A quick and dirty JWT implementation, please share your improvements!

Best
Alex

<?lassoScript

define jwt_sign(msg, key, method) => {
local(o, method_used = '')
local( methods = map( 'HS256' = 'sha256', 'HS384' = 'sha384', 'HS512' 'sha512') )
#method_used = #methods->find(#method)

#o = Encrypt_HMAC( -token = #msg,
-password = #key,
-digest = #method_used,
-Base64
)

return(#o)

}


define jwt_decode(jwt, key) => {
local( o, method, payload, parts, headb64, bodyb64, cryptob64, header,
payload, signature, verified = false )
#parts = #jwt->split('.')
#headb64 = #parts->get(1)
#bodyb64 = #parts->get(2)
#cryptob64 = #parts->get(3)
#header = json_deserialize(urlsafeB64Decode(#headb64))
#method = #header->find('alg')
#payload = json_deserialize(urlsafeB64Decode(#bodyb64))
#signature = stringToUrlSafe(jwt_sign(#headb64 + '.' + #bodyb64, #key,
#method))


#verified = (#cryptob64 == #signature ? true | false)
if(#verified) => {
#o = #payload
else
#o = 'Signature verification failed'
}

return(#o)
}


define urlsafeB64Decode(input) => {

local(o, temp, padlen, remainder = 0)

#remainder = #input->length % 4

if( #remainder != 0 ) => {
#padlen = 4 - #remainder;
#input += '=' * #padlen
}
#input->replace('-', '+')
#o = bytes(#input)->decodebase64
return(#o)
}


define urlsafeB64Encode(input) => {
local( o, encoded_input, temp1 )
#encoded_input = stringToUrlSafe(string(bytes(#input)->encodebase64))
return(#encoded_input)
}


define jwt_encode(payload, key, method) => {
local( o, header, headb64, bodyb64, cryptob64 )
#header = map("typ" = "JWT", "alg" = #method)
#headb64 = urlsafeB64Encode(json_serialize(#header))
#bodyb64 = urlsafeB64Encode(json_serialize(#payload))
#cryptob64 = stringToUrlSafe(jwt_sign(#headb64 + '.' + #bodyb64, #key,
#method))

#o = #headb64 + '.' + #bodyb64 + '.' + #cryptob64

return(#o)
}


define stringToUrlSafe(input) => {
local(o)
#o = #input
#o->replace('=', '')
#o->replace('+', '-')
#o->replace('/', '_')
return(#o)
}



local(payload = map('admin' = true, 'name' = 'John Doe', 'sub' 1234567890) )

jwt_encode(#payload, 'top secret', 'HS256')
'<br>'
jwt_decode('eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiSldUIn0.eyJhZG1pbiI6IHRydWUsIm5hbWUiOiAiSm9obiBEb2UiLCJzdWIiOiAxMjM0NTY3ODkwfQ.XUJi-mUasC25uKj0U_mtJrk7gHd7-0OPnfGS-dSdAm8',
'top secret')

?>

On 21 April 2017 at 15:31, <listmaster@lassosoft.com> wrote:

> Mailing list subscription confirmed for mailing list "LassoTalk" for email
> address "alex.betz@gmail.com"
>
> If you think you have been subscribed to the list in error, or have any
> other questions, send them to listmaster@lassosoft.com.
>
> Request date (EST): 2017-04-21 10:31:52
> Request source IP address: 109.150.131.242
> Request source browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
>
>
>
>
>

#############################################################

This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>