| title | index | category | type | source |
|---|---|---|---|---|
Working with JWT's |
4 |
did-jwt |
guide |
Use the createJWT() function
import { createJWT, SimpleSigner } from 'did-jwt'
const signer = SimpleSigner('PRIVATEKEY')
createJWT(
{aud: 'did:uport:2nQtiQG6Cgm1GYTBaaKAgr76uY7iSexUkqY', exp: 1485321133, name: 'Bob Smith'},
{issuer: 'did:uport:2nQtiQG6Cgm1GYTBaaKAgr76uY7iSexUkqX', signer}).then(jwt => {
console.log(jwt)
})createJWT(payload, options, header)| Name | Description | Required |
|---|---|---|
payload |
an object containing any claims you want to encode in the JWT including optional standard claims such as sub, aud and exp |
yes |
options.issuer |
The DID of the issuer of the JWT | yes |
options.signer |
A signing function (see SimpleSigner) | yes |
options.expiresIn |
How many seconds after signing should the JWT be valid (sets the exp claim) |
no |
header |
Object to inject custom headers, e.g. alg or cty |
no |
The createJWT() function returns a Promise.
A successfull call returns an object containing the following attributes:
| Name | Description |
|---|---|
jwt |
String containing a JSON Web Tokens (JWT) |
If there are any errors found during the signing process the promise is rejected with a clear error message.
Use the verifyJWT() function
import { verifyJWT } from 'did-jwt'
verifyJWT('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJpc3MiOiJkaWQ6dXBvcn....', {audience: 'Your DID'}).then({payload, doc, did, signer, jwt} => {
console.log(payload)
})verifyJWT(jwt, options)| Name | Description | Required |
|---|---|---|
jwt |
String containing a JSON Web Tokens (JWT) | yes |
options.auth |
Require signer to be listed in the authentication section of the DID document (for Authentication of a user with DID-AUTH) | |
options.audience |
The DID of the audience of the JWT | no |
options.callbackUrl |
The the URL receiving the JWT | no |
The verifyJWT() function returns a Promise.
A successfull call returns an object containing the following attributes:
| Name | Description |
|---|---|
payload |
An object containing the JSON parsed contents of the payload section of the JWT |
issuer |
The DID of the issuer of the JWT |
signer |
An object containing information about which key signed the JWT. This is useful if a DID document has multiple keys listed |
doc |
The DID Document of the issuer of the JWT |
jwt |
The original JWT passed in to the function |
If there are any errors found during the verification process the promise is rejected with a clear error message.
We provide a simple signing abstraction that makes it easy to add support for your own Key Management infrastructure.
For most people you can use our SimpleSigner() function to create a signer function using a hex encoded private key.
import { SimpleSigner } from 'did-jwt'
const signer = SimpleSigner('278a5de700e29faae8e40e366ec5012b5ec63d36ec77e8a2417154cc1d25383f')SimpleSigner(prdivateKey)| Name | Description | Required |
|---|---|---|
privateKey |
hex encoded secp256k1 privatekey | yes |
Note this is NOT a constructor, but a higher order function that returns a signing function.
You can easily create custom signers that integrates into your existing signing infrastructure. A signer function takes the raw data to be signed and returns a Promise containing the signature parameters.
function mySigner (data) {
return new Promise((resolve, reject) => {
const signature = /// sign it
resolve(signature)
})
}| Name | Description | Required |
|---|---|---|
data |
String or Buffer containing data to be signed | yes |
Your function must returns a Promise.
A successfull call returns an object containing the following attributes:
| Name | Description | Required |
|---|---|---|
r |
Hex encoded r value of secp256k1 signature |
yes |
s |
Hex encoded s value of secp256k1 signature |
yes |
recoveryParam |
Recovery parameter of signature (can be used to calculate signing public key) | only required for (ES256K-R) |