jwt - JSON Web Tokens

Requires: OpenSSL (auto-installed via minks install kse_jwt)

#include "kse_jwt"

HS256 sign, verify, and decode. No libcurl dependency - only OpenSSL is needed.

Method	Args	Out	Description
`JWT:Sign`	`payloadJSON, secret`	String	HS256-sign payload JSON → token string
`JWT:Verify`	`token, secret`	Boolean	`true` if signature valid and `exp` (if present) has not passed
`JWT:Decode`	`token`	String	`{"header":{...},"payload":{...}}` - no signature check
`JWT:Claims`	`token`	String	Payload JSON only - no signature check
`JWT:Header`	`token`	String	Header JSON only - no signature check
`JWT:Expired`	`token`	Boolean	`true` if `exp` claim is in the past - no signature check

Throws JWTException on a malformed token. See Object - Exception.

Var:String token;
Var:Boolean ok;
Var:String claims;
Var:Boolean expired;

JWT:Sign("{\"sub\":\"user42\",\"exp\":9999999999}", "my-secret", token);
Konsol:Print(token);

JWT:Verify(token, "my-secret", ok);
Konsol:Print("valid: ${ok}");    // valid: true

JWT:Claims(token, claims);
Konsol:Print(claims);            // {"sub":"user42","exp":9999999999}

JWT:Expired(token, expired);
Konsol:Print("expired: ${expired}");   // expired: false

// Use with Curl:
Var:String response;
Curl:SetHeader("Authorization", "Bearer " + token);
Curl:Get("https://api.example.com/profile", response);

Examples

// test_jwt.ks - JWT plugin tests
//
// After installing:
//   minks install kse_jwt   (run once from inside jwt_plugin/)
//   minks test_jwt.ks
//
// Without installing (load from current directory):
//   minks --plugin-path . test_jwt.ks

#include "kse_jwt"

Konsol:Print("=== JWT Plugin Test ===");
Konsol:Print("");

Var:String secret  = "super-secret-key";
Var:String payload = "{\"sub\":\"user42\",\"role\":\"admin\",\"exp\":9999999999}";

// -- Sign ---------------------------------------------------------------------

Var:String token;
JWT:Sign(payload, secret, token);
Konsol:Print("Token:");
Konsol:Print(token);
Konsol:Print("");

// -- Verify -------------------------------------------------------------------

Var:Boolean ok;

JWT:Verify(token, secret, ok);
Konsol:Print("Valid signature (correct secret): ${ok}");   // true

JWT:Verify(token, "wrong-secret", ok);
Konsol:Print("Valid signature (wrong secret)  : ${ok}");   // false
Konsol:Print("");

// -- Decode -------------------------------------------------------------------

Var:String decoded;
JWT:Decode(token, decoded);
Konsol:Print("Decoded:");
Konsol:Print(decoded);
Konsol:Print("");

// -- Claims / Header ----------------------------------------------------------

Var:String claims;
Var:String header;

JWT:Claims(token, claims);
Konsol:Print("Claims: ${claims}");

JWT:Header(token, header);
Konsol:Print("Header: ${header}");
Konsol:Print("");

// -- Expiry check -------------------------------------------------------------

Var:Boolean expired;

JWT:Expired(token, expired);
Konsol:Print("Expired (exp=9999999999): ${expired}");   // false

Var:String pastToken;
JWT:Sign("{\"sub\":\"old\",\"exp\":1}", secret, pastToken);
JWT:Expired(pastToken, expired);
Konsol:Print("Expired (exp=1)         : ${expired}");   // true
Konsol:Print("");

// -- Malformed token ----------------------------------------------------------

Konsol:Print("--- malformed token");
try {
    JWT:Claims("not.a.jwt", claims);
} catch (JWTException e) {
    Konsol:Print("Caught JWTException: ${e.message}");
}

Konsol:Print("");
Konsol:Print("=== done ===");

Building from source

Only OpenSSL is required - libcurl is not needed. On MSYS2, OpenSSL is typically already present as a dependency of curl - check with pkg-config --exists openssl && echo found before installing.

Platform	Command
Debian/Ubuntu	`sudo apt install libssl-dev`
Fedora/RHEL	`sudo dnf install openssl-devel`
macOS	`brew install openssl`
MSYS2 MINGW64	`pacman -S mingw-w64-x86_64-openssl`
MSYS2 UCRT64	`pacman -S mingw-w64-ucrt-x86_64-openssl`
MSYS2 CLANG64	`pacman -S mingw-w64-clang-x86_64-openssl`
MSYS2 CLANGARM64	`pacman -S mingw-w64-clang-aarch64-openssl`

The Makefile auto-detects via pkg-config. For native Windows, download Win64 OpenSSL and override OPENSSL_DIR if not using the default (C:/OpenSSL-Win64):

make -C jwt_plugin OPENSSL_DIR="C:/your/openssl"