A payload is a list of tuples (string, string)
:
let payload =
[
("user", "sam");
("age", "17");
]
For the signature algorithm, Jwto
supports HMAC applied to SHA-256 or SHA-512.
We can sign and encode the payload in one go by doing:
Jwto.encode Jwto.HS256 "secret" payload
-->
"eyJhbGciOiJIUzI1NiJ9..."
To decode the token without verifying it, and get a Jwto.t
:
let signed_token =
match Jwto.decode "eyJhbGciOiJIUzI1NiJ9..." with
| Ok t -> t
| Error err -> failwith err
-->
{ header = ...; payload = [...]; signature = ... }
Jwto.is_valid "secret" signed_token
-->
true
To decode and verify the token in one go:
Jwto.decode_and_verify "secret" "eyJhbGciOiJIUzI1NiJ9..."
-->
Ok { header = ...; payload = [...]; signature = ... }
If the verification fails, you will get an Error
.