A Ruby implementation of the JSON Web Token (JWT) registered claims, RFC 7519
gem install jwt_claims
Returns a hash, either:
- {:ok, claims}, a JWT claims set hash, if the JWT Message Authentication Code (MAC), or signature, is verified and the registered claims are also verified
- {:error, [rejected_claims]}, a list of any registered claims that fail validation, if the JWT MAC is verified
- {:error, 'invalid JWT'} if the JWT MAC is not verified
- {:error, 'invalid input'} otherwise
jwt (required) is a JSON web token string
options (required) hash
- alg (optional, default:
'HS256') - key (required unless alg is 'none')
Please refer to the JSON Web Token gem for additional guidance regarding JWT options
Example
# An example using the 'Expires' `exp` claim (10 years for this example).
> jwt = JsonWebToken.sign({foo: 'bar', exp: Time.now.to_i + 315360000}, key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C')
#=> "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIiLCJleHAiOjE3OTEyMjc1MTl9.7cT7PzsT8Jv0VQIxokjk3sUqzJCxBR4h3W2uACQ-tW0"
# Verify with default algorithm, HMAC SHA256
# Returns a hash of `{:ok, verified_claims}`
> JwtClaims.verify(jwt, key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C')
#=> {:ok=>{:foo=>"bar", :exp=>1475870843}}| JWT claim | key | a valid claim value must |
|---|---|---|
| Issuer | :iss | equal options[:iss] |
| Subject | :sub | equal options[:sub] |
| Audience | :aud | include options[:aud] |
| Expiration Time | :exp | be > current time |
| Not Before | :nbf | be <= current time |
| Issued at | :iat | be < current time |
| JWT ID | :jti | equal options[:jti] |
Additional detail about JWT registered claims is found in this section of the JWT RFC
Ruby 2.0.0 and up