@haxall/haxall
    Preparing search index...

    Class Jwt

    Models a JSON Web Token (JWT) as specified by RFC7519

    A JWT includes three sections:

    1. Javascript Object Signing and Encryption (JOSE) Header
    2. Claims
    3. Signature

    11111111111.22222222222.33333333333

    These sections are encoded as base64url strings and are separated by dot (.) characters.

    The (alg) parameter must be set to a supported JWS algorithm.

    The following JWS algorithms are supported:

    • HS256 - HMAC using SHA-256
    • HS384 - HMAC using SHA-384
    • HS512 - HMAC using SHA-512
    • RS256 - RSASSA-PKCS1-v1_5 using SHA-256
    • RS384 - RSASSA-PKCS1-v1_5 using SHA-384
    • RS512 - RSASSA-PKCS1-v1_5 using SHA-512
    • ES256 - ECDSA using P-256 and SHA-256
    • ES384 - ECDSA using P-256 and SHA-384
    • ES512 - ECDSA using P-256 and SHA-512
    • none - No digital signature or MAC performed

    Hierarchy (View Summary)

    Index

    Constructors

    constructor

    Properties

    type$

    Methods

    __alg __aud __claims __exp __header __iat __iss __jti __kid __nbf __sub alg aud claims compare encode equals exp hash header iat isImmutable iss jti kid nbf sub toImmutable toStr trap typeof verifyClaim with decode echo make

    Constructors

    Properties

    type$: Type

    Methods

    __alg

    • __alg(it: string): void

      Parameters

      • it: string

      Returns void

    __aud

    • __aud(it: JsObj): void

      Parameters

      Returns void

    __claims

    • __claims(it: Map<string, JsObj>): void

      Parameters

      Returns void

    __exp

    • __exp(it: DateTime): void

      Parameters

      Returns void

    __header

    • __header(it: Map<string, JsObj>): void

      Parameters

      Returns void

    __iat

    • __iat(it: DateTime): void

      Parameters

      Returns void

    __iss

    • __iss(it: string): void

      Parameters

      • it: string

      Returns void

    __jti

    • __jti(it: string): void

      Parameters

      • it: string

      Returns void

    __kid

    • __kid(it: string): void

      Parameters

      • it: string

      Returns void

    __nbf

    • __nbf(it: DateTime): void

      Parameters

      Returns void

    __sub

    • __sub(it: string): void

      Parameters

      • it: string

      Returns void

    • Algorithm header

      Returns string

    • Audience claim for this token (Str or Str[])

      If value is a Str it will converted to a Str[] of size 1

      Returns JsObj

    • JWT Claims

      Returns Map<string, JsObj>

    • Return a negative integer, zero, or a positive integer if this object is less than, equal to, or greater than the specified object:

      this < that   =>  <0
      this == that  =>  0
      this > that   =>  >0

      This method may also be accessed via the < <= <=> >= and > shortcut operators. If not overridden the default implementation compares the toStr representations. Also see docLang.

      Examples:

      3.compare(8)  =>  -1
      8.compare(3)  =>  1
      8.compare(8)  =>  0
      3 <=> 8       =>  -1  // shortcut for 3.compare(8)

      Parameters

      Returns number

    • Provide a Key (PrivKey or SymKey) to sign and return the base64 encoded Jwt

      Null key will return an unsigned base64 encoded JWT

      The alg field must be set to a supported JWS algorithm

      The following JWS Algorithms are supported:

      • HS256 - HMAC using SHA-256
      • HS384 - HMAC using SHA-384
      • HS512 - HMAC using SHA-512
      • RS256 - RSASSA-PKCS1-v1_5 using SHA-256
      • RS384 - RSASSA-PKCS1-v1_5 using SHA-384
      • RS512 - RSASSA-PKCS1-v1_5 using SHA-512
      • ES256 - ECDSA using P-256 and SHA-256
      • ES384 - ECDSA using P-256 and SHA-384
      • ES512 - ECDSA using P-256 and SHA-512
      • none - No digital signature or MAC performed
      pair   := Crypto.cur.genKeyPair("RSA", 2048)
      priv   := pair.priv

      jwtStr := Jwt {
                   it.alg    = "RS256"
                   it.claims = ["myClaim": "ClaimValue"]
                   it.exp    = DateTime.nowUtc + 10min
                   it.iss    = "https://fantom.accounts.dev"
                }.encode(priv)

      Parameters

      Returns string

    • Compare this object to the specified for equality. This method may be accessed via the == and != shortcut operators. If not overridden the default implementation compares for reference equality using the === operator. If this method is overridden, then hash() must also be overridden such that any two objects which return true for equals() must return the same value for hash(). This method must accept null and return false.

