| Title: | JavaScript Object Signing and Encryption |
|---|---|
| Description: | Read and write JSON Web Keys (JWK, rfc7517), generate and verify JSON Web Signatures (JWS, rfc7515) and encode/decode JSON Web Tokens (JWT, rfc7519) <https://datatracker.ietf.org/wg/jose/documents/>. These standards provide modern signing and encryption formats that are natively supported by browsers via the JavaScript WebCryptoAPI <https://www.w3.org/TR/WebCryptoAPI/#jose>, and used by services like OAuth 2.0, LetsEncrypt, and Github Apps. |
| Authors: | Jeroen Ooms [aut, cre] |
| Maintainer: | Jeroen Ooms <[email protected]> |
| License: | MIT + file LICENSE |
| Version: | 1.2.1 |
| Built: | 2024-10-03 19:15:14 UTC |
| Source: | https://github.com/r-lib/jose |
The base64url_encode functions are a variant of the standard base64. They are
specified in Section 5 of RFC 4648 as a URL-safe alternative. They use different symbols
for the 62:nd and 63:rd alphabet character and do not include trailing ==
padding.
base64url_encode(bin) base64url_decode(text)base64url_encode(bin) base64url_decode(text)
bin |
a binary blob to encode |
text |
a base64url encoded string |
Helper function to create a named list used as the claim of a JWT payload. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1 for details.
jwt_claim( iss = NULL, sub = NULL, aud = NULL, exp = NULL, nbf = NULL, iat = Sys.time(), jti = NULL, ... )jwt_claim( iss = NULL, sub = NULL, aud = NULL, exp = NULL, nbf = NULL, iat = Sys.time(), jti = NULL, ... )
iss |
(Issuer) Claim, should be rfc7519 'StringOrURI' value |
sub |
(Subject) Claim, should be rfc7519 'StringOrURI' value |
aud |
(Audience) Claim, should contain one or rfc7519 'StringOrURI' values |
exp |
(Expiration Time) Claim, should be rfc7519 'NumericDate' value; R
|
nbf |
(Not Before) Claim, should be rfc7519 'NumericDate' value; R
|
iat |
(Issued At) Claim, should be rfc7519 'NumericDate' value; R
|
jti |
(JWT ID) Claim, optional unique identifier for the JWT |
... |
additional custom claims to include |
Sign or verify a JSON web token. The jwt_encode_hmac, jwt_encode_rsa,
and jwt_encode_ec default to HS256, RS256, and ES256
respectively. See jwt.io or
RFC7519 for more details.
jwt_encode_hmac(claim = jwt_claim(), secret, size = 256, header = NULL) jwt_decode_hmac(jwt, secret) jwt_encode_sig(claim = jwt_claim(), key, size = 256, header = NULL) jwt_decode_sig(jwt, pubkey) jwt_split(jwt)jwt_encode_hmac(claim = jwt_claim(), secret, size = 256, header = NULL) jwt_decode_hmac(jwt, secret) jwt_encode_sig(claim = jwt_claim(), key, size = 256, header = NULL) jwt_decode_sig(jwt, pubkey) jwt_split(jwt)
claim |
a named list with fields to include in the jwt payload |
secret |
string or raw vector with a secret passphrase |
size |
bitsize of sha2 signature, i.e. |
header |
named list with additional parameter fields to include in the jwt header as defined in rfc7515 section 9.1.2 |
jwt |
string containing the JSON Web Token (JWT) |
key |
path or object with RSA or EC private key, see openssl::read_key. |
pubkey |
path or object with RSA or EC public key, see openssl::read_pubkey. |
# HMAC signing mysecret <- "This is super secret" token <- jwt_claim(name = "jeroen", session = 123456) sig <- jwt_encode_hmac(token, mysecret) jwt_decode_hmac(sig, mysecret) # RSA encoding mykey <- openssl::rsa_keygen() pubkey <- as.list(mykey)$pubkey sig <- jwt_encode_sig(token, mykey) jwt_decode_sig(sig, pubkey) # Same with EC mykey <- openssl::ec_keygen() pubkey <- as.list(mykey)$pubkey sig <- jwt_encode_sig(token, mykey) jwt_decode_sig(sig, pubkey) # Get elements of the key mysecret <- "This is super secret" token <- jwt_claim(name = "jeroen", session = 123456) jwt <- jwt_encode_hmac(token, mysecret) jwt_split(jwt)# HMAC signing mysecret <- "This is super secret" token <- jwt_claim(name = "jeroen", session = 123456) sig <- jwt_encode_hmac(token, mysecret) jwt_decode_hmac(sig, mysecret) # RSA encoding mykey <- openssl::rsa_keygen() pubkey <- as.list(mykey)$pubkey sig <- jwt_encode_sig(token, mykey) jwt_decode_sig(sig, pubkey) # Same with EC mykey <- openssl::ec_keygen() pubkey <- as.list(mykey)$pubkey sig <- jwt_encode_sig(token, mykey) jwt_decode_sig(sig, pubkey) # Get elements of the key mysecret <- "This is super secret" token <- jwt_claim(name = "jeroen", session = 123456) jwt <- jwt_encode_hmac(token, mysecret) jwt_split(jwt)
Read and write RSA, ECDSA or AES keys as JSON web keys.
read_jwk(file) write_jwk(x, path = NULL)read_jwk(file) write_jwk(x, path = NULL)
file |
path to file with key data or literal json string |
x |
an RSA or EC key or pubkey file |
path |
file path to write output |
# generate an ecdsa key library(openssl) key <- ec_keygen("P-521") write_jwk(key) write_jwk(as.list(key)$pubkey) # Same for RSA key <- rsa_keygen() write_jwk(key) write_jwk(as.list(key)$pubkey)# generate an ecdsa key library(openssl) key <- ec_keygen("P-521") write_jwk(key) write_jwk(as.list(key)$pubkey) # Same for RSA key <- rsa_keygen() write_jwk(key) write_jwk(as.list(key)$pubkey)