Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/inoles/kotjwt

Kotlin Multiplatform library for generating and verifying JWTs
https://github.com/inoles/kotjwt

api authentication cyrptography jwt jwt-authentication jwt-library jwt-token kotlin kotlin-library kotlin-multiplatform security token

Last synced: 7 days ago
JSON representation

Kotlin Multiplatform library for generating and verifying JWTs

Host: GitHub
URL: https://github.com/inoles/kotjwt
Owner: iNoles
License: apache-2.0
Created: 2025-01-11T05:13:27.000Z (25 days ago)
Default Branch: main
Last Pushed: 2025-01-28T00:53:39.000Z (8 days ago)
Last Synced: 2025-01-28T01:36:50.608Z (8 days ago)
Topics: api, authentication, cyrptography, jwt, jwt-authentication, jwt-library, jwt-token, kotlin, kotlin-library, kotlin-multiplatform, security, token
Language: Kotlin
Homepage:
Size: 173 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# KotJWT

KotJWT is a lightweight Kotlin Multiplatform library designed for encoding, decoding, and managing JSON Web Tokens (JWT) and refresh tokens. It supports a variety of cryptographic algorithms, including HMAC SHA-256, ECDSA, and RSA, while providing essential features like token expiration validation, blacklist management, and secure token handling.

## ✨ Features

- **JWT Support** – Encode and decode JWTs with HMAC SHA-256, ECDSA, and RSA signing.
- **Refresh Token Support** – Securely generate and validate refresh tokens.
- **Expiration Handling** – Automatically checks if a token is expired.
- **Token Blacklist** – Prevent the use of revoked tokens.
- **base64 URL-Safe Encoding** – Secure encoding and decoding for JWTs and refresh tokens.
- **Multiple Signing Algorithms** – Supports HMAC, ECDSA, and RSA for signing JWTs.
- **Kotlin Multiplatform Support** – Now available for JVM, iOS, macOS, and other platforms.

## 🚀 Usage

### Encoding a JWT

To encode a JWT, you need to create a `JwtPayload` and use the `encodeJwt` function:

```kotlin
import com.jonathansteele.kojwt.*

val payload = JwtPayload(
sub = "user123",
exp = System.currentTimeMillis() / 1000 + 3600 // Expire in 1 hour
)
val secret = "your-secret-key"

val jwt = encodeJwt(payload, secret)
println("Encoded JWT: $jwt")
```

### Decoding a JWT

To decode a JWT, use the `decodeJwt` function:

```kotlin
val decodedPayload = decodeJwt(jwt, secret)
println("Decoded Payload: $decodedPayload")
```

### Encoding a Refresh Token

You can encode a refresh token using the `encodeRefreshToken` function:

```kotlin
val refreshTokenPayload = RefreshTokenPayload(
sub = "user123",
exp = System.currentTimeMillis() / 1000 + 86400 // Expire in 24 hours
)
val refreshToken = encodeRefreshToken(refreshTokenPayload, secret)
println("Encoded Refresh Token: $refreshToken")
```

### Decoding a Refresh Token

To decode a refresh token, use the decodeRefreshToken function:

```kotlin
val decodedRefreshToken = decodeRefreshToken(refreshToken, secret)
println("Decoded Refresh Token: $decodedRefreshToken")
```

### Blacklisting Tokens

You can add tokens to the blacklist to prevent further use:

```kotlin
TokenBlacklist.revoke(jwt)
TokenBlacklist.revoke(refreshToken)
```

## 🛣 Roadmap

- Kotlin Multiplatform support for additional targets

## Contributions 🤝

This project is a work in progress, and contributions are welcome! Feel free to:

- Submit issues for bugs or feature suggestions
- Open pull requests to contribute directly