jwt-rb 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 02d0845090b2815ed11a6036bad8cc226b847827
+  data.tar.gz: 72cf2075c4c70df5ddd29b84df559257e49556f0
+SHA512:
+  metadata.gz: 71305e4d66010d9facdfff2ed64723958f343c2a27d9d6dbb1bfc489b5a2a993cb3f4850698077d49db8acfd82d9fa0307cda87d8ce9cb787e6a87f577ffcfc2
+  data.tar.gz: a574f05e8dc92466c52d90ac48695ca1ea34fb339a218008cc33a5457ec7b83fa1ca29a1a906c06522952434956c9301d54207566b57002c185c8c7d7e6a33e7

data/.gitignore

@@ -0,0 +1,22 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.1.1
+script: "bundle exec rspec spec"

data/Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in jwt-rb.gemspec
+gemspec
+gem 'hashie'

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Luismi Ramirez
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,110 @@
+# Jwt-rb
+[![Code Climate](https://codeclimate.com/github/chupipandi/jwt-rb.png)](https://codeclimate.com/github/chupipandi/jwt-rb) [![Build Status](https://travis-ci.org/chupipandi/jwt-rb.svg?branch=master)](https://travis-ci.org/chupipandi/jwt-rb)
+
+## Installation (Coming soon to ruby gems)
+
+Add this line to your application's Gemfile
+
+    gem 'jwt-rb'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install jwt-rb
+
+## Usage
+
+`jwt-rb` has two methods, one for encoding, one for decoding:
+
+###JWT.encode(payload, key, options)
+
+`payload` is a hash which contains the data we want to embed into the token.
+
+`key` could be a secret string to use in `HMAC` algorithms or a private key for `RSA` algorithms.
+
+`options`:
+
+* `algorithm`: Algorithm to use, default is `HS256`.
+* `claims` (They are optional):
+    * `exp`: Time until the token expires, in seconds.
+    * `aud`: Intended audience of the token.
+    * `iss`: Identifies the issuer of the token.
+    
+####Examples:
+
+Basic token:
+```ruby
+token = JWT.encode({hello: 'world'}, 'thisismysecret')
+```
+
+Token with expiration (24 hours):
+```ruby
+token = JWT.encode({hello: 'world'}, 'thisismysecret', claim: { exp: 86400 })
+```
+
+Token with RSA key:
+```ruby
+private_key = OpenSSL::PKey::RSA.generate(512)
+token = JWT.encode({hello: 'world'}, key, algorithm: 'RS256')
+```
+
+###JWT.decode(token, key, options)
+
+`token` is the JWT string we encoded before.
+
+`key` could be a secret string to use in `HMAC` algorithms or a private key for `RSA` algorithms.
+
+`options`:
+ 
+* `algorithm` : Algorithm to be used to verify the token.
+* `claims`:
+    * `aud`: Audience of the token to verify if it matches with the token.
+    * `iss`: Issuer of the token to verify if it matches with the token.
+
+####Examples:
+
+Basic decoding:
+```ruby
+jwt = 'string containing real jwt token'
+payload, header = JWT.decode(jwt, 'thisismysecret')
+```
+
+Decoding with RSA:
+```ruby
+# private key used to sign the token
+private_key = OpenSSL::PKey::RSA.generate(512)
+jwt = 'string containing real jwt token'
+payload, header = JWT.decode(jwt, private_key.public_key, algorithm: 'RS256')
+```
+
+Decoding a token with claims:
+```ruby
+jwt = 'string containing real jwt token'
+payload, header = JWT.decode(jwt, 'thisismysecret', claims: { aud: 'foo' })
+```
+    
+###Supported Algorithms
+
+Algorithm parameter | Algorithm used
+----------|-------
+HS256 | HMAC using SHA-256 algorithm
+HS384 | HMAC using SHA-384 algorithm
+HS512 | HMAC using SHA-512 algorithm
+RS256 | RSA using SHA-256 algorithm
+RS384 | RSA using SHA-384 algorithm
+RS512 | RSA using SHA-512 algorithm
+        
+## Contributing
+
+1. Fork it ( https://github.com/chupipandi/jwt-rb/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+## License
+
+MIT

