https://github.com/michelp/pgjwt

PostgreSQL implementation of JWT (JSON Web Tokens)
https://github.com/michelp/pgjwt

Last synced: about 1 month ago
JSON representation

PostgreSQL implementation of JWT (JSON Web Tokens)

• Host: GitHub
• URL: https://github.com/michelp/pgjwt
• Owner: michelp
• License: mit
• Created: 2016-04-24T21:11:12.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2023-03-02T19:32:23.000Z (almost 2 years ago)
• Last Synced: 2024-09-04T00:04:48.005Z (3 months ago)
• Language: PLpgSQL
• Homepage:
• Size: 28.3 KB
• Stars: 363
• Watchers: 23
• Forks: 60
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# pgjwt

PostgreSQL implementation of [JSON Web Tokens](https://jwt.io/)

## Dependencies

This code requires the pgcrypto extension, included in most

distribution's "postgresql-contrib" package.  The tests require the

pgtap extension to run.

## Install

You will require sudo privledges and the postgres development

libraries for your operating system in most cases.  For ubuntu on

postgres 9.5 for example, you can install them with:

    sudo apt-get install postgresql-server-dev-9.5

Clone the repository and then run:

    'make install'

This creates a new extension that can be installed with 'CREATE

EXTENSION pgjwt;'

To run the tests install pgtap and run 'pg_prove test/test.sql'.

Another approach is to use the docker based test runner, but running

'./test.sh'.  This will require you have docker installed.

## Usage

Create a token.  The first argument must be valid json, the second argument any text:

    => select sign('{"sub":"1234567890","name":"John Doe","admin":true}', 'secret');

                                                                            sign

    -------------------------------------------------------------------------------------------------------------------------------------------------------

     eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

Verify a token:

    => select * from verify('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', 'secret');

               header            |                       payload                       | valid

    -----------------------------+-----------------------------------------------------+-------

     {"alg":"HS256","typ":"JWT"} | {"sub":"1234567890","name":"John Doe","admin":true} | t

Algorithm

---------

sign() and verify() take an optional algorithm argument that can be

'HS256', 'HS384' or 'HS512'.  The default is 'HS256':

    => select sign('{"sub":"1234567890","name":"John Doe","admin":true}', 'secret', 'HS384'),

## TODO

* public/private keys when pgcrypto gets *_verify() functions

* SET ROLE and key lookup helper functions