apion
API
Generated with
apion/io.github.edadma.apion/JWT

JWT

io.github.edadma.apion.JWT
object JWT

JSON Web Token (JWT) implementation supporting HS256 (HMAC-SHA256) algorithm.

JWT structure: header.payload.signature

  • header: {"alg": "HS256", "typ": "JWT"}
  • payload: your custom claims as JSON
  • signature: HMAC-SHA256(base64Url(header) + "." + base64Url(payload), secret)

Each section is base64url encoded and joined with dots.

Attributes

Graph
Supertypes
class Object
trait Matchable
class Any
Self type
JWT.type

Members list

Type members

Classlikes

case class Header(alg: String, typ: String)

JWT Header containing algorithm and token type. Currently only supports HS256 algorithm.

JWT Header containing algorithm and token type. Currently only supports HS256 algorithm.

Value parameters

alg

Algorithm used for signing (HS256 = HMAC-SHA256)

typ

Token type, always "JWT"

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object Header

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
Header.type
case class JWTError(message: String) extends Exception

Custom error type for JWT-related failures

Custom error type for JWT-related failures

Attributes

Supertypes
trait Product
trait Equals
class Exception
class Throwable
trait Serializable
class Object
trait Matchable
class Any
Show all
case class RefreshToken(jti: String, sub: String, exp: Long, issuedAt: Long)

Attributes

Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all

Value members

Concrete methods

def generateRefreshToken(subject: String, validityPeriod: Long, secretKey: String): String

Generate a refresh token

Generate a refresh token

Value parameters

subject

User identifier

validityPeriod

Refresh token validity in seconds (default 30 days)

Attributes

Returns

Signed refresh token

def refreshAccessToken[A : JsonDecoder](refreshToken: String, secretKey: String, accessTokenPayloadGenerator: String => A): Either[JWTError, String]

Validate and refresh access token using a refresh token

Validate and refresh access token using a refresh token

Value parameters

accessTokenPayloadGenerator

Function to generate new access token payload

refreshToken

Existing refresh token

secretKey

Secret key for verification

Attributes

Returns

Either a new access token or an error

def sign[A : JsonEncoder](payload: A, secret: String): String

Creates and signs a new JWT token.

Creates and signs a new JWT token.

Type parameters

A

The type of the payload (must have a JsonEncoder)

Value parameters

payload

The data to encode in the token

secret

The secret key used to sign the token

Attributes

Returns

The complete JWT string (header.payload.signature)

def verify[A : JsonDecoder](token: String, secret: String): Either[JWTError, A]

Verifies a JWT token and extracts its payload.

Verifies a JWT token and extracts its payload.

Type parameters

A

The expected type of the payload (must have a JsonDecoder)

Value parameters

secret

The secret key used to verify the signature

token

The JWT string to verify (header.payload.signature)

Attributes

Returns

Either an error or the decoded payload

Generated with