Jasmine Web Tokens

// Create token
jsmn_token_init(&token, JSMN_ALG_HS256, "{\"sub\":\"%s\",\"iat\":%d}", "user", time(NULL));

// Decode and validate token
jsmn_token_decode(&token, "your-256-bit-secret", JSMN_ALG_HS256, jwt, strlen(jwt));
https://travis-ci.com/TomzBench/jsmn-web-tokens.svg?branch=master https://codecov.io/gh/TomzBench/jsmn-web-tokens/branch/master/graph/badge.svg

About

jsmn-web-tokens is a small library for encoding and decoding Json Web Tokens intended for light weight embedded systems. jsmn-web-tokens relies on crypto primitives such as MBedTLS or WolfSSL which are targeted for constrained devices. jsmn-web-tokens can be configured to not rely on heap memory and has configuration options that are friendly toward IOT to control stack size.

Getting Started

git clone https://github.com/TomzBench/jsmn-web-tokens.git
cd jsmn-web-tokens
git submodule update --init
mkdir build
cd build
cmake ..
make
make install

Configuration Options

  • BUILD_SHARED

    Enable shared library output (IE: /lib/libjsmn-web-tokens.so)

    Default: ON

  • BUILD_STATIC

    Enable static library output (IE: /lib/libjsmn-web-tokens.a)

    Default: ON

  • WITH_SYSTEM_DEPENDENCIES

    jsmn-web-tokens has a crypto library dependency. CMake can find this dependency located on your host system or install directory, - OR - can be configured to download and build this dependency locally (recommended for reproducible builds…). When WITH_SYSTEM_DEPENDENCIES is configured as ON, CMake will not compile the crypto library and therefore you must have this dependency installed already. (IE: sudo apt-get install libssl-dev or equivalent)

    Default: OFF

  • JSMN_MAX_TOKEN_LEN

    jsmn-web-tokens uses the stack to decode and encode tokens. Therefore stack variables must be pre-allocated to support a maximum length. Since jsmn-web-tokens is intended for smaller systems, the default value is set pretty low. If you need to parse very large tokens you should use a different library ;).

    Default: 256

  • JSMN_MAX_TOKENS

    jsmn-web-tokens uses jsmn to parse JSON. (duh!) And jsmn also uses the stack to decode JSON objects. Therefore jsmn-web-tokens must preallocate memory to parse JSON. Symbols such as ‘{‘ and ‘thing’ are called tokens. So you should set this number to the largest amount of tokens you need to parse.

    Default: 64

    Note

    Jsmn “Tokens” are not to be confused with JSON Web “Tokens” :P

  • WITH_CRYPTO

    Select a crypto library backend to link against. Valid options are:

    • MBEDTLS
    • WOLFSSL
    • OPENSSL

    Default: MBEDTLS

  • ENABLE_TESTING

    Build the test suite (Linux Only)

    Default: OFF

Examples

Create some token

int err;
jsmn_token_encode_s token;

// Create token
err = jsmn_token_init(&token, JSMN_ALG_HS256, "{\"sub\":\"%s\",\"iat\":%d}", "user", time(NULL));

if (!err) {
  // Sign token
  err = jsmn_token_sign(&token, "secret", strlen("secret"));

  // Get token
  if (!err) printf("%.*s", jsmn_token_len(&token), jsmn_token_str(&token));
}

Decode some token

const char *jwt = \
   "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."\
   "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ."\
   "SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";

int err;
jsmn_token_decode_s token;

// Decode and validate token
err = jsmn_token_decode(&token, "your-256-bit-secret", JSMN_ALG_HS256, jwt, strlen(jwt));

if (!err) {
  jsmn_value sub, name;
  int iat;

  // Read claims
  jsmn_token_get_claim_str(&token, "sub", &sub);
  jsmn_token_get_claim_str(&token, "name", &name);
  jsmn_token_get_claim_int(&token, "iat", &iat);
  printf("Hello %.*s!", name.len, name.p);
}