Safe bindings for the Node JWT module. Allows to sign, decode, and verify tokens.

spago install node-jwt

This library adheres to the JWT RFC, so in the below examples, headers is JOSE Header, and claims is, well, Claims.

To sign a project, you'll need to provide a secret key, some headers, and some claims. The sign function will return an Aff String.

sign
  (Secret "my-super-secret-key")
  defaultHeaders
  defaultClaims

By default, some values will be set for you: alg will be HS256, typ equals JWT, and the iat field will be set to the creation timestamp. You can override any for the above by providing the value explicitely.

You can also provide an unregistered claim, that will contain literally any encodable data:

sign
  (Secret "my-super-secret-key")
  defaultHeaders
  (defaultClaims { unregistered = unregisteredClaim "Foo" } )

If decode succeeds, it will return a Token Unverified you can read the headers and claims from it:

decodedHeaders :: String -> Maybe JOSEHeaders
decodedHeaders token = decode token >>= hush <<< headers

decodedClaims :: String -> Maybe Claims
decodedClaims token = decode token >>= hush <<< claims

If verify succeeds, it will return a Token Verified you can read the headers and claims from it:

verifiedHeaders :: String -> Maybe JOSEHeaders
verifiedHeaders token = verify (Secret "my-super-secret-key") token >>= hush <<< headers

verifiedClaims :: String -> Maybe Claims
verifiedClaims token = verify (Secret "my-super-secret-key") token >>= hush <<< claims

Module documentation is published on Pursuit.