Skip to main content
Version: 7.2405.x.x LTS

JWT object methods

MethodDescriptionSample
verifySignature(token, algorithm, key)Checks the JWT's integrity by comparing the token's signature with the locally calculated hash. This gives protection calculated hash. The method also checks the "expiry date" (exp), "issued at" (iat) and "not before" (nbf) fields found in the payload part of the token, and compares them with the calculated hash. This can be used to limit the tokens' lifetime.Parameters:*token: The JTW to be verified. algorithm: Algorithm used to sign and verify the JWT. Supported are: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES256k, ES384, ES512. key: The shared secret that was used to sign the JWT, or the public key corresponding to the private key that was used to sign the JWT.
local jwtHandler = nevis.util.jwt.new()
local verified = jwtHandler:verifySignature(token, "hs512", secret)
if not verified then
resp:setBody("Blocking request: Invalid JWT")
resp:send(403)
end
local jwtHandler = nevis.util.jwt.new()
local pkeyFile = io.open("./jwt_public_key.pem", "rb")
local publickey = pkeyFile:read("*all")
local verified = jwtHandler:verifySignature(token, "rs384", publickey)
if not verified then
resp:setBody("Blocking request: Invalid JWT")
resp:send(403)
end

getHeaderClaims(token)

Decodes the JWT and returns with the header claims as string.

local jwtHandler = nevis.util.jwt.new()
local headerClaims = jwtHandler:getHeaderClaims(token)
for key, value in string.gmatch(headerClaims, "(%w+)=(%w+)") do
req:setHeader(key, value)
end

getPayloadClaims(token)

Decodes the JWT and returns with the payload claims as string.

local jwtHandler = nevis.util.jwt.new()
local payloadClaims = jwtHandler:getPayloadClaims(token)
for key, value in string.gmatch(payloadClaims, "(%w+)=(%w+)") do
req:setHeader(key, value)
end