JWT object methods

verifySignature(token, algorithm, key)

Checks the JWT's integrity by comparing the token's signature with the locally calculated hash. The method also checks the "expiry date" (exp), "issued at" (iat) and "not before" (nbf) fields found in the payload part of the token, and compares them with the calculated hash. This can be used to limit the tokens' lifetime.

Parameters

• token: The JWT to be verified.
• algorithm: Algorithm used to sign and verify the JWT. Supported are: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES256k, ES384, ES512.
• key: The shared secret that was used to sign the JWT (for HS256, HS384, HS512), or the public key corresponding to the private key that was used to sign the JWT (for RS256, RS384, RS512, ES256, ES256k, ES384, ES512). The key format of the private key can be either PEM or JWK.

Example

local jwtHandler = nevis.util.jwt.new()
local verified = jwtHandler:verifySignature(token, "hs512", secret)
if not verified then
 resp:setBody("Blocking request: Invalid JWT")
 resp:send(403)
end

getHeaderClaims(token)

Decodes the JWT and returns with the header claims as string.

Example

local jwtHandler = nevis.util.jwt.new()
local headerClaims = jwtHandler:getHeaderClaims(token)
for key, value in string.gmatch(headerClaims, "(%w+)=(%w+)") do
 req:setHeader(key, value)
end

getPayloadClaims(token)

Decodes the JWT and returns with the payload claims as string.

Example

local jwtHandler = nevis.util.jwt.new()
local payloadClaims = jwtHandler:getPayloadClaims(token)
for key, value in string.gmatch(payloadClaims, "(%w+)=(%w+)") do
 req:setHeader(key, value)
end