jwt

JSON Web Token (JWT) decoding and encoding

https://bitbucket.org/ssaasen/haskell-jwt

Version on this page:0.7.0@rev:1
LTS Haskell 22.17:0.11.0@rev:1
Stackage Nightly 2024-04-18:0.11.0@rev:1
Latest on Hackage:0.11.0@rev:1

See all snapshots jwt appears in

MIT licensed by Stefan Saasen
Maintained by [email protected]
This version can be pinned in stack with:jwt-0.7.0@sha256:7f92fee33357d1270d84b03c075342d917edf661d5c8a7240b70c9ce2dc821ac,3971

Module documentation for 0.7.0

Used by 1 package in nightly-2016-03-21(full list with versions):
happstack-authenticate

Haskell JSON Web Token (JWT)

JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties.

From http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html

JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or MACed and/or encrypted.

See the Web.JWT module documentation to get started.

Build Status

Changes

2016-02-20 0.7.0

* Update JWT to match RFC 7519. This is a backward compatible change with
deprecation warnings added for types and functions to be removed in the
future.
	* Add NumericDate as a replacement for IntDate (and numericDate as a 
	  replacement for intDate)
	* Add JOSEHeader as a replacement for JWTHeader.
* Use Stack and LTS 4.0
* Use cryptonite instead of cryptohash (Thanks to Greg V)
* Remove Web.Base64 in favour of using `memory` (Thanks to Greg V)

2015-04-22 0.6.0

* Execute doctests in addition to the testsuite when using 'make test'.
* Export `ClaimsMap` type alias (fixes #12)
* Allow base 4.8
* Lowered required cabal library version (to 1.16) to workaround build
  issues in a consumer project.
* Add 7.10.1 to the travis config

2015-01-19 0.5.3

* Add the missing `other-modules` field to the .cabal file so that 
  all the tests are present in the source distribution. Thanks to 
  Richard Wallace for reporting this.

2015-01-17 0.5.2

* Tim McLean pointed out that comparing signatures may be susceptible to
  a timing attack in the way the signatures were compared (using the default
  Eq instance). Both `Signature` and `Secret` now have an `Eq` instance that
  uses a constant time comparison function. Thanks Tim for reporting this.

2015-01-03 0.5.1

* Fix the encoding of the `aud` part of the claim.
  Thanks to Aaron Levin for reporting and implementing the change.
  In addition to the fix we now also verify the shape fo the generated
  payload.

2014-12-01 0.5.0

* Rev. 17 of the JWT Draft changed the audience claim from being an
optional String to being either an optional `StringOrURI`s or an optional list of
`StringOrURI`s. Thanks to Aaron Levin for reporting and implementing the
change. This change breaks backwards compatibility (in regard to 0.4.x).

2014-10-15 0.4.2

* Fix the build problems introduced in 0.4.1 to work with the 
  split network package. Thanks to Richard Wallace for
  fixing this and to Jeremy Shaw for reporting this at the same time.

2014-09-17 0.4.1

* Update jwt.cabal to work with the new split network package.
  Thanks to Jeremy Shaw for reporting this.

2014-08-02 0.4.0

* Change the upper boundary of base from 4.7 to 4.8 (#5)

2014-06-02 0.3.0

* Add verify function (thanks to Robert Massaioli) to allow verifying an
already decoded JWT token

2014-03-10 0.2.1

* Add Decoding/Encoding sections
* Make the examples runnable by doctest
* Fix hlint warnings
* Add 'secondsSinceEpoch' to extract the seconds from epoch from an IntDate

2014-03-10 0.2.0

* Export the IntDate and StringOrURI types #5a1137b

2014-03-03 0.1.1

* Verify that invalid input to the decode* functions fails as expected

2014-03-03 0.1.0

* Initial release