README
jwt-ecdsa-signer
Ability to sign arbitary JSON objects and verify them using asymmetric ECDSA (SHA256) JWT tokens
Install
Via npm:
npm install --save @cheatcodes/jwt-ecdsa-signer
Via yarn:
yarn add @cheatcodes/jwt-ecdsa-signer
Usage
Certificated-based signing
TIP: For help generating SHA256 ES key pairs, follow this tutorial. (Follow the section titled 'Generating a private EC key')
If you wish to use the asymmetric (ECDSA SHA256) algorithm, you will need 2 pem files, the private key for signing and the public certificate for verifying/decoding.
const jwt = require('@cheatcodes/jwt-ecdsa-signer')
const pathToKey = 'certs/key.pem'
const pathToCert = 'certs/cert.pem'
async function roundtrip(payload) {
const jwtToken = await jwt.asymmetric.sign(payload, pathToKey);
const payloadBackAgain = await jwt.asymmetric.decode(jwtToken, pathToCert);
}
Secret-based signing
If you want to use the symmetric (HMAC SHA512) algorithm, you will need a secret passphrase.
const jwt = require('@cheatcodes/jwt-ecdsa-signer')
const secretPassphrase = 'this is a secret passphrase, dont tell anyone!'
async function roundtrip(payload) {
const jwtToken = await jwt.symmetric.sign(payload, secretPassphrase);
const payloadBackAgain = await jwt.symmetric.decode(jwtToken, secretPassphrase);
}