aboutsummaryrefslogtreecommitdiffstats
path: root/util/jwt.lua
Commit message (Collapse)AuthorAgeFilesLines
* util.jwt: Add new init() convenience method to obtain both signer and verifierMatthew Wild2022-07-111-0/+6
|
* util.jwt: Consolidate payload parsing, ensure it's always a valid objectMatthew Wild2022-07-111-11/+13
|
* util.jwt: Provide built-in token expiry support (defaults to 3600s lifetime)Matthew Wild2022-07-111-3/+28
| | | | | | | | To avoid every user of the library needing to add and verify expiry info, this is now handled by util.jwt itself (if not overridden or disabled). Issuing tokens that are valid forever is bad practice and rarely desired, and the default token lifetime is now 3600s (1 hour).
* util.jwt: All the algorithms (+ all the tests!)Matthew Wild2022-07-021-5/+12
| | | | Except 'none'. Not implementing that one.
* util.crypto: More digests for sign/verify, use macros for clarity/consistencyMatthew Wild2022-07-021-2/+2
|
* util.jwt: Add support for RSA-based algorithms (RS256, PS256)Matthew Wild2022-07-021-14/+35
|
* util.jwt: Add support/tests for ES256 via improved API and using util.cryptoMatthew Wild2022-07-011-19/+121
| | | | | | | | | | | In many cases code will be either signing or verifying. With asymmetric algorithms it's clearer and more efficient to just state that once, instead of passing keys (and possibly other parameters) with every sign/verify call. This also allows earlier validation of the key used. The previous (HS256-only) sign/verify methods continue to be exposed for backwards-compatibility.
* util.jwt: Use constant-time comparison with expected signatureMatthew Wild2021-05-131-1/+2
|
* util.jwt: Basic JSON Web Token library supporting HS256 tokensKim Alvefur2020-02-241-0/+50