NoWayJose

Rust NIF for JWT signing

Features

In its current state, this library only supports signing JWTs using the RS512 algo with a DER encoded RSA private key.

Installation

def deps do
  [
    {:no_way_jose, "~> 0.1.0"}
  ]
end

Generating a key

In order to sign a JWT an RSA private key must be provided. The key must be DER encoded.

Generate an RSA public/private key pair

ssh-keygen -m PEM -t rsa -b 4096 -f private.pem
# Don't add passphrase

Convert the PEM to DER

openssl rsa -in private.pem -outform DER -out private.der

Optionally, you can extract the DER data from a PEM encoded private key in code using the following:

{:ok, key} = File.read("private.pem")
[{:RSAPrivateKey, der, _}] = :public_key.pem_decode(key)

Basic usage

# Get the private signing key
{:ok, key} = File.read("private.der")

# Build your claims
claims = %{
  "exp" => 1571065163,
  "iat" => 1571061563,
  "iss" => "example.com",
  "jti" => "a3a31258-2450-490b-86ed-2b8e67f91e20",
  "nbf" => 1571061563,
  "scopes" => [
    "posts.r+w",
    "comments.r+w"
  ],
  "sub" => "4d3796ca-19e0-40e6-97fe-060c0b7e3ce3"
}

# Sign the claims into a JWT
{:ok, token} = NoWayJose.sign(claims, key)

Documentation

Documentation can be be found at https://hexdocs.pm/no_way_jose.

Roadmap

Please check the Roadmap if you're curious about the future of this project.

Etymology

A rhyming play on words to indicate that this library does not depend on JOSE.

License

Apache 2.0