{"id":27776335,"url":"https://github.com/aygp-dr/jwt-parsing-examples","last_synced_at":"2025-04-30T05:04:38.955Z","repository":{"id":290461389,"uuid":"974534069","full_name":"aygp-dr/jwt-parsing-examples","owner":"aygp-dr","description":"A cross-language exploration of JWT header parsing techniques across multiple programming paradigms","archived":false,"fork":false,"pushed_at":"2025-04-30T02:29:49.000Z","size":16640,"stargazers_count":0,"open_issues_count":9,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-30T05:04:27.289Z","etag":null,"topics":["clojure","examples","functional-programming","hy","javascript","jwt","lisp","parsing","python","racket","rust","scheme","shell","tutorial","typescript"],"latest_commit_sha":null,"homepage":null,"language":"TeX","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aygp-dr.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-28T23:41:03.000Z","updated_at":"2025-04-30T02:29:53.000Z","dependencies_parsed_at":"2025-04-29T00:39:25.020Z","dependency_job_id":"3aed67fe-b29e-4d9f-8d51-b71c2735c18d","html_url":"https://github.com/aygp-dr/jwt-parsing-examples","commit_stats":null,"previous_names":["aygp-dr/jwt-parsing-examples"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aygp-dr%2Fjwt-parsing-examples","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aygp-dr%2Fjwt-parsing-examples/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aygp-dr%2Fjwt-parsing-examples/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aygp-dr%2Fjwt-parsing-examples/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aygp-dr","download_url":"https://codeload.github.com/aygp-dr/jwt-parsing-examples/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251644841,"owners_count":21620632,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clojure","examples","functional-programming","hy","javascript","jwt","lisp","parsing","python","racket","rust","scheme","shell","tutorial","typescript"],"created_at":"2025-04-30T05:04:38.390Z","updated_at":"2025-04-30T05:04:38.948Z","avatar_url":"https://github.com/aygp-dr.png","language":"TeX","funding_links":[],"categories":[],"sub_categories":[],"readme":"#+TITLE: JWT Header Parsing Across Programming Paradigms\n#+AUTHOR: Aidan Pace\n#+EMAIL: apace@defrecord.com\n#+DATE: [2025-04-28]\n#+DESCRIPTION: A cross-language exploration of JWT header parsing techniques\n#+LANGUAGE: en\n#+OPTIONS: toc:3 num:t\n#+PROPERTY: header-args :exports both :eval never-export\n\n* JWT Parsing Examples\n:PROPERTIES:\n:CUSTOM_ID: jwt-parsing-examples\n:END:\n\nRepository of code examples demonstrating JWT header parsing across multiple programming languages and paradigms.\n\n** Overview\n:PROPERTIES:\n:CUSTOM_ID: overview\n:END:\n\nThis repository contains the code samples and presentation slides from my talk at SPLASH/StrangeLoop/PyConf/RacketCon/EuroLISP 2025. It explores different approaches to parsing JWT headers across programming paradigms, from imperative to functional languages, with a focus on security best practices and cross-language implementation patterns.\n\n** Repository Structure\n:PROPERTIES:\n:CUSTOM_ID: repository-structure\n:END:\n\n- =presentation.org=: Org-mode source for the presentation slides\n- =presentation.pdf=: PDF slides from the conference talk\n- Code examples in language-specific directories:\n - =js/=: JavaScript (browser and Node.js) examples\n - =ts/=: TypeScript example with type definitions\n - =python/=: Python implementation\n - =hy/=: Lisp-like Python (Hy) implementation\n - =clojure/=: Clojure implementation for the JVM\n - =racket/=: Racket implementation\n - =scheme/=: Guile Scheme implementation\n - =shell/=: Bash script using base64 and jq\n - =rust/=: Rust implementation with error handling\n\n** Installation\n:PROPERTIES:\n:CUSTOM_ID: installation\n:END:\n\nClone this repository:\n\n#+BEGIN_SRC shell\ngit clone https://github.com/aygp-dr/jwt-parsing-examples.git\ncd jwt-parsing-examples\n#+END_SRC\n\n** Language-Specific Setup\n:PROPERTIES:\n:CUSTOM_ID: language-specific-setup\n:END:\n\n*** JavaScript/Node.js\n#+BEGIN_SRC shell\ncd js\nnpm install\nnode browser-example.js\nnode node-example.js\n#+END_SRC\n\n*** TypeScript\n#+BEGIN_SRC shell\ncd ts\nnpm install\nnpm run build\nnpm start\n#+END_SRC\n\n*** Python\n#+BEGIN_SRC shell\ncd python\npip install -r requirements.txt\npython jwt_header.py\n#+END_SRC\n\n*** Hy\n#+BEGIN_SRC shell\ncd hy\npip install hy\nhy jwt_header.hy\n#+END_SRC\n\n*** Clojure\n#+BEGIN_SRC