https://github.com/xmidt-org/cjwt
A c jwt implementation
https://github.com/xmidt-org/cjwt
Last synced: about 2 months ago
JSON representation
A c jwt implementation
- Host: GitHub
- URL: https://github.com/xmidt-org/cjwt
- Owner: xmidt-org
- Created: 2017-01-26T18:59:10.000Z (over 8 years ago)
- Default Branch: main
- Last Pushed: 2024-12-19T07:20:38.000Z (5 months ago)
- Last Synced: 2025-03-23T12:32:55.085Z (2 months ago)
- Language: C
- Homepage:
- Size: 346 KB
- Stars: 16
- Watchers: 24
- Forks: 21
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSES/Apache-2.0.txt
Awesome Lists containing this project
README
# cjwt
A C JWT Implementation
[](https://github.com/xmidt-org/cjwt/actions)
[](https://codecov.io/github/xmidt-org/cjwt)
[](https://scan.coverity.com/projects/xmidt-org-cjwt)
[](https://github.com/xmidt-org/cjwt/blob/main/LICENSES/Apache-2.0.txt)
[](CHANGELOG.md)
[](https://jwt.io/)
`cjwt` is a small JWT handler designed to allow consumers of JWTs of the JWS variant
the ability to securely and easily get claims and data from a JWT. This particular
JWT implementation uses [cJSON](https://github.com/DaveGamble/cJSON) and is designed
to support multiple different crypto libraries in the future.
## API
The API is meant to be fairly small & leverage what cJSON already provides nicely.
[Here are the details](https://github.com/xmidt-org/cjwt/blob/main/src/cjwt.h)
There are 3 function:
- `cjwt_decode()` that decodes successfully or fails with a more detailed reason
- `cjwt_destroy()` that destroys the `cjwt_t` object cleanly
- `cjwt_print()` that prints the `cjwt_t` object to a stream (generally for debugging)
Otherwise you get a simple C struct to work with in your code.
## Dependencies
- [cJSON](https://github.com/DaveGamble/cJSON)
- [openssl](https://github.com/openssl/openssl)
- [trower-base64](https://github.com/xmidt-org/trower-base64)
## Opinionated Default Secure
To help adopters not make costly security mistakes, cjwt tries to default to
secure wherever possible. If you **must** use an insecure feature there are
option flags that let you do so, but use them sparingly and with care.
# Examples:
- [HS](https://github.com/xmidt-org/cjwt/blob/main/examples/basic/hs_example.c)
- [RS / PS](https://github.com/xmidt-org/cjwt/blob/main/examples/basic/rs_example.c)
- [ES](https://github.com/xmidt-org/cjwt/blob/main/examples/basic/es_example.c)
## Inline
Using the decoder:
```c
#include
#include
#include
#include
int main( int argc, char *argv[] )
{
cjwt_t *jwt = NULL;
cjwt_code_t rv;
const char *hs_text =
/* header */
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."
/* payload */
"eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaGVsbG8i"
"OiJ3b3JsZCIsImJvYiI6WyJkb2ciLDEyM10sImNhdCI6eyJtb3VzZSI6eyJj"
"aGVlc2UiOiJsb3RzIn19LCJpYXQiOjE1MTYyMzkwMjJ9."
/* signature */
"mJYSucD6RRg6zdPcSKvb5-LKFDJzRvdKqTlqAvDBknU";
const char *hs_key = "hs256-secret";
rv = cjwt_decode( hs_text,
strlen(hs_text),
OPT_ALLOW_ONLY_HS_ALG,
(uint8_t*) hs_key,
strlen(hs_key), 0, 0, &jwt );
if( CJWTE_OK != rv ) {
printf( "There was an error processing the text: %d\n", rv );
return -1;
}
cjwt_print( stdout, jwt );
cjwt_destroy( jwt );
return 0;
}
```
Gives you this output:
```txt
=====================
header
---------------------
alg: HS256
payload
---------------------
iat: 1516239022
exp: NULL
nbf: NULL
iss: NULL
sub: 1234567890
jti: NULL
aud: NULL
private claims
---------------------
{
"name": "John Doe",
"hello": "world",
"bob": ["dog", 123],
"cat": {
"mouse": {
"cheese": "lots"
}
}
}
```
# Building and Testing Instructions
```
meson setup --warnlevel 3 --werror build
cd build
ninja all test coverage
firefox ./meson-logs/coveragereport/index.html
```