Comparison

spec/util_jwt_spec.lua @ 12696:27a72982e331

util.jwt: Add support/tests for ES256 via improved API and using util.crypto In many cases code will be either signing or verifying. With asymmetric algorithms it's clearer and more efficient to just state that once, instead of passing keys (and possibly other parameters) with every sign/verify call. This also allows earlier validation of the key used. The previous (HS256-only) sign/verify methods continue to be exposed for backwards-compatibility.
author Matthew Wild <mwild1@gmail.com>
date Fri, 01 Jul 2022 18:51:15 +0100
parent 10661:4eee1aaa9405
child 12699:b3d0c1457584
comparison
equal deleted inserted replaced
12695:6aaa604fdfd5 12696:27a72982e331
14 local token = jwt.sign("wrong", { payload = "this" }); 14 local token = jwt.sign("wrong", { payload = "this" });
15 assert.string(token); 15 assert.string(token);
16 local ok = jwt.verify(key, token); 16 local ok = jwt.verify(key, token);
17 assert.falsy(ok) 17 assert.falsy(ok)
18 end); 18 end);
19
20 it("validates ES256", function ()
21 local private_key = [[
22 -----BEGIN PRIVATE KEY-----
23 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2
24 OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r
25 1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G
26 -----END PRIVATE KEY-----
27 ]];
28
29 local sign = jwt.new_signer("ES256", private_key);
30
31 local token = sign({
32 sub = "1234567890";
33 name = "John Doe";
34 admin = true;
35 iat = 1516239022;
36 });
37
38 local public_key = [[
39 -----BEGIN PUBLIC KEY-----
40 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9
41 q9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg==
42 -----END PUBLIC KEY-----
43 ]];
44 local verify = jwt.new_verifier("ES256", public_key);
45
46 local result = {verify(token)};
47 assert.same({
48 true; -- success
49 { -- payload
50 sub = "1234567890";
51 name = "John Doe";
52 admin = true;
53 iat = 1516239022;
54 };
55 }, result);
56
57 local result = {verify[[eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.tyh-VfuzIxCyGYDlkBA7DfyjrqmSHu6pQ2hoZuFqUSLPNY2N0mpHb3nk5K17HWP_3cYHBw7AhHale5wky6-sVA]]};
58 assert.same({
59 true; -- success
60 { -- payload
61 sub = "1234567890";
62 name = "John Doe";
63 admin = true;
64 iat = 1516239022;
65 };
66 }, result);
67 end);
68
19 end); 69 end);
20 70