SegFault

JWT-CPP

A header only library for creating and validating json web tokens in C++.

jwt-cpp

JSON Web Token is a JSON-based open standard for creating access tokens that assert some number of claims. For example, a server could generate a token that has the claim "logged in as admin" and provide that to a client. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.

JWT-CPP is an easy to use C++ library which allows both creation and validation of most signature algorithms in the standard.

It is an header-only library whose only dependency is OpenSSL. This allows an easy integration into existing software and prevents problems with app distribution.

It's really easy to create and validate tokens. This is an example of decoding an token and printing all its claims:

#include <jwt-cpp/jwt.h>
#include <iostream>
int main(int argc, const char** argv) {
	std::string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE";
	auto decoded = jwt::decode(token);
	for(auto& e : decoded.get_payload_claims())
		std::cout << e.first << " = " << e.second.to_json() << std::endl;
}

In order to validate an token you first need to create an verifier where you define all supported algorithms and add checks for claims:

auto verifier = jwt::verify()
	.allow_algorithm(jwt::algorithm::hs256{ "secret" })
	.with_issuer("auth0");

Once done you can use it to verify any number of tokens. Since verifing does not modify the verifier you can reuse it as often as you like.

verifier.verify(decoded_token);

Creating and signing a token is just as easy:

auto token = jwt::create()
	.set_issuer("auth0")
	.set_type("JWS")
	.set_payload_claim("sample", std::string("test"))
	.sign(jwt::algorithm::hs256{"secret"});