Create and verify JSON Web Tokens with deno.
Takes a header
, payload
and key
and returns the url-safe encoded jwt
.
import { create } from "https://deno.land/x/djwt@$VERSION/mod.ts"
const jwt = await create({ alg: "HS512", typ: "JWT" }, { foo: "bar" }, "secret")
// eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.WePl7achkd0oGNB8XRF_LJwxlyiPZqpdNgdKpDboAjSTsWq-aOGNynTp8TOv8KjonFym8vwFwppXOLoLXbkIaQ
Takes a jwt
, key
and an algorithm
and returns the payload
of the jwt
if the jwt
is valid. Otherwise it throws an Error
.
import { verify } from "https://deno.land/x/djwt@$VERSION/mod.ts"
const payload = await verify(jwt, "secret", "HS512") // { foo: "bar" }
Takes a jwt
to return an object with the header
, payload
and signature
properties if the jwt
is valid. Otherwise it throws an Error
.
import { decode } from "https://deno.land/x/djwt@$VERSION/mod.ts"
const jwt =
"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.WePl7achkd0oGNB8XRF_LJwxlyiPZqpdNgdKpDboAjSTsWq-aOGNynTp8TOv8KjonFym8vwFwppXOLoLXbkIaQ"
const { payload, signature, header } = decode(jwt)
// { header: { alg: "HS512", typ: "JWT" }, payload: { foo: "bar" }, signature: "59e3e5eda72191dd2818d07c5d117f2c9c3197288f66aa5d36074aa436e8023493b16abe68e18dca74e9f133aff0a8e89c5ca6f2fc05c29a5738ba0b5db90869" }
This helper function simplifies setting a
NumericDate. It takes either a
Date
object or a number
(in seconds) and returns the number of seconds from
1970-01-01T00:00:00Z UTC until the specified UTC date/time.
// A specific date:
getNumericDate(new Date("2025-07-01"))
// One hour from now:
getNumericDate(60 * 60)
The optional exp claim in the payload identifies the expiration time on or after which the JWT must not be accepted for processing. Its value must be a number containing a NumericDate value. This module checks if the current date/time is before the expiration date/time listed in the exp claim.
const jwt = await create(header, { exp: getNumericDate(60 * 60) }, "secret")
The optional nbf (not before) claim identifies the time before which the jwt must not be accepted for processing. Its value must be a number containing a NumericDate value.
The following signature and MAC algorithms have been implemented:
- HS256 (HMAC SHA-256)
- HS512 (HMAC SHA-512)
- RS256 (RSASSA-PKCS1-v1_5 SHA-256)
- none (Unsecured JWTs).
This application uses the JWS Compact Serialization only.