etaty / jwtyped

JWT (Json Web Token) Scala library

GitHub

JWTyped

Build Status codecov Maven Central

Opinionated implementation of JWT in scala

  • secure by default (only secure algorithm supported, no none)
  • small api enforcing security
  • typed
  • no external dependencies

Getting Started

Dependencies

libraryDependencies += "com.github.etaty" %% "jwtyped" % "0.1.0"

Usage

// encode
val key = Secret.fromString("secret")
val algorithm = HS256(key)
val header = Header("JWT", "HS256")
val payload = Payload(sub = "1234567890", name = "John Doe", admin = true)
val message = Message.from(header, payload)
val tokenEncoded = JWT.encode(message, algorithm)

// decode
JWT.decode[Header, Payload](tokenEncoded, algorithm)

// or
JWT.decode[Header, Payload](tokenEncoded, { 
  case (Header, Payload) =>
    // you can decide which algorithm you want to use
    Right(algorithm)
})

Algorithms supported

see implemation file

  • HmacSHA*
    • HS256
    • HS384
    • HS512
  • SHA*withRSA
    • RS256
    • RS384
    • RS512
  • SHA*withECDSA
    • ES256
    • ES384
    • ES512

SHA*withECDSA with Bouncy Castle

Dependencies

libraryDependencies += "org.bouncycastle" % "bcpkix-jdk15on" % "1.55"

Add bouncy castle as a provider

import java.security.Security
import org.bouncycastle.jce.provider.BouncyCastleProvider

val BOUNCY_CASTLE_PROVIDER = "BC"

if (Security.getProvider(BOUNCY_CASTLE_PROVIDER) == null) {
  Security.addProvider(new BouncyCastleProvider())
}