🪪 Radikant-JWT-C

A small c library that with no external dependencies other than Radikant’s Crypto, Json. This library can be used to mint, sign and verify JWT (Json Web Tokens). The API is designed for simplicity. It is currently used by Radikant-Firebase-C and other database libs that need auth.

Digital signature algorithms

Sign and verify JWT’s

ES-SHA

ECDSA

ES256
ES384
ES512

RS-SHA

RSASSA-PKCS1-v1_5

RS256
RS384
RS512

PS-SHA

RSASSA-PSS

PS256
PS384
PS512

HS-SHA

HMAC-SHA

HS256
HS384
HS512

Encoding

    jwt_payload_t* payload = jwt_payload_new();
    jwt_payload_set_subject(payload, "user-123");
    jwt_payload_set_issued_at(payload, (time_t)1678886400);
    jwt_payload_add_string(payload, "name", "Charlie Elbakry");
    jwt_payload_add_string(payload, "email", "charlie@radikant.nl");
    jwt_payload_add_string(payload, "group", "raid");
    jwt_payload_add_string(payload, "project", "Radikant");
    jwt_payload_add_bool(payload, "admin", 1);
 
    jwt_sign_es256(payload, priv_key, out_jwt);
    jwt_verify_es256(signed_jwt, pub_key, &decoded_token);
 
    jwt_payload_free(payload);

--- JWT VERIFY AND GET CLAIMS EXAMPLE --- Verifying token: eyJhbGciOiJFUzI1Ni--- Verification SUCCESS! --- ALL CLAIMS (via jwt_print) --- === HEADER === { "alg": "ES256", "typ": "JWT" } === PAYLOAD (CLAIMS) === { "sub": "user-123", "iat": 1.67889e+09, "name": "Charlie Elbakry", "email": "charlie@radikant.nl", "group": "raid", "project": "Radikant", "admin": true } --- EXTRACTING SPECIFIC CLAIMS --- sub : user-123 (ret: 0) iat : 1678886400 (ret: 0) name : Charlie Elbakry (ret: 0) email : charlie@radikant.nl (ret: 0) group : raid (ret: 0) project : Radikant (ret: 0) admin : true (ret: 0) --- EXAMPLE LOGIC --- >>> Access Granted: User is an admin! <<<

Mint (Create) & Encode: The library allows users to initialize a new token object and inject "claims" (key-value pairs like User ID, Role, or Expiration). It then serializes this JSON data into the standard Base64URL-encoded string format (Header.Payload.Signature).

Decoding

#include <radikant-jwt-c.h>
 
int main() {
    const char *jwt_str = "eyJhbGciOiJFUzI1NiIs...";
    uint8_t pub_key[64] = { 0x2C, 0x37, ... };
 
    struct jwt_decoded *decoded_token = NULL;
    int verify_ret = jwt_verify_es256(jwt_str, pub_key, &decoded_token);
 
    if (verify_ret == JWT_SUCCESS) {
        printf("  [INFO] Verification successful!\n");
        jwt_print(decoded_token);
 
        int bool_val = 0;
        int ret = jwt_payload_get_bool(decoded_token->payload, "admin", &bool_val);
        if (ret == JWT_SUCCESS && bool_val) {
            printf(">>> Access Granted: User is an admin! <<<\n");
        }
    }
 
    jwt_free_decoded(decoded_token);
    return 0;
}

[DEBUG] Verifying JWT... [INFO] Verification successful! === HEADER === { "alg": "ES256", "typ": "JWT" } === PAYLOAD (CLAIMS) === { "sub": "user-123", "iat": 1.67889e+09, "name": "Charlie Elbakry", "email": "charlie@radikant.nl", "group": "raid", "project": "Radikant", "admin": true } >>> Access Granted: User is an admin! <<<

This library allows users to decode a token and extract claims from the token.

Claims

const char* str_val = NULL;
double num_val = 0;
int ret;
 
ret = jwt_payload_get_string(decoded_token->payload, "sub", &str_val);
printf("  sub       : %s (ret: %d)\n", (ret == 0) ? str_val : "NOT FOUND", ret); 
 
ret = jwt_payload_get_number(decoded_token->payload, "iat", &num_val);
printf("  iat       : %.0f (ret: %d)\n", (ret == 0) ? num_val : 0, ret); 
 
ret = jwt_payload_get_string(decoded_token->payload, "name", &str_val);
printf("  name      : %s (ret: %d)\n", (ret == 0) ? str_val : "NOT FOUND", ret); 
 
ret = jwt_payload_get_string(decoded_token->payload, "email", &str_val);
printf("  email     : %s (ret: %d)\n", (ret == 0) ? str_val : "NOT FOUND", ret);

It is possible extract claims directly from the decoded jwt.