Swift implementation of JSON Web Token.
CocoaPods is the recommended installation method.
pod 'JSONWebToken'import JWTJWT.encode(["my": "payload"], algorithm: .HS256("secret"))JWT.encode(.HS256("secret")) { builder in
builder.issuer = "fuller.li"
builder.issuedAt = NSDate()
builder["custom"] = "Hi"
}When decoding a JWT, you must supply only one algorithm as a temporary fix (until JWT spec is modified to verify signature with Key ID) for critical vulnerability as identified by Tim McClean in this article
do {
let payload = try JWT.decode("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.2_8pWJfyPup0YwOXK7g9Dn0cF1E3pdn299t4hSeJy5w", algorithm: .HS256("secret"))
print(payload)
} catch {
print("Failed to decode JWT: \(error)")
}The library supports validating the following claims:
- Issuer (
iss) Claim - Expiration Time (
exp) Claim - Not Before (
nbf) Claim - Issued At (
iat) Claim - Audience (
aud) Claim
This library supports the following algorithms:
- None - Unsecured JWTs
- HS256 - HMAC using SHA-256 hash algorithm (default)
- HS384 - HMAC using SHA-384 hash algorithm
- HS512 - HMAC using SHA-512 hash algorithm
JSONWebToken is licensed under the BSD license. See LICENSE for more info.