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/jwtrb.gemspec

@@ -0,0 +1,22 @@
+# coding: utf-8
+require File.expand_path('../lib/jwt/version', __FILE__)
+
+Gem::Specification.new do |spec|
+  spec.name          = 'jwt-rb'
+  spec.version       = JWT::VERSION
+  spec.authors       = ["ChupipandiCrew"]
+  spec.email         = ["chupi@chupipandi.com"]
+  spec.summary       = %q{Ruby gem to encode/ decode JWT}
+  spec.homepage      = "http://github.com/chupipandi/jwt-rb"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'timecop'
+end

data/lib/jwt/decoder.rb

@@ -0,0 +1,97 @@
+module JWT
+  class Decoder
+    include JWT::Verificator
+    include JWT::Signature
+
+    class << self
+      def decode(jwt, key, options)
+        @algorithm = options[:algorithm] || 'HS256'
+        @jwt       = jwt
+        
+        validate_jwt!
+
+        header, payload, input, signature = decode_token
+        
+        verify_claims!(payload, options[:claims])
+        verify_signature!(key, signature, input)
+
+        [payload, header]
+      end
+
+      private
+
+      def validate_jwt!
+        if parse_token.length != 3
+          fail JWT::DecoderError.new('Invalid number of segments')
+        end
+      end
+
+      def parse_token
+        @jwt.split('.')
+      end
+
+      def decode_token
+        header, payload, signature = parse_token
+
+        input     = [header, payload].join('.') 
+        header    = decode_header(header)
+        payload   = Payload.new(decode_payload(payload))
+        signature = decode_signature(signature)
+
+        [header, payload, input, signature]
+      end
+
+      def decode_header(header)
+        fail JWT::DecoderError.new('Empty header') if header.empty?
+        header = base64_decode(header)
+        JSON.parse(header)
+      end
+
+      def decode_payload(payload)
+        fail JWT::DecoderError.new('Empty payload') if payload.empty?
+        payload = base64_decode(payload)
+        JSON.parse(payload)
+      end
+
+      def decode_signature(signature)
+        base64_decode(signature)
+      end
+
+      def base64_decode(string)
+        string += '=' * (4 - string.length.modulo(4))
+        Base64.decode64(string.tr('-_','+/'))
+      end
+
+      def verify_signature!(key, signature, input)
+        supported_algorithm!(@algorithm)
+
+        parsed_algorithm = parse_algorithm(@algorithm)
+        digest           = generate_digest(parsed_algorithm)
+
+        if @algorithm =~ /^HS/
+          hs_key_format!(key)
+          signed_input = sign_hmac(digest, key, input)
+
+          unless secure_compare(signature, signed_input)
+            fail JWT::VerificationError.new('Signature does not match')
+          end
+        else
+          rs_key_format!(key)
+          verify_rsa(key, digest, signature, input)
+        end
+      end
+
+      # From devise & inspired from ruby-jwt of http://github.com/progrium
+      # constant-time comparison algorithm to prevent timing attacks
+      def secure_compare(a, b)
+        return false if a.nil? || b.nil? || a.empty? || b.empty? || a.bytesize != b.bytesize
+        l = a.unpack "C#{a.bytesize}"
+
+        res = 0
+        b.each_byte { |byte| res |= byte ^ l.shift }
+        res == 0
+      end
+    end
+  end
+end
+

data/lib/jwt/encoder.rb

@@ -0,0 +1,69 @@
+module JWT
+  class Encoder
+    include JWT::Verificator
+    include JWT::Signature
+
+    class << self
+      def encode(payload, key, options)
+        @algorithm = options[:algorithm] || 'HS256'
+        @payload   = Payload.new(payload)
+
+        header    = encode_header
+        payload   = decorate_and_encode_payload(options[:claims] || {})
+        signature = encode_signature(header, payload, key)
+
+        [header, payload, signature].join('.')
+      end
+
+      private
+
+      def encode_header
+        base64_encode(header)
+      end
+
+      def header
+        { typ: 'JWT', alg: @algorithm }.to_json
+      end
+
+      def encode_payload
+        base64_encode(@payload.to_json)
+      end
+
+      def decorate_and_encode_payload(claims)
+        @payload[:iat] = Time.now.to_i
+        @payload[:exp] = @payload[:iat] + claims[:exp] if valid_integer_claim(claims[:exp])
+        @payload[:aud] = claims[:aud] if valid_string_claim(claims[:aud])
+        @payload[:iss] = claims[:iss] if valid_string_claim(claims[:iss])
+
+        encode_payload
+      end
+
+      def base64_encode(string)
+        Base64.encode64(string).tr('+/', '-_').gsub(/[\n=]/, '')
+      end
+
+      def encode_signature(header, payload, key)
+        input     = [header, payload].join('.')
+        signature = sign(input, key)
+
+        base64_encode(signature)
+      end
+
+      def sign(input, key)
+        supported_algorithm!(@algorithm)
+
+        parsed_algorithm = parse_algorithm(@algorithm)
+        digest           = generate_digest(parsed_algorithm)
+
+        if @algorithm =~ /^HS/
+          hs_key_format!(key)
+          sign_hmac(digest, key, input)
+        else
+          rs_key_format!(key)
+          sign_rsa(key, digest, input)
+        end
+      end
+    end
+  end
+end
+

