{"id":13796763,"url":"https://github.com/garyf/json_web_token","last_synced_at":"2025-05-13T00:31:04.618Z","repository":{"id":34669782,"uuid":"38642245","full_name":"garyf/json_web_token","owner":"garyf","description":"A Ruby implementation of the JSON Web Token (JWT) standard, RFC 7519","archived":false,"fork":false,"pushed_at":"2017-06-17T22:29:29.000Z","size":67,"stargazers_count":60,"open_issues_count":2,"forks_count":4,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-08-09T18:12:55.883Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/garyf.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-07-06T19:51:13.000Z","updated_at":"2021-07-20T03:21:07.000Z","dependencies_parsed_at":"2022-08-28T13:01:02.987Z","dependency_job_id":null,"html_url":"https://github.com/garyf/json_web_token","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garyf%2Fjson_web_token","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garyf%2Fjson_web_token/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garyf%2Fjson_web_token/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/garyf%2Fjson_web_token/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/garyf","download_url":"https://codeload.github.com/garyf/json_web_token/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225159878,"owners_count":17430203,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T23:01:14.834Z","updated_at":"2024-11-18T10:31:35.977Z","avatar_url":"https://github.com/garyf.png","language":"Ruby","readme":"# JSON Web Token [![travis][ci_img]][travis] [![yard docs][yd_img]][yard_docs] [![code climate][cc_img]][code_climate]\n\n## A JSON Web Token (JWT) implementation for Ruby\n\n### Description\nA Ruby implementation of the JSON Web Token standard [RFC 7519][rfc7519]\n\n## Installation\n    gem install json_web_token\n\n### Philosophy \u0026 Design Goals\n* Minimal API surface area\n* Clear separation and conformance to underlying standards\n  - JSON Web Signature (JWS) Standards Track [RFC 7515][rfc7515]\n  - JSON Web Algorithms (JWA) Standards Track [RFC 7518][rfc7518]\n* Thorough test coverage\n* Modularity for comprehension and extensibility\n* Fail fast and hard, with maximally strict validation\n  - Inspired by [The Harmful Consequences of Postel's Maxim][thomson-postel]\n* Implement only the REQUIRED elements of the JWT standard (initially)\n\n### Intended Audience\nToken authentication of API requests to Rails via these prominent gems:\n\n- [Devise][devise]\n- [Doorkeeper][doorkeeper]\n- [OAuth2][oauth2]\n\nSecure Cross-Origin Resource Sharing ([CORS][cors]) using the [rack-cors][rack-cors] gem\n\n### Support for JWT Registered Claims\n\nSupport for the standard registered claims documented\nin [RFC 7519][rfc7519] can be found in the companion gem [jwt_claims](https://github.com/garyf/jwt_claims).\n\n`jwt_claims` is a wrapper around `json_web_token` and provides support\nfor the full set of registered claims.\n\n[https://github.com/garyf/jwt_claims](https://github.com/garyf/jwt_claims)\n\n## Usage\n\n### JsonWebToken.sign(claims, options)\n\nReturns a JSON Web Token string\n\n`claims` (required) string or hash\n\n`options` (required) hash\n\n* **alg** (optional, default: `HS256`)\n* **key** (required unless alg is 'none')\n\nExample\n\n```ruby\nrequire 'json_web_token'\n\n# Sign with the default algorithm, HMAC SHA256\njwt = JsonWebToken.sign({foo: 'bar'}, key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C')\n#=\u003e \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIifQ.vpaYTGkypBmxDi3KZYcvpqLx9xqhRD-DSXONGrUbf5Q\"\n\n# Sign with RSA SHA256 algorithm\nopts = {\n  alg: 'RSA256',\n  key: \u003c RSA private