JWT
Basic helpers to sign and verify jwt tokens.
Create / Sign
Use the sign function to create a simple jwt token.
Parameters
- Claims / payload. Can be either an object, map or a json string.
{{ $myToken1 := sign `{"foo": "bar"}` "my-secret" "HS256" 1200 }}
{{ $myToken2 := sign (mkAnyMap "foo" "bar") "my-secret" "HS256" 1200 }}
- Secret to sign. Can be pulled from either variables or other sources that do not expose it to the html (api, cache).
<!-- Can be a string however the value is exposed in the html -->
{{ $claims := mkAnyMap "foo" "bar" }}
{{ $myToken := sign $claims "my-secret" "HS256" 1200 }}
<!-- Reading it from the api will hide the secret from parsed content -->
<input type="hidden" name="CaFaApi.Api.Get.myRequest1" value="v3/configuration" data-preset-val="v3/configuration">
<input type="hidden" name="CaFaApi.Api.Path.myRequest1.id" value="37" data-preset-val="37">
{{ $secret := (.Data.CaFaApi.Api.Requests.myRequest1.Response.Get "value").String }}
{{ $claims := mkAnyMap "foo" "bar" }}
{{ $myToken := sign $claims $secret "HS256" 1200 }}
<!-- Reading from variables is also hidden -->
{{ $claims := mkAnyMap "test" "val"}}
{{ $myToken := sign $claims (.Variables.Get "jwt.secret").String "HS256" 1200 }}
- Algorithm, currently allowed values are: HS256, HS512, RS256 and RS512.
- Expiration that will be added as the exp claim. Value is in seconds.
Verify
Verify the token against the key and expiration
When successful the result claims is a json result object where we can use the same Get fetching functionality as we use in dynamic api responses.
{{ $claims := verify $myToken "my-secret" }}
{{ $expVal := ($claims.Get "exp").Int }}
Error returned in content
If the validation fails the result will be returned as an error in the claims result.
{{ $claims := verify $myToken "my-secret" }}
<!-- {"error": "some failure reason"} -->
Fail template parse
If the validation fails then server returns the general error response screen.
{{ $claims := verifyWithFailure $myToken "my-secret" }}