JSON Object Signing and Encryption Library

Version on this page:0.4.2@rev:2
LTS Haskell 22.29:0.9.6
Stackage Nightly 2024-07-13:0.10.0
Latest on Hackage:0.10.0

See all snapshots jose-jwt appears in

BSD-3-Clause licensed and maintained by Luke Taylor
This version can be pinned in stack with:jose-jwt-0.4.2@sha256:67ecce96ed8c8ad2e3d6d018d1aac6fc87ca9fc8307f064047914e2be7ded5fb,4203

Module documentation for 0.4.2

Intended to provide support for the JOSE suite of IETF (draft) standards and the closely related JWT (JSON web token) spec (

Both signed and encrypted JWTs are supported, as well as simple JWK format keys.

The library is currently intended to support work on an OpenID Connect implementation and the APIs should not be considered complete, stable or secure for all use cases.



  • Fix in the code for finding suitable JWKs for encoding/decoding.

  • Added doctest flag to cabal file to allow doctests to be disabled.


  • Add cprng-aes dependency to doctests to stop test failure on travis and nixos hydra builds.


  • Changed use of Jwt type to represent an encoded JWT.
  • Introduced Payload type to allow setting the cty header value correctly for nested JWTs.
  • Added an explicit Unsecured type for a decoded JWT, to make it obvious when the content is not signed or encrypted.
  • Fixed some bugs in JSON encoding and decoding of EC JWKs.


Changed the signature of Jwt.encode to take a list of Jwk rather than a single key. The key will be selected from the list based on the specified algorithms.


  • New support for JWS validation using elliptic curve algorithms.
  • Added Jwt.encode function which takes a JWK argument, allowing key data (currently the key ID) to be encoded in the token header.