com.github.kikuomax.spray

jwt

package jwt

Provides utilities for signing and verification by the JSON Web Token (JWT).

Only JSON Web Signature (JWS) is supported.

Please refer to OAuth Working Group Draft for details on JWT.

The implementation is powered by Nimbus JOSE + JWT.

Signing

Signing is supposed to be done when a Basic authentication has succeeded. There is a function JwtDirectives.jwtAuthenticator which returns a UserPassAuthenticator that authenticates a given pair of a user and a password, builds a claim set and signs it. Both claim set buildind and signing functions are implicitly given to JwtDirectives.jwtAuthenticator.

JwtClaimBuilder helps defining a claim set building function.

JwtSignature helps defining a signing function.

Verification

There is a directive JwtDirectives.authorizeToken which verifies and privileges a given JWT. A verification function is implicitly given to JwtDirectives.authorizeToken.

JwtSignature helps defining a verification function.

JwtClaimVerifier helps defining a privileging function.

Example

The following is an example derived from an example of the authenticate directive.

import JwtDirectives._
import JwtClaimBuilder._
import JwtClaimVerifier._

// you can use Actor's dispatcher as the execution context
implicit val executionContext: ExecutionContext

// imports implicit signing and verification functions in the scope
val signature = JwtSignature(JWSAlgorithm.HS256, "chiave segreta")
import signature._

// an implicit claim set building function
implicit val claimBuilder: String => Option[JWTClaimsSet] =
  claimSubject[String](identity) &&
  claimIssuer("spray-jwt") &&
  claimExpiration(30.minutes)

// a user authentication function
def myUserPassAuthenticator(userPass: Option[UserPass]): Future[Option[String]] =
  Future {
    if (userPass.exists(up => up.user == "John" && up.pass == "p4ssw0rd"))
      Some("John")
    else
      None
  }

val route =
  path("authenticate") {
    authenticate(BasicAuth(jwtAuthenticator(myUserPassAuthenticator _), "secure site")) { jws =>
      complete(jws.serialize())
    }
  } ~
  path("verify") {
    // a privileging function
    def privilegeUser(claim: JWTClaimsSet): Option[String] =
      Option(claim.getSubject()) flatMap {
        case user: String if user == "John" => Some(user)
        case _                              => None
      }

    authorizeToken(verifyNotExpired && privilegeUser) { userName =>
      complete(s"The user is $userName")
    }
  }
Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. jwt
  2. AnyRef
  3. Any
  1. Hide All
  2. Show all
Learn more about member selection
Visibility
  1. Public
  2. All

Type Members

  1. case class JwtAuthorizationMagnet[T](extractor: Directive1[Option[JWSObject]], confirmer: (JWSObject) ⇒ Option[JWTClaimsSet], verifier: (JWTClaimsSet) ⇒ Option[T]) extends Product with Serializable

    Magnet that attracts parameters necessary for the authorizeToken directive.

    Magnet that attracts parameters necessary for the authorizeToken directive.

    T

    Outcome type of verifier.

    extractor

    Extracts a JSON Web Signature (JWS) from an HTTP request.

    confirmer

    Confirms the signature of the JWS and extracts the claims set.

    verifier

    Verifiers the claims set and converts it to an application-specific object.

  2. trait JwtClaimBuilder[T] extends (T) ⇒ Option[JWTClaimsSet]

    Claim builder.

    Claim builder.

    You can chain multiple claim builders by && operator.

  3. trait JwtClaimVerifier extends (JWTClaimsSet) ⇒ Option[JWTClaimsSet]

    Verifies a claims set.

    Verifies a claims set.

    Instance of this trait can be passed as a verifier argument of the authorizeToken directive.

  4. trait JwtDirectives extends AnyRef

    Provides utilities for building, signing and verification of a JSON Web Token (JWT).

  5. case class JwtSignature(algorithm: JWSAlgorithm, secret: String) extends Product with Serializable

    Provides signature signer and verifier for JWS.

    Provides signature signer and verifier for JWS.

    algorithm

    Name of the signature algorithm.

    secret

    Secret key for the signature algorithm.

Value Members

  1. object JwsExtractor

    Provides common JWS extractors.

  2. object JwtAuthorizationMagnet extends Serializable

    Companion object of JwtAuthorizationMagnet.

  3. object JwtClaimBuilder

    Companion object of JwtClaimBuilder.

  4. object JwtClaimVerifier

    Companion object of JwtClaimVerifier.

  5. object JwtDirectives extends JwtDirectives

    Companion object of JwtDirectives.

Inherited from AnyRef

Inherited from Any

Ungrouped