Extension::JsonJWTSign Method
Syntax
Arguments
- json
Json to sign
- secret
Secret to hash against.
- options
Options to override how the hash is generated (can be alogrithm).
Description
Sign a javascript web token.
Example
dim token as c = extension::JSON::JWTSign(json_sanitize("{ fname : 'john' , lname : 'public'}"),"shhhh!") ? token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmbmFtZSI6ImpvaG4iLCJsbmFtZSI6InB1YmxpYyIsImlhdCI6MTQ3Nzc3OTA2M30.xwGMV_POhwEoj-mH1PsgscL-uqOfBMLnNsD2SsOtqXE"
Using The Options parameter
The third parameter will override the default alogrithm used to sign the key.
The Options can be passed as JSON as well
Supported Algorithm | Description |
---|---|
HS256 | HMAC using SHA-256 hash algorithm |
HS384 | HMAC using SHA-384 hash algorithm |
HS512 | HMAC using SHA-512 hash algorithm |
RS256 | RSASSA using SHA-256 hash algorithm |
RS384 | RSASSA using SHA-384 hash algorithm |
RS512 | RSASSA using SHA-512 hash algorithm |
ES256 | ECDSA using P-256 curve and SHA-256 hash algorithm |
ES384 | ECDSA using P-384 curve and SHA-384 hash algorithm |
ES512 | ECDSA using P-521 curve and SHA-512 hash algorithm |
Example using options to use RSA hash
In this example, we generate the hash for using RS512 instead of the default HS256.
' declare a string (or read from a key file using file.to_string()) dim privateKey as c = <<%str% -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5 1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh 3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2 pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ 37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0= -----END RSA PRIVATE KEY----- %str% dim token as c = extension::JSON::JWTSign(json_sanitize("{ fname : 'john' , lname : 'public'}"),privateKey,"RS512") ? token = "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJmbmFtZSI6ImpvaG4iLCJsbmFtZSI6InB1YmxpYyIsImlhdCI6MTQ4MzczNjI4MH0.FbVyXf2k_Q779lWSNQKe6hCM2zNI9k6319jyb0IhrAS2yUI7pRyIHqQ_6Jd9rddOa5xHftKFncXBqp1DsIyw-wqWx8DNeB1jqCQp7BGMxPSUT7RZYIwhwzBcc_mP3wc09hVOtKz1TYk7gnsBuR5Ij3v_H288misTGeN4MEcboU8"
More Complex Options
If you need to do more than override the algorithm, options can hold settings stored as JSON.
In the following example, we will create a token that expires in 30 seconds.
dim options.algorithm as c = "HS512" dim options.expiresin as n = 30 dim optionsjson as c = json_generate(options) ? optionsjson = { "algorithm": "HS512", "expiresin": 30 } dim token as c = extension::JSON::JWTSign(json_sanitize("{ fname : 'john' , lname : 'public'}"),"shhhh!",optionsjson) ? token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJmbmFtZSI6ImpvaG4iLCJsbmFtZSI6InB1YmxpYyIsImlhdCI6MTQ4MzczNzcyMCwiZXhwIjoxNDgzNzM3NzUwfQ.1mhtUd6nYuYK1H3gviJHeg_5GWBZX1gFvD_2Fc_s0BueUFSc_WjRk5YqxZy9Wbg19uLmKPJqsJmQWt2xfx10Sg" ? extension::JSON::JWTVerify(token,"shhhh!","HS512") = {"fname":"john","lname":"public","iat":1483737720,"exp":1483737750} ' Wait for 30 seconds ' The token is no longer any good! ? extension::JSON::JWTVerify(token,"shhhh!","HS512") = ""
In a similiar example - we can create a token that isn't valid untill a specified time has passed.
dim options.algorithm as c = "HS512" dim options.notbefore as n = 30 dim optionsjson as c = json_generate(options) ? optionsjson = { "algorithm": "HS512", "notbefore": 30 } dim token as c = extension::JSON::JWTSign(json_sanitize("{ fname : 'john' , lname : 'public'}"),"shhhh!",optionsjson) ? token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJmbmFtZSI6ImpvaG4iLCJsbmFtZSI6InB1YmxpYyIsImlhdCI6MTQ4MzczODM1NywibmJmIjoxNDgzNzM4Mzg3fQ.nEZHZR_NtudTf6mn0P4OoFT4QtRLzSwBEJIMBmDLeXU98rM_fH0Tik5gWsw7wDOkiuytQ35hKi9RX-OJneHfEQ" ' Not yet ? extension::JSON::JWTVerify(token,"shhhh!","HS512") = "" ' Wait for 30 seconds ' Ok - now the token is valid! ? extension::JSON::JWTVerify(token,"shhhh!","HS512") = {"fname":"john","lname":"public","iat":1483738357,"nbf":1483738387}
You can specify both expiresin and notbefore for a token that will be valid only from 30 seconds after it was issued to 60 seconds after it was issued.
dim options.algorithm as c = "HS512" dim options.expiresin as n = 60 dim options.notbefore as n = 30 dim optionsjson as c = json_generate(options) ? optionsjson = { "algorithm": "HS512", "notbefore": 30, "expiresin": 60 } dim token as c = extension::JSON::JWTSign(json_sanitize("{ fname : 'john' , lname : 'public'}"),"shhhh!",optionsjson) ? token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJmbmFtZSI6ImpvaG4iLCJsbmFtZSI6InB1YmxpYyIsImlhdCI6MTQ4MzczOTI0NSwibmJmIjoxNDgzNzM5Mjc1LCJleHAiOjE0ODM3MzkzMDV9.1HWFTyzF4KUXhBcLACroca1-1rowKiVL9XZJAweMJon6sOJaHA3mXGU0oHtXTycZylbSV1TvS5F8nNJjSCOeXw" ' Not ready yet ? extension::JSON::JWTVerify(token,"shhhh!","HS512") = "" ' Wait for 30 seconds ? extension::JSON::JWTVerify(token,"shhhh!","HS512") = {"fname":"john","lname":"public","iat":1483739245,"nbf":1483739275,"exp":1483739305} ' Wait another 30 seconds for a grand totla of 60 seconds ? extension::JSON::JWTVerify(token,"shhhh!","HS512") = ""
Options that can be specified
Field | Description |
---|---|
algorithm | Specifies which algorithm to use when hashing , if ommitted, HS256 will be used. |
expiresin | Either a numeric - if expressed in seconds, or a string, if including scalar #(d-day,h-hour) - i.e. 8h is 8 hours, 2d is 2 days. |
notbefore | numeric of string (like expire) will control delayed access to a token (will be available in a day). |
audience | Identifies the recipients that the JWT is intended for. |
issuer | Identifies principal that issued the JWT. |
jwtid | Globally unique identifier of the token (if token is used between multiple issuers). |
subject | Identifies the subject of the JWT. |
notimestamp | Omit the 'iat' field from the packet. |
header | Custom fields. |