File Coverage

blib/lib/Crypt/JWT.pm

Criterion	Covered	Total	%
statement	437	487	89.7
branch	291	432	67.3
condition	83	175	47.4
subroutine	41	41	100.0
pod	2	2	100.0
total	854	1137	75.1

line	stmt	bran	cond	sub	pod	time	code
1							package Crypt::JWT;
2
3	7			7		418992	use strict;
	7					69
	7					213
4	7			7		34	use warnings;
	7					16
	7					295
5
6							our $VERSION = '0.035';
7
8	7			7		38	use Exporter 'import';
	7					16
	7					592
9							our %EXPORT_TAGS = ( all => [qw(decode_jwt encode_jwt)] );
10							our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
11							our @EXPORT = qw();
12
13	7			7		50	use Carp;
	7					46
	7					553
14	7			7		3570	use Crypt::Misc qw(decode_b64u encode_b64u);
	7					149374
	7					596
15	7			7		56	use JSON qw(decode_json encode_json);
	7					15
	7					41
16	7			7		5275	use Crypt::PK::RSA;
	7					23716
	7					327
17	7			7		4051	use Crypt::PK::ECC;
	7					23471
	7					354
18	7			7		3352	use Crypt::PK::Ed25519;
	7					12165
	7					336
19	7			7		3288	use Crypt::PK::X25519;
	7					10738
	7					384
20	7			7		52	use Crypt::PRNG qw(random_bytes);
	7					45
	7					358
21	7			7		3046	use Crypt::KeyWrap ':all';
	7					19
	7					1158
22	7			7		54	use Crypt::AuthEnc::GCM qw(gcm_encrypt_authenticate gcm_decrypt_verify);
	7					14
	7					336
23	7			7		3271	use Crypt::Mac::HMAC qw(hmac);
	7					8597
	7					374
24	7			7		4664	use Compress::Raw::Zlib;
	7					39734
	7					1556
25	7			7		60	use Scalar::Util qw(looks_like_number);
	7					13
	7					55267
26
27							# JWS: https://tools.ietf.org/html/rfc7515
28							# JWE: https://tools.ietf.org/html/rfc7516
29							# JWK: https://tools.ietf.org/html/rfc7517
30							# JWA: https://tools.ietf.org/html/rfc7518
31							# JWT: https://tools.ietf.org/html/rfc7519
32							# X25519/Ed25519 https://tools.ietf.org/html/rfc8037
33
34							sub _prepare_rsa_key {
35	87			87		168	my ($key) = @_;
36	87	50				179	croak "JWT: undefined RSA key" unless defined $key;
37	87	100				469	croak "JWT: invalid RSA key (cannot be scalar)" unless ref $key;
38							# we need Crypt::PK::RSA object
39	86	100				215	return $key if ref($key) eq 'Crypt::PK::RSA';
40	38	50	66			239	return Crypt::PK::RSA->new($key) if ref($key) eq 'HASH' \|\| ref($key) eq 'SCALAR';
41	0	0				0	return Crypt::PK::RSA->new(@$key) if ref($key) eq 'ARRAY';
42							# handle also: Crypt::OpenSSL::RSA, Crypt::X509, Crypt::OpenSSL::X509
43	0					0	my $str;
44	0	0				0	if (ref($key) eq 'Crypt::OpenSSL::RSA') {
		0
45							# https://metacpan.org/pod/Crypt::OpenSSL::RSA
46	0	0				0	$str = $key->is_private ? $key->get_private_key_string : $key->get_public_key_string;
47							}
48							elsif (ref($key) =~ /^Crypt::(X509\|OpenSSL::X509)$/) {
49							# https://metacpan.org/pod/Crypt::X509
50							# https://metacpan.org/pod/Crypt::OpenSSL::X509
51	0					0	$str = $key->pubkey;
52							}
53	0	0	0			0	return Crypt::PK::RSA->new(\$str) if defined $str && !ref($str);
54	0					0	croak "JWT: invalid RSA key";
55							}
56
57							sub _prepare_ecc_key {
58	13			13		27	my ($key) = @_;
59	13	50				33	croak "JWT: undefined ECC key" unless defined $key;
