Library to handle JSON Web Tokens used in server-side OAuth authentication. Currently this component allows generating and decoding tokens, which are needed to connect to existing REST services that require JWT for authentication. It supports tokens signed symmetrically (using HS256, HS384, HS512) and also asymmetrically (using RS256, RS384, RS512).

Note:

Follow your API's documentation on how to enable and authenticate using JWT. For public REST services an asymmetric key probably is needed and each service may require further claims besides the mandatory ones.

------------------------------------------------------------------------------

Currently, this component doesn’t support the following algorithms: ES256, ES384 and ES512 

------------------------------------------------------------------------------

Features list:

Generate a JSON Web Token (JWT)

Generate a token using a plain secret key as signature (symmetric).

Generate a token using a private key  (PEM file) as signature (asymmetric).

Generate a token using a JSON Web Key (JSON object) as signature.

Generate an unsigned token.

Read a JSON Web Token (JWT)

Read a token generated using the plain secret key.

Read a token generated using the public key (of generated PEM file).

Read a token generated using a public key (Json Web Key).

Get a JSON Web Key (JWK, public key) from a JSON Web Key Sets (JWKS)

Helper action to obtain the JWK from a JWKS.

On the roadmap

• Suport for ES256, ES384 and ES512 
• Custom fields in header
• Support for binary keys
• Nested claims
• multiple audiences