data/lib/jwt/exceptions.rb

@@ -0,0 +1,10 @@
+module JWT
+  class VerificationError < StandardError
+  end
+
+  class InvalidKeyFormatError < StandardError
+  end
+
+  class DecoderError < StandardError
+  end
+end

data/lib/jwt/payload.rb

@@ -0,0 +1,8 @@
+require 'hashie'
+
+module JWT
+  class Payload < Hash
+    include Hashie::Extensions::MergeInitializer
+    include Hashie::Extensions::IndifferentAccess
+  end
+end

data/lib/jwt/signature.rb

@@ -0,0 +1,35 @@
+module JWT
+  module Signature
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+
+      private
+
+      def parse_algorithm(algorithm)
+        algorithm.sub(/^../, 'sha')
+      end
+
+      def generate_digest(parsed_algorithm)
+        OpenSSL::Digest.new(parsed_algorithm)
+      end
+
+      def sign_hmac(digest, key, input)
+        OpenSSL::HMAC.digest(digest, key, input)
+      end
+
+      def sign_rsa(private_key, digest, input)
+        private_key.sign(digest, input)
+         rescue 
+         JWT::VerificationError.new('Your key needs to be able to .sign()')
+      end
+
+      def verify_rsa(public_key, digest, signature, input)
+        fail JWT::VerificationError unless public_key.verify(digest, signature, input)
+      end
+    end
+  end
+end
+

data/lib/jwt/verificator.rb

@@ -0,0 +1,57 @@
+module JWT
+  module Verificator
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+      SUPPORTED_ALGS = %w(HS256 HS384 HS512 RS256 RS384 RS512)
+      private
+
+      def supported_algorithm!(algorithm)
+        if !SUPPORTED_ALGS.include? algorithm
+          fail NotImplementedError.new("#{algorithm} is not supported")
+        end
+      end
+
+      def hs_key_format!(key)
+        fail JWT::InvalidKeyFormatError unless key.is_a? String
+      end
+
+      def rs_key_format!(key)
+        fail JWT::InvalidKeyFormatError unless key.is_a? OpenSSL::PKey::RSA
+      end
+
+      def valid_integer_claim(claim)
+        claim.is_a? Integer
+      end
+
+      def valid_string_claim(claim)
+        claim.is_a? String
+      end
+
+      def verify_claims!(payload, options)
+        validate_expiration(payload[:exp]) if payload[:exp]
+        validate_audience(payload[:aud], options[:aud]) if payload[:aud]
+        validate_issuer(payload[:iss], options[:iss]) if payload[:iss]
+      end
+
+      def validate_expiration(exp)
+        fail JWT::VerificationError.new('JWT Expired') if Time.now.to_i >= exp
+      end
+
+      def validate_audience(aud, given_aud)
+        if given_aud && given_aud != aud
+          fail JWT::VerificationError.new("Invalid Audience. Expected: #{aud}")
+        end
+      end
+
+      def validate_issuer(iss, given_iss)
+        if given_iss && given_iss != iss
+          fail JWT::VerificationError.new("Invalid Issuer. Expected: #{iss}") 
+        end
+      end
+    end
+  end
+end
+

data/lib/jwt/version.rb

@@ -0,0 +1,3 @@
+module JWT
+  VERSION = "0.0.1"
+end

data/lib/jwt.rb

@@ -0,0 +1,24 @@
+require 'jwt/payload'
+require 'jwt/verificator'
+require 'jwt/signature'
+require 'jwt/encoder'
+require 'jwt/decoder'
+require 'jwt/exceptions'
+require 'json'
+require 'base64'
+require 'openssl'
+
+module JWT
+  module ModuleFunctions
+    def encode(payload, key, options = {})
+      Encoder.encode(payload, key, options)
+    end
+
+    def decode(jwt, key, options = {})
+      Decoder.decode(jwt, key, options)
+    end
+  end
+
+  extend ModuleFunctions
+end
+

