Kitura Logo

KITURA

Kitura Logo

KITURA

Signing and verifying JWTs with HMAC

You can process JWTs using a Hashed Message Authentication Code (HMAC). This uses a shared symmetric key as a password for both signing and verifying. This is simple and fast but requires a secure method of sending the password to the verifier.

Step 1: Create your JWTSigner

The JWTSigner is used to sign a JWT instance and produce a signed JWT string.

Inside the App extension, create an HMAC JWTSigner by providing a password:

static let jwtSigner = JWTSigner.hs256(key: Data("kitura".utf8))

Step 2: Create your JWTVerifier

The JWTVerifier is used to verify a signed JWT string. This ensures the signature was generated using the same password and the JWT has not been changed.

Inside the App extension, we create an HMAC JWTVerifier by providing the same password as before:

static let jwtVerifier = JWTVerifier.hs256(key: Data("kitura".utf8))

Now you can return to the JSON Web Token Authentication guide.