      Parameters

      Returns boolean

    • Expiration claim for this token

      When encoded, the value will be converted to TimeZone.utc, the epoch const will be subtracted from this value and it will be converted to seconds

      When decoded, the value will be converted to TimeZone.utc

      Returns DateTime

    • Return a unique hashcode for this object. If a class overrides hash() then it must ensure if equals() returns true for any two objects then they have same hash code.

      Returns number

    • JOSE Header

      Returns Map<string, JsObj>

    • Issued at claim for this token

      When encoded, the value will be converted to TimeZone.utc, the epoch const will be subtracted from this value and it will be converted to seconds

      When decoded, the value will be converted to TimeZone.utc

      Returns DateTime

    • Return if this Obj is immutable and safe to share between threads:

      • an instance of a const class
      • the result of toImmutable on List, Map, or Buf
      • a Func object may or may not be immutable - see sys::Func.
      • other instances are assumed mutable and return false

      Returns boolean

    • Issuer claim for this token

      Returns string

    • JWT ID claim for this token

      Returns string

    • Key ID header

      When encoding this value will take precedent if the kid parameter is also set in the JOSE header

      Returns string

    • Not before claim for this token

      When encoded, the value will be converted to TimeZone.utc, the epoch const will be subtracted from this value and it will be converted to seconds

      When decoded, the value will be converted to TimeZone.utc

      Returns DateTime

    • Subject claim for this token

      Returns string

    • Get an immutable representation of this instance or throw NotImmutableErr if this object cannot be represented as an immutable:

      • if type is const, return this
      • if already an immutable List, Map, Buf, or Func return this
      • if a List, then attempt to perform a deep clone by calling toImmutable on all items
      • if a Map, then attempt to perform a deep clone by calling toImmutable on all values (keys are already immutable)
      • some Funcs can be made immutable - see sys::Func
      • if a Buf create immutable copy, see sys::Buf
      • any other object throws NotImmutableErr

      Returns Readonly<this>

    • Return a string representation of this object.

      Returns string

    • Trap a dynamic call for handling. Dynamic calls are invoked with the -> shortcut operator:

      a->x        a.trap("x", null)
      a->x()      a.trap("x", null)
      a->x = b    a.trap("x", [b])
      a->x(b)     a.trap("x", [b])
      a->x(b, c)  a.trap("x", [b, c])

      The default implementation provided by Obj attempts to use reflection. If name maps to a method, it is invoked with the specified arguments. If name maps to a field and args.size is zero, get the field. If name maps to a field and args.size is one, set the field and return args[0]. Otherwise throw UnknownSlotErr.

      Parameters

      Returns JsObj

    • Get the Type instance which represents this object's class. Also seeType.of or Pod.of.

      Returns Type

    • Convenience function to check the value of a claim

      If value of JWT claim is a List, this function checks that the expectedValue is contained in the List.

      If expectedValue is null, just checks if the claim exists

      Throws Err if claim does not exist or expectedValue does not match (or is not contained in the List)

      jwt := Jwt.decode("1111.2222.3333", pubKey)
                .verifyClaim("iss", "https://fantom.accounts.dev")

      Parameters

      • claim: string
      • OptionalexpectedValue: JsObj

      Returns this

    • This method called whenever an it-block is applied to an object. The default implementation calls the function with this, and then returns this.

      Parameters

      • f: (arg0: this) => void

      Returns this

    • Decode a Jwt from an encoded Str

      The key parameter supports these types to verify the signature:

      is missing or no matching kid is found in the list

      If the exp and/or nbf claims exist, those will be verified

      jwk :=  [
                "kty": "EC",
                "use": "sig",
                "crv": "P-256",
                "kid": "abcd",
                "x": "I59TOAdnJ7uPgPOdIxj-BhWSQBXKS3lsRZJwj5eIYAo",
                "y": "8FJEvVIZDjVBnrBJPRUCwtgS86rHoFl1kBfbjX9rOng",
                "alg": "ES256",
              ]

      ecJwk := Crypto.cur.loadJwk(jwk)

      jwt   := Jwt.decode("1111.2222.3333", ecJwk.key)

      jwks := Crypto.cur.loadJwksForUri(`https://example.com/jwks.json`)

      jwt2  := Jwt.decodeJwks("4444.5555.6666", jwks)

      Parameters

      • encoded: string
      • key: JsObj
      • OptionalclockDrift: Duration
      • ...args: unknown[]

      Returns Jwt

    • Write x.toStr to standard output followed by newline. If x is null then print "null". If no argument is provided then print an empty line.

      Parameters

      Returns void

    • It-block constructor

      Parameters

      • f: (arg0: Jwt) => void
      • ...args: unknown[]

      Returns Jwt

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Methods