Signing Tokens

January 10, 2024 ยท View on GitHub

Custom Signature Algorithms

The libraries design is open so you can implement your own algorithms, see existing implementations for ideas.

struct your_algorithm{
    std::string sign(const std::string& /*unused*/, std::error_code& ec) const {
        ec.clear();
        // CALL YOUR METHOD HERE
        return {};
    }
    void verify(const std::string& /*unused*/, const std::string& signature, std::error_code& ec) const {
        ec.clear();
        if (!signature.empty()) { ec = error::signature_verification_error::invalid_signature; }
        
        // CALL YOUR METHOD HERE
    }
    std::string name() const { return "your_algorithm"; }
};

Then everything else is the same, just pass in your implementation such as:

auto token = jwt::create()
                .set_id("custom-algo-example")
                .set_issued_now()
                .set_expires_in(std::chrono::seconds{36000})
                .set_payload_claim("sample", jwt::claim(std::string{"test"}))
                .sign(your_algorithm{/* what ever you want */});