x25 / luajwt Goto Github PK
View Code? Open in Web Editor NEWJSON Web Tokens for Lua
License: MIT License
JSON Web Tokens for Lua
License: MIT License
I recently used this library, but I needed the ability to decode a base64 encoded secret using the same rules for JWT's. I modified the script locally to accomplish this.
Would you consider a PR with that change?
I am absolutely new on lua, and so far I am having problem getting the test script to run.
I've installed lua and luarocks (I think..) and I did
sudo luarocks install --server=http://rocks.moonscript.org luajwt
which installed some files under /usr/local/share/lua
$ ls
cjson json2lua.lua lua2json.lua luajwt.lua luarocks
I also see
/usr/local/lib/lua/5.1 $ ls
base64.so cjson.so crypto.so
Now.. when I run the test script it fails on the first line.
$ lua test.lua
lua: test.lua:1: module 'luajwt' not found:
no field package.preload['luajwt']
no file './luajwt.lua'
no file '/usr/share/lua/5.1/luajwt.lua'
no file '/usr/share/lua/5.1/luajwt/init.lua'
no file '/usr/lib64/lua/5.1/luajwt.lua'
no file '/usr/lib64/lua/5.1/luajwt/init.lua'
no file './luajwt.so'
no file '/usr/lib64/lua/5.1/luajwt.so'
no file '/usr/lib64/lua/5.1/loadall.so'
stack traceback:
[C]: in function 'require'
test.lua:1: in main chunk
[C]: ?
So I added the path on LUA_PATH
export LUA_PATH=/usr/local/share/lua/5.1/luajwt.lua
lua test.lua
which now gives..
lua: /usr/local/share/lua/5.1/luajwt.lua:1: loop or previous error loading module 'cjson'
stack traceback:
[C]: in function 'require'
/usr/local/share/lua/5.1/luajwt.lua:1: in main chunk
[C]: in function 'require'
/usr/local/share/lua/5.1/luajwt.lua:1: in main chunk
[C]: in function 'require'
test.lua:1: in main chunk
[C]: ?
Do I need to give all of the dependencies in the PATH individually, or is there a better way?
I'm trying to get luajwt
installed, but am struggling to find the right version of lbase64
.
$ sudo luarocks install --server=http://rocks.moonscript.org luajwt
Installing http://rocks.moonscript.org/luajwt-1.3-2.src.rock...
Using http://rocks.moonscript.org/luajwt-1.3-2.src.rock... switching to 'build' mode
Missing dependencies for luajwt:
lbase64 >= 20120820-1
Error: Could not satisfy dependency: lbase64 >= 20120820-1
$ sudo luarocks install lbase64
Installing https://luarocks.org/lbase64-20120807-3.rockspec...
Using https://luarocks.org/lbase64-20120807-3.rockspec... switching to 'build' mode
Error: Error fetching file: Failed downloading http://www.tecgraf.puc-rio.br/~lhf/ftp/lua/5.2/lbase64.tar.gz
$ sudo luarocks install lbase64 20120820-1
Error: No results matching query were found.
$ sudo luarocks search lbase64
Search results:
===============
Rockspecs and source rocks:
---------------------------
lbase64
20120807-3 (rockspec) - https://luarocks.org
20120807-1 (rockspec) - https://luarocks.org
20120807-1 (src) - https://luarocks.org
20100323-1 (rockspec) - https://luarocks.org
20100323-1 (src) - https://luarocks.org
20070628-1 (rockspec) - https://luarocks.org
20070628-1 (src) - https://luarocks.org
What am I doing wrong?
I'm new to Lua, so please excuse me if this is a dumb newbie question.
I get "Algorithm not supported"
Some other libraries are/were vulnerable to the following:
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
Right now only HMAC algorithms are supported, but RSA based algorithms are on the horizon (see #4).
I would suggest updating the library to deprecate alg
as suggested by Auth0 (see article above)
how to set maximum_expiration value
if exp == nil or exp - time() > maximum_expiration then return false, { exp = "exceeds maximum allowed expiration" } end
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.