|Did you know ...||Search Documentation:|
|Pack jwt_io -- prolog/jwt_io.pl|
Generates and verifies Json Web Tokens.
The module requires libjwt to compile.
jwt_io:clock_tolerance: (default 60) number of seconds to tolerate differences between the encoding and decoding times.
jwt_io:audience: audience identifier for tokens - tokens that don't have this audience won't be decoded.
jwt_io:jti_generator: (default 'uuid') predicate for generating unique JTIs
jwt_io:blacklist_check: (default 'jwt_io:check_blacklist_default') predicate for checking JTIs against blacklisted JTIs.
jwt_io:blacklist_add: (default 'jwt_io:add_to_blacklist_default') predicate for adding to the list of blacklisted JTIs.
jwt_io:keys: list of keys to use. It consists of a list of dicts, consisting of:
kid: key id for identifying the key to use
type: type of the key, one of HMAC, RSA or ECDSA.
algorithm: algorithm to use, one of HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384 or ES512.
key: private key to use - string for HMAC, private key file for RSA and private PEM file for ECDSA.
public_key: public key to use - irrelevant for HMAC, public key file for RSA and public PEM file for ECDSA.
RSA keys can be generated by:
ssh-keygen -t rsa -b 4096 -f sample.key openssl rsa -in sample.key -pubout -outform PEM -out sample.key.pub
ECDSA keys can be generated by:
openssl ecparam -genkey -name secp256k1 -noout -out sample-private.pem openssl ec -in sample-private.pem -pubout -out sample-public.pem
audkey is added to the token.
iatkey is always added to the token.
isskey is added If it is defined in the
kidkey is added from
jtikey is added by making use of
jtiis checked in the blacklist defined by
jwt_id:blacklist_checksetting, and valid JWTs are added to blacklist defined by
expis present, decoding fails if the time is past
nbfis present, decoding fails if the time is before
iatis checked for validity.
The following options are recognized: