JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby
gem install json-jwt
- View Source on GitHub (https://github.com/nov/json-jwt)
- Report Issues on GitHub (https://github.com/nov/json-jwt/issues)
- Documentation on GitHub (https://github.com/nov/json-jwt/wiki)
require 'json/jwt'
private_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAyBKIFSH8dP6bDkGBziB6RXTTfZVTaaNSWNtIzDmgRFi6FbLo
:
-----END RSA PRIVATE KEY-----
PEM
public_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBKIFSH8dP6bDkGBziB6
:
-----END PUBLIC KEY-----
PEM
# Sign & Encode
claim = {
iss: 'nov',
exp: 1.week.from_now,
nbf: Time.now
}
jws = JSON::JWT.new(claim).sign(private_key, :RS256)
jws.to_s
# Decode & Verify
input = "jwt_header.jwt_claims.jwt_signature"
JSON::JWT.decode(input, public_key)
If you need to get a JWK from jwks_uri
of OpenID Connect IdP, you can use JSON::JWK::Set::Fetcher
to fetch (& optionally cache) it.
# JWK Set Fetching & Caching
# NOTE: Optionally by setting cache instance, JWKs are cached by kid.
JSON::JWK::Set::Fetcher.cache = Rails.cache
JSON::JWK::Set::Fetcher.fetch(jwks_uri, kid: kid)
# => returns JSON::JWK instance or raise JSON::JWK::Set::KidNotFound
For more details, read Documentation Wiki.
- Fork the project.
- Make your feature addition or bug fix.
- Add tests for it. This is important so I don't break it in a future version unintentionally.
- Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
- Send me a pull request. Bonus points for topic branches.
Copyright (c) 2011 nov matake. See LICENSE for details.