JWT usage

Generating JWT

Use signJwt to generate a JWT signed by an account provided in arguments.

import { AccountMemory, signJwt } from '@aeternity/aepp-sdk';

const account = AccountMemory.generate();
const payload = { test: 'data' };
const jwt = await signJwt(payload, account);

Provide sub_jwk: undefined in payload to omit signer public key added by default. Do it to make JWT shorter.

const jwt = await signJwt({ test: 'data', sub_jwk: undefined }, account);

Or if you using a different way to encode a signer address.

const payload = {
  test: 'data',
  sub_jwk: undefined,
  address: 'ak_21A27UVVt3hDkBE5J7rhhqnH5YNb4Y1dqo4PnSybrH85pnWo7E',
};
const jwt = await signJwt(payload, account);

Verifying JWT

Let's assume we got a JWT as string. Firstly we need to ensure that it has the right format.

After that we can pass JWT to other SDK's methods, for example to get JWT payload and signer address in case JWT has the signer public key included in "sub_jwk".

unpackJwt will also check the JWT signature in this case.

Alternatively, if "sub_jwk" is not included then we can provide signer address to unpackJwt.

If we need to a get signer address based on JWT payload then we need to unpack it without checking the signature. Don't forget to check signature after that using verifyJwt.