JSON Web Token

Swift implementation of JSON Web Token.

Installation

Swift Pacakage Manager is the recommended installation method for JSONWebToken, CocoaPods is also supported.

pod 'JSONWebToken'

NOTE: Carthage may be supported, however support will not be provided for this installation method, use at your own risk if you know how it works.

Usage

import JWT

Encoding a claim

JWT.encode(claims: ["my": "payload"], algorithm: .hs256("secret".data(using: .utf8)!))

Encoding a claim set

var claims = ClaimSet()
claims.issuer = "fuller.li"
claims.issuedAt = Date()
claims["custom"] = "Hi"

JWT.encode(claims: claims, algorithm: .hs256("secret".data(using: .utf8)!))

Building a JWT with the builder pattern

JWT.encode(.hs256("secret".data(using: .utf8))) { builder in
  builder.issuer = "fuller.li"
  builder.issuedAt = Date()
  builder["custom"] = "Hi"
}

Decoding a JWT

When decoding a JWT, you must supply one or more algorithms and keys.

do {
  let claims: ClaimSet = try JWT.decode("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.2_8pWJfyPup0YwOXK7g9Dn0cF1E3pdn299t4hSeJy5w", algorithm: .hs256("secret".data(using: .utf8)!))
  print(claims)
} catch {
  print("Failed to decode JWT: \(error)")
}

When the JWT may be signed with one out of many algorithms or keys:

try JWT.decode("eyJh...5w", algorithms: [
  .hs256("secret".data(using: .utf8)!),
  .hs256("secret2".data(using: .utf8)!),
  .hs512("secure".data(using: .utf8)!)
])

You might also want to give your iat, exp and nbf checks some kind of leeway to account for skewed clocks. You can do this by passing a leeway parameter like this:

try JWT.decode("eyJh...5w", algorithm: .hs256("secret".data(using: .utf8)!), leeway: 10)

Supported claims

The library supports validating the following claims:

Issuer (iss) Claim
Expiration Time (exp) Claim
Not Before (nbf) Claim
Issued At (iat) Claim
Audience (aud) Claim

Algorithms

This library supports the following algorithms:

none - Unsecured JWTs
hs256 - HMAC using SHA-256 hash algorithm (default)
hs384 - HMAC using SHA-384 hash algorithm
hs512 - HMAC using SHA-512 hash algorithm

License

JSONWebToken is licensed under the BSD license. See LICENSE for more info.

Project Name	Stars	Repos Using This	Packages Using This	Most Recent Commit	Total Releases	Latest Release	Open Issues	License	Language
Next Auth	18,799	21	226	15 hours ago	650	July 25, 2023	305	isc	TypeScript
Authentication for the Web.
Jwt	7,060	6,817	535	4 days ago	53	February 25, 2023	7	bsd-3-clause	PHP
A simple library to work with JSON Web Token and JSON Web Signature
Java Jwt	5,410	1,902	402	6 days ago	58	March 31, 2023	4	mit	Java
Java implementation of JSON Web Token (JWT)
Pyjwt	4,692	9,443	2,192	9 days ago	48	July 18, 2023	18	mit	Python
JSON Web Token implementation in Python
Express Jwt	4,398	12,538	823	3 days ago	71	February 06, 2023	54	mit	TypeScript
connect/express middleware that validates a JsonWebToken (JWT) and set the req.user with the attributes
Jwt_tool	4,179			3 months ago			45	gpl-3.0	Python
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
Learn Json Web Tokens	4,164		2	8 months ago	3	April 15, 2019	20	mit	JavaScript
:closed_lock_with_key: Learn how to use JSON Web Token (JWT) to secure your next Web App! (Tutorial/Example with Tests!!)
Iot Technical Guide	3,552			19 days ago			13	apache-2.0	Java
:honeybee: IoT Technical Guide --- 从零搭建高性能物联网平台及物联网解决方案和Thingsboard源码分析 :sparkles: :sparkles: :sparkles: (IoT Platform, SaaS, MQTT, CoAP, HTTP, Modbus, OPC, WebSocket, 物模型，Protobuf, PostgreSQL, MongoDB, Spring Security, OAuth2, RuleEngine, Kafka, Docker)
Guardian	3,323	685	29	12 days ago	51	November 24, 2022	5	mit	Elixir
Elixir Authentication
Cli	3,235		121	4 days ago	313	July 18, 2023	125	apache-2.0	Go
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

Jsonwebtoken.swift