djwt icon indicating copy to clipboard operation
djwt copied to clipboard

Published 20 hours ago verified publisher icon Zaubrik

need some real world examples

Open ralyodio opened this issue 2 years ago • 7 comments

All the tutorials out there I could find seem to use an outdated api for djwt.

I'm looking to just authetnicate a user upon login and validate them for authorized api calls.

ralyodio avatar Sep 07 '21 03:09 ralyodio

Hi ,

I have created a very simple Auth Deno Api using this same repo and some other tools. It includes some examples on how to login, register and use your JWT token to do some requests

https://github.com/Anstroy/deno-api/

I invite you to take a look at it, I am updating some of the README.md file for documentation, let me know if you have any questions about it.

Thanks

ausgomez avatar Sep 07 '21 21:09 ausgomez

Check out https://github.com/authcompanion/authcompanion - recently updated for the latest djwt apis

authcompanion avatar Sep 18 '21 18:09 authcompanion

please add a importKey example:

const key = await crypto.subtle.importKey(
  "raw",
  new TextEncoder().encode("your secret string"),
  { name: "HMAC", hash: "SHA-256" },
  true,
  ["sign", "verify"],
)

transtone avatar Jun 08 '22 06:06 transtone

@transtone if this is not enough you can find other examples here or on mdn.

timonson avatar Jun 08 '22 07:06 timonson

for someone who not know much about decode/encode/base64/cryptokey etc like me, can't find a way to get binaryDer in https://github.com/timonson/djwt/blob/master/examples/pkcs8_storing.ts#L19

a fine example like https://jwt.io does is very nice.

transtone avatar Jun 13 '22 12:06 transtone

Switching from this :

import {
    create,
    verify
} from 'https://deno.land/x/[email protected]/mod.ts';

export const
    signJwt = async (
        data,
        secret
    ) => await create(
        {
            alg: 'HS256',
            typ: 'JWT'
        },
        data,
        secret
    ),
    verifyJwt = async (
        jwt,
        secret
    ) => await verify(
        jwt,
        secret,
        'HS256'
    );

To this :

import {
    create,
    verify
} from 'https://deno.land/x/[email protected]/mod.ts';

const
    cryptoArgs = [
        { name: 'HMAC', hash: 'SHA-256' },
        true,
        ['sign', 'verify']
    ],
    keyToSecret = async key => (await crypto.subtle.exportKey(
        'jwk',
        key
    )).k,
    secretToKey = secret => crypto.subtle.importKey(
        'raw',
        new TextEncoder().encode(secret),
        ...cryptoArgs
    );

export const
    generateSecret = async () => await keyToSecret(await crypto.subtle.generateKey(...cryptoArgs)),
    signJwt = async (
        data,
        secret
    ) => await create(
        {
            alg: 'HS256',
            typ: 'JWT'
        },
        data,
        await secretToKey(secret)
    ),
    verifyJwt = async (
        jwt,
        secret
    ) => await verify(
        jwt,
        await secretToKey(secret)
    );

took me much more time than it would have if all of those methods were documented on the README.

Also, PR #54, which introduced those changes, should have been released as a new major version according to article 8 of SemVer specification :

Major version X (X.y.z | X > 0) MUST be incremented if any backwards incompatible changes are introduced to the public API.

Thanks

KaKi87 avatar Sep 26 '22 22:09 KaKi87

took me much more time than it would have if all of those methods were documented on the README

PRs are welcome!

should have been released as a new major version

Good point, thank you!

timonson avatar Sep 27 '22 02:09 timonson