string jwt-encode((string|OXN-node-set) jwt, string key [, number time-to-live[, string algorithm]])
packs and signs a JSON web token (JWT) as JSON web signature (JWS) in compact serialization. [RFC 7519, RFC 7515]
data
: The payload can be provided as a JSON string or OXN.
key
: For the HMAC algorithms, a Base64URL encoded symmetric key for the digital signature. For the RSASSA
based algorithms, use the PEM encoded private key (without the BEGIN
and END
lines and without any line breaks). The key must not be password protected.
time-to-live
: Sets the time span in seconds until expiration in the exp
claim of the jwt
. If the TTL is 0
, no exp
claim is added to the token – it is valid forever. Default: 0
(no expiration).
algorithm
: The signature or HMAC algorithm to use.
Supported values:
HS256
HS384
HS512
RS256
RS384
RS512
Defaults to HS256
. Consult RFC 7518, section 3.1 for an explanation of the individual values.
The return value is a JWS compact serialization as a string:
eyJ….….…
An empty string or false will be returned if any errors occur.
The variable $json
contains the JSON web token to be packed, the key is read from the environment variable $JWT_SECRET
. The encoded token is stored in the variable $jws
.
After 600 seconds the token becomes invalid:
<template out="$jws">
{{ jwt-encode($json, $env/JWT_SECRET, 600) }}
</template>
jwt-decode()
(reference)- Encoding and Decoding JWT (cookbook)
- Protecting Access using JWT Tokens (cookbook)