Next: , Previous: , Up: Top   [Contents][Index]

2 The Json Web Token

The Json Web Token, or JWT, is a terse representation of a pair of JSON object: the header, and the body. The JWT can be encoded, in which case the header is encoded to base64 with the URL alphabet, and without padding characters, the body is also encoded to base64, and the concatenation of the encoding of the header, a dot, and the encoding of the body is signed with some cryptography algorithm. In the following, we will only be interested by public-key cryptography. The concatenation of header, dot, body, dot and signature in base64 is the encoding of the JWT.

The (pomdappi jwt) module defines the data type for a JWT. For the sake of compatibility with the guile-json library, JSON objects are parsed to scheme as an alist, and JSON arrays as scheme vectors.

predicate: jwt? x

Check whether x is a parsed JWT, i.e. a pair of a JWT header and a JWT body.

predicate: jwt-header? x
predicate: jwt-body? x

Check whether x is a JWT header, in which case the key “alg” should be set, or a JWT body.

function: jwt-header jwt
function: jwt-body jwt

Return the header (resp. body) of jwt if jwt is a JWT, or #f.

function: jwt-header-alg jwt-header
function: jwt-alg jwt

Get the value of the “alg” field of the jwt header.

function: make-jwt header body

Create a JWT out of header and body. If header is not a valid JWT header or body is not a valid JWT body, return #f.

function: jwt-decode str verify

Decode the encoded JWT in str, and call the user-supplied verify procedure to check the signature. verify is invoked with the following argument:

If the verify function returns #f, jwt-decode returns #f. Otherwise, the signature is accepted and jwt-decode returns the parsed JWT.

function: jwt-encode jwt key

Return the encoded version of jwt, signed with key. If you’re just passing a JWT around that you have not created, you need to remember its original encoding, because you will not be able to sign it.

predicate: jwt-equal? a b

Check that a and b are both JWTs and have the same header values and the same body values.

Next: , Previous: , Up: Top   [Contents][Index]