pgjwt: JSON Web Tokens
The pgjwt (PostgreSQL JSON Web Token) extension allows you to create and parse JSON Web Tokens (JWTs) within a PostgreSQL database. JWTs are commonly used for authentication and authorization in web applications and services.
Enable the extension
API
sign(payload json, secret text, algorithm text default 'HSA256'): Signs a JWT containing payload with secret using algorithm.verify(token text, secret text, algorithm text default 'HSA256'): Decodes a JWT token that was signed with secret using algorithm.
Where:
payloadis an encrypted JWT represented as a string.secretis the private/secret passcode which is used to sign the JWT and verify its integrity.algorithmis the method used to sign the JWT using the secret.tokenis an encrypted JWT represented as a string.
Usage
Once the extension is installed, you can use its functions to create and parse JWTs. Here's an example of how you can use the sign function to create a JWT:
_10select_10 extensions.sign(_10 payload := '{"sub":"1234567890","name":"John Doe","iat":1516239022}',_10 secret := 'secret',_10 algorithm := 'HS256'_10 );
The pgjwt_encode function returns a string that represents the JWT, which can then be safely transmitted between parties.
_10 sign_10---------------------------------_10 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpX_10 VCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiw_10 ibmFtZSI6IkpvaG4gRG9lIiwiaWF0Ijo_10 xNTE2MjM5MDIyfQ.XbPfbIHMI6arZ3Y9_10 22BhjWgQzWXcXNrz0ogtVhfEd2o_10(1 row)
To parse a JWT and extract its claims, you can use the verify function. Here's an example:
_10select_10 extensions.verify(_10 token := 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiRm9vIn0.Q8hKjuadCEhnCPuqIj9bfLhTh_9QSxshTRsA5Aq4IuM',_10 secret := 'secret',_10 algorithm := 'HS256'_10 );
Which returns the decoded contents and some associated metadata.
_10 header | payload | valid_10-----------------------------+----------------+-------_10 {"alg":"HS256","typ":"JWT"} | {"name":"Foo"} | t_10(1 row)
Resources
- Official
pgjwtdocumentation