data/spec/decoder_spec.rb

@@ -0,0 +1,153 @@
+require 'spec_helper'
+
+# All jwt used here have been created by external tools to isolate the tests
+
+describe 'Decoder' do
+  before do
+    @payload = { 'hello' => 'world', 'iat' => 946681200 }
+  end
+
+  describe 'decoding' do
+    it 'decodes a valid JWT using HS' do
+      secret          = 'mysecret'
+      jwt             = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDB9.9OzXVFu0LK4miYiSkWrP5vhzHVtz5DHC8dWalkTah3c'
+      payload, header = JWT.decode(jwt, secret)
+
+      expect(payload).to eq(@payload)
+    end
+
+    it 'decodes a valid JWT using RS' do
+      public_key = OpenSSL::PKey::RSA.new(<<-KEY)
+-----BEGIN PUBLIC KEY-----
+MFswDQYJKoZIhvcNAQEBBQADSgAwRwJAUTQbhg/Hcgq26wY9yOWu9L6OX4fqekqo
+R+YhQUXaJGXhW0tNapTdIwTAycby0cUCXoA/7IYi4SXSKMT0owQxeQIDAQAB
+-----END PUBLIC KEY-----
+      KEY
+
+      jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDB9.A0Qiqmo02gEviZtQW8ESC94oKLXcgCSGnktyxDQZNE0AfSoMJZ9JMEWNjEXyp6k7VEm9nn9ZbEu2GdmAIJz-xw'
+      payload, header = JWT.decode(jwt, public_key, algorithm: 'RS256')
+
+      expect(payload).to eq(@payload)
+    end
+
+    describe 'claims' do
+      it 'validates a JWT with the correct audience' do
+        expected_payload = { 'hello' => 'world', 'iat' => 946681200, 'aud' => 'rubyist' }
+        secret           = 'mysecret'
+        jwt              = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDAsImF1ZCI6InJ1Ynlpc3QifQ.u6DB-dpK5zxZUmgprzXtg5yY4djsLLtIv4EAgE_nWSM'
+
+        payload, header = JWT.decode(jwt, secret, claims: { aud: 'rubyist' })
+
+        expect(payload).to eq(expected_payload)
+      end
+
+      it 'validates a JWT with expiry if it didnt expire yet' do
+        # The expiry is set to 24 hours
+        expected_payload = { 'hello' => 'world', 'iat' => 946681200, 'exp' => 946767600}
+        secret           = 'mysecret'
+        jwt              = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDAsImV4cCI6OTQ2NzY3NjAwfQ.AZ9a_9L8oY95OT7jc019ZxjWc9fcT5chYsZy6QUgzj0'
+
+        # Travel 12 hours in the future
+        Timecop.travel(Time.at(946724400))
+
+        payload, header = JWT.decode(jwt, secret)
+
+        expect(payload).to eq(expected_payload)
+      end
+
+      it 'validates a JWT with the correct issuer' do
+        expected_payload = { 'hello' => 'world', 'iat' => 946681200, 'iss' => 'toni' }
+        secret           = 'mysecret'
+        jwt              = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDAsImlzcyI6InRvbmkifQ.I4EoPQzt97rehCBnU8VTcDH5R2KX6b8Ta1t5bANGorc'
+
+        payload, header = JWT.decode(jwt, secret, claims: { iss: 'toni' })
+
+        expect(payload).to eq(expected_payload)
+      end
+    end
+  end
+
+  describe 'exceptions' do
+    it 'raises an error if you use a string as a key in RS decoding' do
+      secret = 'mysecret'
+      jwt    = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIn0.E0f3M2R4p1_pEmDFp3PZNfXwLp6m3z7MNX468o8gQCYeslnOMdCGvzl1pCJhDs5M7KnaSlvPm_Be3WjYrk8ZDQ'
+
