Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kikuomax/spray-jwt
JWT related directives for spray.io
https://github.com/kikuomax/spray-jwt
Last synced: 2 months ago
JSON representation
JWT related directives for spray.io
- Host: GitHub
- URL: https://github.com/kikuomax/spray-jwt
- Owner: kikuomax
- License: mit
- Created: 2015-01-10T16:32:56.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2020-02-01T02:11:41.000Z (almost 5 years ago)
- Last Synced: 2024-10-04T19:30:01.185Z (3 months ago)
- Language: Scala
- Size: 39.1 KB
- Stars: 8
- Watchers: 4
- Forks: 9
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
*spray-jwt* is a set of utilities for [spray.io](http://spray.io), which perform signing and verification of a JSON Web Token (JWT).
**This project is no longer actively maintained.**
Please consider migrating to [Akka HTTP](https://doc.akka.io/docs/akka-http/current/introduction.html).
I found some JWT libraries for Akka HTTP.
- https://github.com/witi83/akka-jwt (a fork of this project)
- https://github.com/softwaremill/akka-http-sessionGetting Started
===============Add the following dependency to your `build.sbt`,
```
libraryDependencies += "com.github.kikuomax" %% "spray-jwt" % "0.0.4"
```Binaries for Scala 2.10.x and 2.11.x are provided.
If you are using [shapeless 2](https://github.com/milessabin/shapeless); i.e., `spray-routing-shapeless2`, please try the following,
```
libraryDependencies += "com.github.kikuomax" %% "spray-jwt-shapeless2" % "0.0.4"
```Example
=======The following example is derived from the example code in the documentation for the `authenticate` directive of [spray.io](http://spray.io).
```scala
import com.github.kikuomax.spray.jwt.JwtDirectives._
import com.github.kikuomax.spray.jwt.JwtClaimBuilder._
import com.github.kikuomax.spray.jwt.JwtClaimVerifier._
import com.github.kikuomax.spray.jwt.JwtSignature
import com.nimbusds.jose.JWSAlgorithm
import com.nimbusds.jwt.JWTClaimsSet
import scala.concurrent.{
ExecutionContext,
Future
}
import scala.concurrent.duration.DurationInt
import spray.routing.HttpService
import spray.routing.authentication.{
BasicAuth,
UserPass
}/** An example service. */
trait ExampleService extends HttpService {
// you can use Actor's dispatcher as the execution context
implicit val executionContext: ExecutionContext// imports implicit signing and verification functions in the scope
val signature = JwtSignature(JWSAlgorithm.HS256, "chiave segreta")
import signature._// an implicit claim set building function
implicit val claimBuilder: String => Option[JWTClaimsSet] =
claimSubject[String](identity) &&
claimIssuer("spray-jwt") &&
claimExpiration(30.minutes)// a user authentication function
def myUserPassAuthenticator(userPass: Option[UserPass]): Future[Option[String]] =
Future {
if (userPass.exists(up => up.user == "John" && up.pass == "p4ssw0rd"))
Some("John")
else
None
}val route =
path("authenticate") {
authenticate(BasicAuth(jwtAuthenticator(myUserPassAuthenticator _), "secure site")) { jws =>
complete(jws.serialize())
}
} ~
path("verify") {
// a privileging function
def privilegeUser(claim: JWTClaimsSet): Option[String] =
Option(claim.getSubject()) flatMap {
case user: String if user == "John" => Some(user)
case _ => None
}authorizeToken(verifyNotExpired && privilegeUser) { userName =>
complete(s"The user is $userName")
}
}
}
```You also can find an example application in the [example](/example) directory.
Please read the [README](/example/README.md) for the example.JWT Library
===========[Nimbus JOSE + JWT](http://connect2id.com/products/nimbus-jose-jwt) is used for generating and verifying JWTs.
Release Notes
=============0.0.4
------ The minimum length of a secret is **256 bits**; i.e., 32 bytes.
This is due to updating Nimbus JOSE + JWT `v3.5` → `v8.4` to address a [security vulnerability](https://github.com/kikuomax/spray-jwt/pull/5).0.0.3
------ The minimum resolution of `JwtClaimBuilder.claimExpiration` is one second.
0.0.2
------ `JwtDirectives.authenticateToken` can take a directive that extracts a token from an HTTP request.
- An example application is introduced.License
=======[MIT License](http://opensource.org/licenses/MIT)