JSON::JWT

JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby

Installation

gem install json-jwt

Resources

Examples

require 'json/jwt'

private_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAyBKIFSH8dP6bDkGBziB6RXTTfZVTaaNSWNtIzDmgRFi6FbLo
 :
-----END RSA PRIVATE KEY-----
PEM

public_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBKIFSH8dP6bDkGBziB6
 :
-----END PUBLIC KEY-----
PEM

# Sign & Encode
claim = {
  iss: 'nov',
  exp: 1.week.from_now,
  nbf: Time.now
}
jws = JSON::JWT.new(claim).sign(private_key, :RS256)
jws.to_s

# Decode & Verify
input = "jwt_header.jwt_claims.jwt_signature"
JSON::JWT.decode(input, public_key)

If you need to get a JWK from jwks_uri of OpenID Connect IdP, you can use JSON::JWK::Set::Fetcher to fetch (& optionally cache) it.

# JWK Set Fetching & Caching
# NOTE: Optionally by setting cache instance, JWKs are cached by kid.
JSON::JWK::Set::Fetcher.cache = Rails.cache

JSON::JWK::Set::Fetcher.fetch(jwks_uri, kid: kid)
# => returns JSON::JWK instance or raise JSON::JWK::Set::KidNotFound

For more details, read Documentation Wiki.

Note on Patches/Pull Requests

  • Fork the project.
  • Make your feature addition or bug fix.
  • Add tests for it. This is important so I don't break it in a future version unintentionally.
  • Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
  • Send me a pull request. Bonus points for topic branches.

Copyright (c) 2011 nov matake. See LICENSE for details.