+      expect { JWT.decode(jwt, secret, algorithm: 'RS256') }
+      .to raise_error JWT::InvalidKeyFormatError
+    end
+
+    it 'raises an error if you dont use a string as a key in HS decoding' do
+      key = OpenSSL::PKey::RSA.new(<<-KEY)
+-----BEGIN PUBLIC KEY-----
+MFswDQYJKoZIhvcNAQEBBQADSgAwRwJAUTQbhg/Hcgq26wY9yOWu9L6OX4fqekqo
+R+YhQUXaJGXhW0tNapTdIwTAycby0cUCXoA/7IYi4SXSKMT0owQxeQIDAQAB
+-----END PUBLIC KEY-----
+      KEY
+
+      jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIn0.E0f3M2R4p1_pEmDFp3PZNfXwLp6m3z7MNX468o8gQCYeslnOMdCGvzl1pCJhDs5M7KnaSlvPm_Be3WjYrk8ZDQ'
+
+      expect { JWT.decode(jwt, key) }
+      .to raise_error JWT::InvalidKeyFormatError
+    end
+
+    it 'raises an error if the token doesnt have the correct number of segments' do
+      secret = 'mysecret'
+      jwt    = 'header.payload.signature.hello?'
+
+      expect { JWT.decode(jwt, secret) }
+      .to raise_error JWT::DecoderError
+    end
+
+    it 'raises an error if the token cant be verified with the current secret key' do
+      secret = 'myothersecret'
+      jwt    = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIn0.Gc_-AK7EN0nCQj6egXy525yk_cssK2A2lgX-w2NM90M'
+
+      expect { JWT.decode(jwt, secret) }
+      .to raise_error JWT::VerificationError
+    end
+
+    it 'raises an error if there is no header' do
+      secret = 'myothersecret'
+      jwt    = '.eyJoZWxsbyI6IndvcmxkIn0.Gc_-AK7EN0nCQj6egXy525yk_cssK2A2lgX-w2NM90M'
+
+      expect { JWT.decode(jwt, secret) }
+      .to raise_error JWT::DecoderError
+    end
+
+    it 'raises an error if there is no payload' do
+      secret = 'myothersecret'
+      jwt    = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..Gc_-AK7EN0nCQj6egXy525yk_cssK2A2lgX-w2NM90M'
+
+      expect { JWT.decode(jwt, secret) }
+      .to raise_error JWT::DecoderError
+    end
+
+    it 'raises an error if the audience doesnt match' do
+      secret           = 'mysecret'
+      jwt              = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDAsImF1ZCI6InJ1Ynlpc3QifQ.u6DB-dpK5zxZUmgprzXtg5yY4djsLLtIv4EAgE_nWSM'
+
+      expect { JWT.decode(jwt, secret, claims: { aud: 'phpers' })}
+      .to raise_error JWT::VerificationError
+    end
+
+    it 'raises an error if the issuer doesnt match' do
+      secret           = 'mysecret'
+      jwt              = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDAsImlzcyI6InRvbmkifQ.I4EoPQzt97rehCBnU8VTcDH5R2KX6b8Ta1t5bANGorc'
+
+      expect { JWT.decode(jwt, secret, claims: { iss: 'john' })}
+      .to raise_error JWT::VerificationError
+    end
+
+    it 'raises an error if the token expired' do
+      # The expiry is set to 24 hours
+      secret           = 'mysecret'
+      jwt              = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDAsImV4cCI6OTQ2NzY3NjAwfQ.AZ9a_9L8oY95OT7jc019ZxjWc9fcT5chYsZy6QUgzj0'
+
+      # Travel 24 hours, 1 second in the future
+      Timecop.travel(Time.at(946767601))
+
+      expect { JWT.decode(jwt, secret) }
+      .to raise_error JWT::VerificationError
+    end
+  end
+end

