So certainly there are libraries for this as @Nalini points out.
Here is some Node.js sample code that may present some ideas you can use.
Warning: I have not run the code nor do I advocate that it replicates JWT,
but it's looks like something I would start with if I were to try to
implement it.
const crypto = require('crypto');
const header = { alg: 'HS256', typ: 'JWT' },
data = { a: 1 b: 2 },
secret = 'secret';
assert(isValidJwt(makeJwt(header, data, secret), secret));
function makeJwt (header, data, secret) {
const base64Header = objToBase64(header);
base64Data = objToBase64(data),
base64Signature = jwtSignature(base64Header, base64Data, secret);
return base64Header + '.' + base64Data + '.' base64Signature;
}
function isValidJwt (jwt, secret) {
const [base64Header, base64Data, base64Signature] = jwt.split('.');
return base64Signature === jwtSignature(base64Header, base64Data, secret
);
}
function jwtSignature (base64Header, base64Data, secret) {
return crypto
.createHmac('sha256', secret)
.update(base64Header + '.' + base64Data)
.digest('base64');
}
function objToBase64 (obj) {
return Buffer.from(JSON.stringify(obj), 'utf8').toString('base64');
}
--
Job board: http://jobs.nodejs.org/
New group rules:
https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/nodejs/4a30dd51-acaa-4a03-b554-be1f2d3014c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
