ESC
Type to search...
S
Soli Docs

JWT Functions

Create, verify, and decode JSON Web Tokens for authentication.

Token Operations

jwt_sign(payload, secret, options?)

Create a signed JWT token.

Parameters

payload : Hash - The claims to encode in the token
secret : String - The secret key for signing
options : Hash? - Optional settings

Options

expires_in : Int - Token lifetime in seconds
algorithm : String - HS256, HS384, or HS512 (default: HS256)
let token = jwt_sign(
    { "sub": "user123", "role": "admin" },
    "my-secret-key",
    { "expires_in": 3600 }
)
// eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
jwt_verify(token, secret)

Verify and decode a JWT token.

Parameters

token : String - The JWT token to verify
secret : String - The secret key used for signing

Returns

Hash - The payload if valid, or { "error": true, "message": String } if invalid 
let result = jwt_verify(token, "my-secret-key")
if has_key(result, "error") {
    println("Invalid token: " + result["message"])
} else {
    println("User: " + result["sub"])
    println("Role: " + result["role"])
}
jwt_decode(token)

Decode a JWT without verification. Warning: Do not use for authentication - only for inspection.

Parameters

token : String - The JWT token to decode

Returns

Hash - The payload without verification 
// Useful for debugging or extracting public info
let payload = jwt_decode(token)
println(payload["sub"])  // User ID without verification

Common Patterns

Authentication Flow

// Login endpoint
fn login(email: String, password: String) -> Hash {
    let user = User.find_by_email(email)
    if !user || !argon2_verify(password, user["password_hash"]) {
        return { "error": "Invalid credentials" }
    }

    let token = jwt_sign(
        { "sub": str(user["id"]), "role": user["role"] },
        getenv("JWT_SECRET"),
        { "expires_in": 86400 }  // 24 hours
    )

    return { "token": token }
}

// Protected endpoint middleware
fn authenticate(req: Hash) -> Hash? {
    let auth_header = req["headers"]["Authorization"] ?? ""
    if !contains(auth_header, "Bearer ") {
        return null
    }

    let token = substring(auth_header, 7)
    let result = jwt_verify(token, getenv("JWT_SECRET"))

    if has_key(result, "error") {
        return null
    }

    return result
}
Crypto Functions Regex Functions