shell\ncd clojure\nlein deps\nlein run\n#+END_SRC\n\n*** Racket\n#+BEGIN_SRC shell\ncd racket\nraco pkg install --auto\nracket jwt-header.rkt\n#+END_SRC\n\n*** Guile Scheme\n#+BEGIN_SRC shell\ncd scheme\nguile jwt-header.scm\n#+END_SRC\n\n*** Shell\n#+BEGIN_SRC shell\ncd shell\nchmod +x jwt_header.sh\n./jwt_header.sh\n#+END_SRC\n\n*** Rust\n#+BEGIN_SRC shell\ncd rust\ncargo build\ncargo run\n#+END_SRC\n\n** JWT Structure\n:PROPERTIES:\n:CUSTOM_ID: jwt-structure\n:END:\n\nFor all examples, we're using this JWT token:\n\n#+BEGIN_SRC text\neyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U\n#+END_SRC\n\nWhich contains:\n- Header: ={\"alg\":\"HS256\",\"typ\":\"JWT\"}=\n- Payload: ={\"sub\":\"1234567890\"}=\n- Signature: [HMAC-SHA256 signature]\n\n** Common Challenges Addressed\n:PROPERTIES:\n:CUSTOM_ID: common-challenges\n:END:\n\n1. Base64url vs Base64 encoding differences\n2. Handling missing padding in base64url strings\n3. Extracting the header part from an Authorization header\n4. Idiomatic parsing in different language paradigms\n5. Error handling strategies\n\n** Performance Benchmarks\n:PROPERTIES:\n:CUSTOM_ID: performance-benchmarks\n:END:\n\nThe =benchmarks/= directory contains scripts to reproduce the performance measurements mentioned in the presentation.\n\n#+BEGIN_SRC org\n| Language | Parsing Time (μs) | Memory Usage (KB) |\n|------------+-------------------+-------------------|\n| Rust | 5.2 | 1.8 |\n| JavaScript | 24.7 | 12.3 |\n| Python | 30.1 | 15.7 |\n| Clojure | 45.8 | 28.4 |\n| Shell | 180.3 | 8.9 |\n#+END_SRC\n\n** Security Considerations\n:PROPERTIES:\n:CUSTOM_ID: security-considerations\n:END:\n\n- The examples in this repo demonstrate proper and secure JWT parsing techniques\n- For production use, always verify JWT signatures *before* parsing\n- Be aware of algorithm confusion attacks and \"none\" algorithm attacks\n- Never trust token contents before signature verification\n- Set appropriate token lifetimes and include essential claims (iss, sub, exp, aud, iat)\n- Use strong algorithms (prefer RS256/ES256 over HS256)\n- Consider token lifecycle management (revocation, refresh)\n- Use established JWT libraries with proper configuration where available\n\nFor comprehensive security guidance, see the =examples/parsing-validation/security_recommendations.md= file.\n\n** Contributing\n:PROPERTIES:\n:CUSTOM_ID: contributing\n:END:\n\nContributions are welcome! To add an example in another language:\n\n1. Create a directory for your language\n2. Implement the JWT header parsing example\n3. Add any necessary setup instructions to this README\n4. Submit a pull request\n\n** License\n:PROPERTIES:\n:CUSTOM_ID: license\n:END:\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n\n** Building and Presenting\n:PROPERTIES:\n:CUSTOM_ID: building-presenting\n:END:\n\nThis repository uses Org-mode and LaTeX for presentations. The included Makefile provides several commands to generate and view the presentation:\n\n#+BEGIN_SRC shell\n# Generate the presentation slides (PDF)\nmake slides\n\n# View the presentation with pdfpc (optimized for presentations)\nmake present\n\n# Extract code examples from org files\nmake examples\n\n# Build everything (slides and extract code)\nmake build\n#+END_SRC\n\nFor those reviewing the presentation, we recommend:\n1. Run =make slides= to generate the latest PDF\n2. Use =make present= for optimal presentation viewing with speaker notes\n3. Examine the language-specific examples in their respective directories\n\n** Contact\n:PROPERTIES:\n:CUSTOM_ID: contact\n:END:\n\n- Aidan Pace\n- Email: apace@defrecord.com\n- GitHub: @aygp-dr\n\n** References\n:PROPERTIES:\n:CUSTOM_ID: references\n:END:\n\n- [[https://tools.ietf.org/html/rfc7519][RFC 7519: JSON Web Token (JWT)]]\n- [[https://tools.ietf.org/html/rfc4648][RFC 4648: Base64 and Base64url Encoding]]\n- [[https://auth0.com/docs/tokens/json-web-tokens/json-web-token-structure][JWT Structure Explained]]\n- [[https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-bcp][JWT Security Best Practices (IETF)]]\n- [[https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html][OWASP JWT Security Cheat Sheet]]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faygp-dr%2Fjwt-parsing-examples","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faygp-dr%2Fjwt-parsing-examples","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faygp-dr%2Fjwt-parsing-examples/lists"}