

main() async {
  var verifiers = {
    'HS256': toTokenVerifier(createHS256Verifier('secret')),
    'RS256': toTokenVerifier(createRS256Verifier('<public key>')),
    // additional supported algorithms
  };
  
  // Creates decoder which support ONLY tokens with HS256 or RS256 alg.
  // Unsupported algorithm will cause an UnsupportedVerificationAlgError.
  var decoder = new Decoder(composeTokenVerifiers(verifiers));
  
  var encodedJwt = new EncodedJwt('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoidmFsdWUifQ==.ZHaHisAt9O9fcGFAFanEvsRjlSqAELN7NdXvue-E1PQ=');
  
  var jwt = await decoder.convert(encodedJwt);
}

Functional approach

Each Verifier and Signer is a function.

As you can see in code example, there are a functions like toTokenSigner, toTokenVerifier, composeTokenVerifiers, etc. These functions provide a way how to compose a verifiers and signers.

Also, you can combine a multiple TokenVerifiers into one TokenVerifier with combineTokenVerifiers function:

  var algorithmVerifier = toTokenVerifier(createHS256Verifier('secret'));
  var expirationVerifier = (ToVerify toVerify) async =>  // check token expiration
  
  var verifier = combineTokenVerifiers([algorithmVerifier, expirationVerifier]);
  var decoder = new Decoder(verifier);

Custom algorithm

Algorithm name is always stored in JWT. Encoders/Decoders tries to find a Signer/Verifier by its name in signers/verifiers map.

To support custom algorithm, just implement a JWT interface and create your own Signer/Verifier.

justjwt's People

Contributors

deftomat avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar

justjwt's Issues

Conflicts in resolving dependencies

Running "flutter packages get" in TestProject...

Because every version of just_jwt depends on pointycastle ^0.10.0 and pointycastle >=0.10.0+2 <1.0.0-rc1 depends on reflectable ^1.0.1, every version of just_jwt requires reflectable ^1.0.1 or pointycastle >=0.10.0 <=0.10.0+1.
And because pointycastle <=0.10.0+1 depends on reflectable ^0.5.1, every version of just_jwt requires reflectable ^0.5.1 or ^1.0.1.
Because reflectable >=0.5.3 <1.0.1 depends on analyzer ^0.27.2 and reflectable >=0.5.1 <0.5.3 depends on analyzer 0.27.1, reflectable >=0.5.1 <1.0.1 requires analyzer 0.27.1 or ^0.27.2.
Thus, every version of just_jwt requires analyzer 0.27.1 or ^0.27.2 or reflectable ^1.0.1.
Because reflectable >=1.0.1 <1.0.4 depends on analyzer >=0.27.2 <0.30.0 and reflectable >=1.0.4 <=2.0.0-dev.1.0 depends on path >=1.2.0 <1.5.0, reflectable >=1.0.1 <=2.0.0-dev.1.0 requires analyzer >=0.27.2 <0.30.0 or path >=1.2.0 <1.5.0.
Thus, every version of just_jwt requires analyzer 0.27.1 or >=0.27.2 <0.30.0 or path >=1.2.0 <1.5.0.
And because every version of flutter_test from sdk depends on both analyzer 0.31.2-alpha.2 and path 1.5.1, flutter_test from sdk is incompatible with just_jwt.
So, because TestProject depends on both just_jwt ^1.3.1 and flutter_test any from sdk, version solving failed.

pub get failed (1)

just_jwt has a conflict with built_value

This is my pubspec.yaml.

dependencies:
  flutter_markdown: 0.1.5
  built_value: ^5.4.5
  shared_preferences: ^0.4.1
  just_jwt: ^1.3.1

  http: ^0.11.3+16

  flutter:
    sdk: flutter

  cupertino_icons: ^0.1.2

dev_dependencies:
  build_runner: ^0.7.9
  built_value_generator: ^5.5.1

This is the conflict information.

Because reflectable >=0.5.1 <0.5.3 depends on analyzer 0.27.1 and pointycastle <=0.10.0+1 depends on reflectable ^0.5.1, pointycastle <=0.10.0+1 requires analyzer 0.27.1 or reflectable ^0.5.3.
And because every version of just_jwt depends on pointycastle ^0.10.0 and pointycastle >=0.10.0+2 <1.0.0-rc1 depends on reflectable ^1.0.1, every version of just_jwt requires analyzer 0.27.1 or reflectable ^0.5.3 or ^1.0.1.
And because reflectable >=1.0.4 <=2.0.0-dev.1.0 depends on analyzer ^0.30.0 and reflectable >=1.0.1 <1.0.4 depends on analyzer >=0.27.2 <0.30.0, every version of just_jwt requires analyzer 0.27.1 or >=0.27.2 <0.30.0 or ^0.30.0 or reflectable ^0.5.3.
And because reflectable >=0.5.3 <1.0.1 depends on analyzer ^0.27.2 and built_value_generator >=5.5.1 depends on analyzer ^0.32.1, built_value_generator >=5.5.1 is incompatible with just_jwt.
So, because tornado_blog_flutter depends on both just_jwt ^1.3.1 and built_value_generator ^5.5.1, version solving failed.
pub get failed (1)

Upgrade to Dart 2.0

I have a package I need to upgrade to dart 2.0 that depends on this, is a Dart 2.0 upgrade in the works?

Support for certificates

Hi,
I have been looking for a good JWT dart package, but haven't really found it. Yours is coming close.
I try to use firebase auth and that returns a JWT.
The formate is given here:
https://firebase.google.com/docs/auth/admin/verify-id-tokens

They are signed asymmetric and the public keys can be found here:
https://www.googleapis.com/robot/v1/metadata/x509/[email protected]

However, they are in the format with BEGIN CERTIFICATE instead of BEGIN PUBLIC KEY and probably the content is also a bit different. Can you build support for this or help me in the direction to support this, because I can find very little documentation on this.

rsa_pkcs and pointycastle version constraint

Hi,

This package can't be used because the version constraints in it.

Package pointycastle has no versions that match >=0.10.0+1 <0.11.0 derived from:

  • just_jwt 1.3.1 depends on version ^0.10.0
  • rsa_pkcs 0.1.2 depends on version >=0.10.0+1 <0.11.0

Cannot access private name _NullSecureRandom

Have this error trying to create rs256 verifier.

var verifiers = {
'RS256': toTokenVerifier(createRS256Verifier(publicKey)),
};

I fix it for me by making it public in rs256.dart file.

Also RS256 not working while this:

dependencies:
reflectable: '1.0.1'
transformers:

  • reflectable:
    entry_points: web/main.dart # The path to your main file
    formatted: true # Optional.

not in pubspec.yaml

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.