key \u003e\n}\n\njwt = JsonWebToken.sign({foo: 'bar'}, opts)\n\n# Create an unsecured token (algorithm is 'none')\njwt = JsonWebToken.sign({foo: 'bar'}, alg: 'none')\n\n```\n\n### JsonWebToken.verify(jwt, options)\n\nReturns a hash:\n* \\{ok: \u003c JWT claims set \u003e\\}, if the Message Authentication Code (MAC), or signature, is verified\n* \\{error: 'invalid'\\}, otherwise\n\n`jwt` (required) is a JSON web token string\n\n`options` (required) hash\n\n* **alg** (optional, default: `HS256`)\n* **key** (required unless alg is 'none')\n\nExample\n\n```ruby\nrequire 'json_web_token'\n\njwt = JsonWebToken.sign({foo: 'bar'}, key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C')\n#=\u003e \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIifQ.vpaYTGkypBmxDi3KZYcvpqLx9xqhRD-DSXONGrUbf5Q\"\n\n# Verify with default algorithm, HMAC SHA256\n# Returns a hash of `{:ok, verified_claims}`\nJsonWebToken.verify(jwt, key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C')\n#=\u003e {:ok=\u003e{:foo=\u003e\"bar\"}}\n\n# verify with RSA SHA256 algorithm\nopts = {\n  alg: 'RSA256',\n  key: \u003c RSA public key \u003e\n}\n\n{ok: claims} = JsonWebToken.verify(jwt, opts)\n\n# Unsecured token (algorithm is 'none')\njwt = JsonWebToken.sign({foo: 'bar'}, alg: 'none')\n#=\u003e \"eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJmb28iOiJiYXIifQ.\"\n\nJsonWebToken.verify(jwt, alg: 'none')\n#=\u003e {:ok=\u003e{:foo=\u003e\"bar\"}}\n```\n\n### Supported encryption algorithms\n\nalg Param Value | Digital Signature or MAC Algorithm\n------|------\nHS256 | HMAC using SHA-256 per [RFC 2104][rfc2104]\nHS384 | HMAC using SHA-384\nHS512 | HMAC using SHA-512\nRS256 | RSASSA-PKCS-v1_5 using SHA-256 per [RFC3447][rfc3447]\nRS384 | RSASSA-PKCS-v1_5 using SHA-384\nRS512 | RSASSA-PKCS-v1_5 using SHA-512\nES256 | ECDSA using P-256 and SHA-256 per [DSS][dss]\nES384 | ECDSA using P-384 and SHA-384\nES512 | ECDSA using P-521 and SHA-512\nnone | No digital signature or MAC performed (unsecured)\n\n### Supported Ruby Versions\nRuby 2.2 and up\n\n### Limitations\nFuture implementation may include these features:\n\n- processing of OPTIONAL JWT registered claim names (e.g. 'exp')\n- representation of a JWT as a JSON Web Encryption (JWE) [RFC 7516][rfc7516]\n- OPTIONAL nested JWTs\n\n[rfc2104]: http://tools.ietf.org/html/rfc2104\n[rfc3447]: http://tools.ietf.org/html/rfc3447\n[rfc7515]: http://tools.ietf.org/html/rfc7515\n[rfc7516]: http://tools.ietf.org/html/rfc7516\n[rfc7518]: http://tools.ietf.org/html/rfc7518\n[rfc7519]: http://tools.ietf.org/html/rfc7519\n[dss]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf\n\n[thomson-postel]: https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00\n[cors]: http://www.w3.org/TR/cors/\n[devise]: https://github.com/plataformatec/devise\n[doorkeeper]: https://github.com/doorkeeper-gem/doorkeeper\n[oauth2]: https://github.com/intridea/oauth2\n[rack-cors]: https://github.com/cyu/rack-cors\n\n[travis]: https://travis-ci.org/garyf/json_web_token\n[ci_img]: https://travis-ci.org/garyf/json_web_token.svg?branch=master\n[yard_docs]: http://www.rubydoc.info/github/garyf/json_web_token\n[yd_img]: http://img.shields.io/badge/yard-docs-blue.svg\n[code_climate]: https://codeclimate.com/github/garyf/json_web_token\n[cc_img]: https://codeclimate.com/github/garyf/json_web_token/badges/gpa.svg\n","funding_links":[],"categories":["Libraries"],"sub_categories":["Ruby"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgaryf%2Fjson_web_token","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgaryf%2Fjson_web_token","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgaryf%2Fjson_web_token/lists"}