garyf / json_web_token Goto Github PK
View Code? Open in Web Editor NEWA Ruby implementation of the JSON Web Token (JWT) standard, RFC 7519
License: MIT License
A Ruby implementation of the JSON Web Token (JWT) standard, RFC 7519
License: MIT License
The following token, part of your example code in the README (in both this repository and in the jwt_claims
repo as well!), is invalid.
secure_jwt_example = 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt.cGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk'
Tested with json_web_token
gem:
[6] pry(main)> JsonWebToken.verify('eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt.cGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk', key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C')
=> {:error=>"invalid"}
Shows truncated payload output when tested in the https://jwt.io/ debugger and signature does not verify there.
Does this library support kid
header for JWS?
Thanks a ton for this awesome gem. I'm currently using it for the front-end of my application to authenticate with my API and it works great. I hate to open an issue for this as it's more of a question, but I thought you might could give some pointers.
According to https://jwt.io, JSON Web Tokens should be passed via the following header:
Authorization Bearer <token>
I'd like to use JSON Web Tokens for my client's API keys as well, but I'd need to be able to decode the token to see which client it is for, obviously.
If different secret keys are used for each client to encode the JSON Web Tokens, how am I supposed to know which secret key to use to decode the token? How do people normally handle this when using JSON Web Tokens for APIs?
I thought about using a single secret key for all requests, but that means if that key is ever compromised and I have to update it--ANYONE using my API has to come get a new web token.
I was checking out this gem ( I got here via https://jwt.io/ )and wondering why something like exp
claim support wasn't there. I took a chance and looked at your other repositories and discovered jwt_claims
.
I would recommend you link to jwt_claims
from your README, and maybe add a short description for why you chose to split the claims functionality into a separate gem.
https://github.com/garyf/jwt_claims
Cheers.
PS - I'm impressed with the nice clean code! Well done.
I get the following error message:
/Users/me/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/json_web_token-0.2.2/lib/json_web_token.rb:35: warning: already initialized constant JWT
/Users/me/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/jwt-1.5.6/lib/jwt/json.rb:4:
warning: previous definition of JWT was here
fatal: Needed a single revision
The app's source code can be found here: https://github.com/catarse/catarse
The RSA module defines a constant MESSAGE_BYTES_MAX
irrespective of the RSA modulus size.
The referenced RFC states that the maximum should be modulus - 11
octets, i.e., when I use a 4096 bit key I'd expect the maximum message size to be 501 octets. Or did I get that wrong?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.