JSON Web Token encoder and decoder.
decode : Json.Decode.Decoder payload -> Secret -> Token -> Result (DecodeError payload) payload
Verify a token given a secret or public key.
import Json.Decode
import Json.Encode
import TestHelpers
exposing
( aValidToken
, correctSecret
, encodePayload
, payload
, payloadDecoder
, wrongSecret
)
If all goes well, you'll get a result back with the payload.
decode payloadDecoder correctSecret aValidToken
--> Ok payload
If something goes wrong, you get an error:
decode payloadDecoder correctSecret "token.should.have.three.parts"
--> Err InvalidToken
Some errors will include the payload. However, whenever there is an error the payload should not be trusted.
decode payloadDecoder wrongSecret aValidToken
--> Err <| InvalidSecret payload
encode : Alg -> (payload -> Json.Encode.Value) -> Secret -> payload -> Token
Create and sign a token.
import Json.Decode
import Json.Encode
import TestHelpers
exposing
( aValidToken
, correctSecret
, encodePayload
, payload
, payloadDecoder
, wrongSecret
)
encode hmacSha256 encodePayload correctSecret payload
--> aValidToken
encode hmacSha512 Json.Encode.string "other secret" "some payload"
|> (decode Json.Decode.string "other secret")
--> Ok "some payload"
encode hmacSha224 Json.Encode.int "123" 456
|> (decode Json.Decode.int "abc")
--> Err <| InvalidSecret 456
hmacSha224 : Alg
HMAC SHA224 digest algorithm.
hmacSha256 : Alg
HMAC SHA256 digest algorithm.
hmacSha384 : Alg
HMAC SHA384 digest algorithm.
hmacSha512 : Alg
HMAC SHA512 digest algorithm.
Types of errors which can occur during decoding of a token.
Type of algoirthm to use for the digest
String
String used to sign or verify a token.
String
A JSON web token.
algDecoder : Json.Decode.Decoder Alg
Algorithm decoder.