Module : jwt
Module Overview
This module provides a inbound and outbound JWT authentication provider, which can be used to authenticate using a JWT and the functionality related to issuing a JWT and validating it.
Inbound JWT Auth Provider
The jwt:InboundJwtAuthProvider
is another implementation of the auth:InboundAuthProvider
interface, which authenticates by validating a JWT.
jwt:InboundJwtAuthProvider jwtAuthProvider = new({
issuer: "example",
audience: "ballerina",
certificateAlias: "ballerina",
trustStore: {
path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
password: "ballerina"
}
});
Outbound JWT Auth Provider
The jwt:OutboundJwtAuthProvider
is another implementation of the auth:OutboundAuthProvider
interface, which used to authenticate with external endpoint by generating a JWT.
jwt:OutboundJwtAuthProvider jwtAuthProvider = new({
issuer: "example",
audience: "ballerina",
keyAlias: "ballerina",
keyPassword: "ballerina",
keyStore: {
path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
password: "ballerina"
}
});
Sample for issuing a JWT
import ballerina/crypto;
import ballerina/time;
import ballerina/jwt;
public function main() {
crypto:KeyStore keyStore = { path: "${ballerina.home}/bre/security/ballerinaKeystore.p12", password: "ballerina" };
jwt:JWTIssuerConfig config = {
keyStore: keyStore,
keyAlias: "ballerina",
keyPassword: "ballerina"
};
jwt:JwtHeader header = {};
header.alg = jwt:RS256;
header.typ = "JWT";
jwt:JwtPayload payload = {};
payload.sub = "John";
payload.iss = "wso2";
payload.jti = "100078234ba23";
payload.aud = ["ballerina", "ballerinaSamples"];
payload.exp = time:currentTime().time/1000 + 600;
string|error jwt = jwt:issueJwt(header, payload, config);
}
Sample for validating a JWT
import ballerina/crypto;
import ballerina/jwt;
public function main() {
crypto:TrustStore trustStore = { path: "${ballerina.home}/bre/security/ballerinaTruststore.p12", password: "ballerina" };
jwt:JWTValidatorConfig config = {
issuer: "wso2",
certificateAlias: "ballerina",
audience: "ballerina",
clockSkew: 60,
trustStore: trustStore
};
jwt:JwtPayload|error result = jwt:validateJwt(jwtToken, config);
}
CachedJwt | Represents parsed and cached JWT. |
InferredJwtIssuerConfig | Represents authentication provider configurations that supports generating JWT for client interactions. |
JwtHeader | Represents a JWT header. |
JwtIssuerConfig | Represents JWT issuer configurations. |
JwtPayload | Represents a JWT payload. |
JwtValidatorConfig | Represents JWT validator configurations. |
InboundJwtAuthProvider | Represents inbound JWT auth provider. |
OutboundJwtAuthProvider | Represents outbound JWT authenticator. |
issueJwt | Issue a JWT token based on provided header and payload. JWT will be signed (JWS) if |
validateJwt | Validity given JWT string. |
RS256 | The |
RS384 | The |
RS512 | The |
NONE | Unsecured JWTs (no signing) |
JWT_ERROR_CODE | Constant for the auth error code. |
JwtSigningAlgorithm | The key algorithms supported by crypto module. |