JWT

Basic helpers to sign and verify jwt tokens.

Create / Sign

Use the sign function to create a simple jwt token.

Parameters

  1. Claims / payload. Can be either an object, map or a json string.
{{ $myToken1 := sign `{"foo": "bar"}` "my-secret" "HS256" 1200 }}
{{ $myToken2 := sign (mkAnyMap "foo" "bar") "my-secret" "HS256" 1200 }}
  1. Secret to sign. Can be pulled from either variables or other sources that do not expose it to the html (api, cache).
<!-- Can be a string however the value is exposed in the html -->
{{ $claims := mkAnyMap "foo" "bar" }}
{{ $myToken := sign $claims "my-secret" "HS256" 1200 }}
<!-- Reading it from the api will hide the secret from parsed content -->
<input type="hidden" name="CaFaApi.Api.Get.myRequest1" value="v3/configuration" data-preset-val="v3/configuration">
<input type="hidden" name="CaFaApi.Api.Path.myRequest1.id" value="37" data-preset-val="37">
{{ $secret := (.Data.CaFaApi.Api.Requests.myRequest1.Response.Get "value").String }}

{{ $claims := mkAnyMap "foo" "bar" }}
{{ $myToken := sign $claims $secret "HS256" 1200 }}
<!-- Reading from variables is also hidden -->
{{ $claims := mkAnyMap "test" "val"}}
{{ $myToken := sign $claims (.Variables.Get "jwt.secret").String "HS256" 1200 }}
  1. Algorithm, currently allowed values are: HS256, HS512, RS256 and RS512.
  2. Expiration that will be added as the exp claim. Value is in seconds.

Verify

Verify the token against the key and expiration

When successful the result claims is a json result object where we can use the same Get fetching functionality as we use in dynamic api responses.

{{ $claims := verify $myToken "my-secret" }}
{{ $expVal := ($claims.Get "exp").Int }}

Error returned in content

If the validation fails the result will be returned as an error in the claims result.

{{ $claims := verify $myToken "my-secret" }}
<!-- {"error": "some failure reason"} -->

Fail template parse

If the validation fails then server returns the general error response screen.

{{ $claims := verifyWithFailure $myToken "my-secret" }}