data/spec/encoder_spec.rb

@@ -0,0 +1,96 @@
+require 'spec_helper'
+
+# All expected_jwt used here have been created by external tools to isolate the tests
+
+describe 'Encoder' do
+  before do
+    Timecop.freeze(Time.at(946681200))
+    @payload = { hello: 'world' }
+  end
+
+  describe 'encoding' do
+    it 'encodes a JWT using HS' do
+      secret       = 'mysecret'
+      expected_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDB9.9OzXVFu0LK4miYiSkWrP5vhzHVtz5DHC8dWalkTah3c'
+      jwt          = JWT.encode(@payload, secret)
+
+      expect(jwt).to eq(expected_jwt)
+    end
+
+    it 'encodes a JWT using RS' do
+      key = OpenSSL::PKey::RSA.new(<<-KEY)
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOAIBAAJAUTQbhg/Hcgq26wY9yOWu9L6OX4fqekqoR+YhQUXaJGXhW0tNapTd
+IwTAycby0cUCXoA/7IYi4SXSKMT0owQxeQIDAQABAkBI9IfF6mdGDlpIzVK1K6YE
+PS+spHAFbw3BiwBVpGxYRiumQrZyjKfpPpXw1dM9Qrm0Q3hXPLEzB3Ea/aw3rAAB
+AiEAoGHNoRMeBnMC7mwbi8rf8RFriWpTp91IoFzD+oPV/fECIQCBnb3Tn4Uxccmd
+2L+yoYMottUTVONq8l2YDBQlTG6ECQIgcLBHq0WjcySciqmrMS3664cx5/uti+UP
+gp2rlfnMAgECIAfVedilho5Te0UQCZ4JRv0Z98zgT5JyLZf3+uu6L9/JAiBubUAY
+c1CuIOv3cWDJPNMWI57s1U2WF+zbtIkc1zr5+Q==
+-----END RSA PRIVATE KEY-----
+      KEY
+      jwt          = JWT.encode(@payload, key, algorithm: 'RS256')
+      expected_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDB9.A0Qiqmo02gEviZtQW8ESC94oKLXcgCSGnktyxDQZNE0AfSoMJZ9JMEWNjEXyp6k7VEm9nn9ZbEu2GdmAIJz-xw'
+      expect(jwt).to eq(expected_jwt)
+    end
+
+    it 'can use a payload with string as keys' do
+      payload      = { 'hello' => 'world' }
+      secret       = 'mysecret'
+      expected_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDB9.9OzXVFu0LK4miYiSkWrP5vhzHVtz5DHC8dWalkTah3c'
+      jwt          = JWT.encode(payload, secret)
+
+      expect(jwt).to eq(expected_jwt)
+    end
+
+    it 'can use old ruby hash style' do
+      payload      = { :hello => 'world' }
+      secret       = 'mysecret'
+      expected_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDB9.9OzXVFu0LK4miYiSkWrP5vhzHVtz5DHC8dWalkTah3c'
+      jwt          = JWT.encode(payload, secret)
+
+      expect(jwt).to eq(expected_jwt)
+    end
+
+    describe 'claims' do
+      it 'allows you to set an expiry time' do
+        secret       = 'mysecret'
+        expected_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDAsImV4cCI6OTQ2Njg3MjAwfQ.zbalHdCubQpn_U32jW1dv9L2p3vWSgf-UsKwnEiFxWo'
+        jwt          = JWT.encode(@payload, secret, claims: { exp: 6000 })
+
+        expect(jwt).to eq(expected_jwt)
+      end
+
+      it 'allows you to set an audience' do
+        secret       = 'mysecret'
+        expected_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDAsImF1ZCI6InJ1Ynlpc3QifQ.u6DB-dpK5zxZUmgprzXtg5yY4djsLLtIv4EAgE_nWSM'
+        jwt          = JWT.encode(@payload, secret, claims: { aud: 'rubyist' })
+
+        expect(jwt).to eq(expected_jwt)
+      end
+
+      it 'allows you to set an issuer' do
+        secret       = 'mysecret'
+        expected_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0Ijo5NDY2ODEyMDAsImlzcyI6InRvbmkifQ.I4EoPQzt97rehCBnU8VTcDH5R2KX6b8Ta1t5bANGorc'
+        jwt          = JWT.encode(@payload, secret, claims: { iss: 'toni' })
+
+        expect(jwt).to eq(expected_jwt)
+      end
+    end
+  end
+
+  describe 'exceptions' do
+    it 'raises NotImplementedError using a fake signature' do
+      secret = 'mysecret'
+      expect { JWT.encode(@payload, secret, algorithm: 'HS9888889') }
+        .to raise_error NotImplementedError
+    end
+
+    it 'raises an error if you dont use a private key on RS algorithms' do
+      secret = 'mysecret'
+      expect { JWT.encode(@payload, secret, algorithm: 'RS256') }
+        .to raise_error JWT::InvalidKeyFormatError
+    end
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,5 @@
+require 'bundler/setup'
+Bundler.setup
+
+require 'jwt'
+require 'timecop'

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: jwt-rb
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- ChupipandiCrew
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-07-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- chupi@chupipandi.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- jwtrb.gemspec
+- lib/jwt.rb
+- lib/jwt/decoder.rb
+- lib/jwt/encoder.rb
+- lib/jwt/exceptions.rb
+- lib/jwt/payload.rb
+- lib/jwt/signature.rb
+- lib/jwt/verificator.rb
+- lib/jwt/version.rb
+- spec/decoder_spec.rb
+- spec/encoder_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/chupipandi/jwt-rb
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.3.0
+signing_key: 
+specification_version: 4
+summary: Ruby gem to encode/ decode JWT
+test_files:
+- spec/decoder_spec.rb
+- spec/encoder_spec.rb
+- spec/spec_helper.rb