https://github.com/benzinga/jwt
https://github.com/benzinga/jwt
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/benzinga/jwt
- Owner: Benzinga
- Created: 2020-04-16T19:22:44.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2025-06-18T15:33:43.000Z (12 months ago)
- Last Synced: 2025-06-28T04:05:04.194Z (12 months ago)
- Size: 7.81 KB
- Stars: 1
- Watchers: 4
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# jwt
**Usage:**
Should be included in HTTP Requests in the `Authorization` header field, or as a query parameter depending on the API documentation for a given endpoint.
For JWT, we recommend using RS256. You may generate a sample JWT using https://jwt.io/. You need to send us public/private key depending upon which algorithm you are using. We will add that public/private key on our side, so it will verify signature generated. Also, you need to send us the value of iss (issuer) value of payload.
Note: Prepend Bearer to your actual jwt when you authorize here to test.
```
Authorization: Bearer
```
**Required Fields:**
Header:
- `alg` (algorithm): Must be string signaling signing algorithm, should be `RS256`
- `typ` (type): Must be `JWT`
- `kid`(key id): Must be unique signing key identifier string
Payload:
- `iss`(issuer): Must be issuer domain such as `sub.domain.tld`
- `sub` (subject): Must be unique user id
- `nbf` (not before): Must be Unix timestamp seconds as `number` to indicate time before which token should not be accepted, typically should be set to creation timestamp.
- `exp` (expires): Must be Unix timestamp seconds as `number`, to indicate time after which token should not be accepted.
Required Fields Example:
```json
Header:
{
"alg": "RS256",
"typ": "JWT"
}
Payload:
{
"iss":"www.something.tld",
"kid":"8354bb43-e38c-4c0e-9f4a-b0efa32ef360",
"sub": "15e2f938-0a30-45d0-8fa8-7a23357f06e8",
"nbf": 1516239022,
"exp": 1686906796
}
```
## Helpful Links
- [https://auth0.com/blog/navigating-rs256-and-jwks/](https://auth0.com/blog/navigating-rs256-and-jwks/)
- [https://jwt.io/](https://jwt.io/)
- [https://stackoverflow.com/questions/39239051/rs256-vs-hs256-whats-the-difference](https://stackoverflow.com/questions/39239051/rs256-vs-hs256-whats-the-difference)