60	13	100				170	croak "JWT: invalid ECC key (cannot be scalar)" unless ref $key;
61							# we need Crypt::PK::ECC object
62	12	100				40	return $key if ref($key) eq 'Crypt::PK::ECC';
63	4	50	33			34	return Crypt::PK::ECC->new($key) if ref($key) eq 'HASH' \|\| ref($key) eq 'SCALAR';
64	0	0				0	return Crypt::PK::ECC->new(@$key) if ref($key) eq 'ARRAY';
65	0					0	croak "JWT: invalid ECC key";
66							}
67
68							sub _prepare_ed25519_key {
69	2			2		4	my ($key) = @_;
70	2	50				6	croak "JWT: undefined Ed25519 key" unless defined $key;
71	2	50				6	croak "JWT: invalid Ed25519 key (cannot be scalar)" unless ref $key;
72							# we need Crypt::PK::Ed25519 object
73	2	50				6	return $key if ref($key) eq 'Crypt::PK::Ed25519';
74	2	50	33			22	return Crypt::PK::Ed25519->new($key) if ref($key) eq 'HASH' \|\| ref($key) eq 'SCALAR';
75	0	0				0	return Crypt::PK::Ed25519->new(@$key) if ref($key) eq 'ARRAY';
76	0					0	croak "JWT: invalid Ed25519 key";
77							}
78
79							sub _prepare_ecdh_key {
80	57			57		102	my ($key) = @_;
81	57	50				134	croak "JWT: undefined ECDH key" unless defined $key;
82	57	50				135	croak "JWT: invalid ECDH key (cannot be scalar)" unless ref $key;
83
84							# we need Crypt::PK::X25519 or Crypt::PK::ECC object
85	57	100				254	return $key if ref($key) =~ /^Crypt::PK::(ECC\|X25519)$/;
86
87	9	50	33			27	if (ref($key) eq 'HASH' \|\| ref($key) eq 'SCALAR') {
88							#HACK: this is ugly
89	9		66			18	my $rv = eval { Crypt::PK::ECC->new($key) } \|\| eval { Crypt::PK::X25519->new($key) };
90	9	50				43075	return $rv if defined $rv;
91							}
92	0	0				0	if (ref($key) eq 'ARRAY') {
93							#HACK: this is ugly
94	0		0			0	my $rv = eval { Crypt::PK::ECC->new(@$key) } \|\| eval { Crypt::PK::X25519->new(@$key) };
95	0	0				0	return $rv if defined $rv;
96							}
97	0					0	croak "JWT: invalid ECDH key";
98							}
99
100							sub _prepare_oct_key {
101	254			254		447	my ($key) = @_;
102	254	50				519	croak "JWT: undefined oct key" unless defined $key;
103	254	100	66			886	if (ref $key eq 'HASH' && $key->{k} && $key->{kty} && $key->{kty} eq 'oct') {
		50	33
			33
104	7					47	return decode_b64u($key->{k});
105							}
106							elsif (!ref $key) {
107	247					949	return $key;
108							}
109	0					0	croak "JWT: invalid oct key";
110							}
111
112							sub _kid_lookup {
113	4			4		11	my ($kid, $kid_keys, $alg) = @_;
114	4	50	33			16	return undef if !defined $kid \|\| !defined $alg;
115	4	100	66			15	$kid_keys = eval { decode_json($kid_keys) } if $kid_keys && !ref $kid_keys;
	2					17
116	4	50				13	croak "JWT: kid_keys must be a HASHREF or a valid JSON/HASH" if ref $kid_keys ne 'HASH';
117	4					5	my $found;
118	4	50	33			22	if (exists $kid_keys->{keys} && ref $kid_keys->{keys} eq 'ARRAY') {
119							#FORMAT: { keys => [ {kid=>'A', kty=>?, ...}, {kid=>'B', kty=>?, ...} ] }
120	4					6	for (@{$kid_keys->{keys}}) {
	4					11
121	8	100	33			39	if ($_->{kid} && $_->{kty} && $_->{kid} eq $kid) {
			66
122	4					7	$found = $_;
123	4					8	last;
124							}
125							}
126							}
127							else {
128							#FORMAT: { hexadec1 => "----BEGIN CERTIFICATE-----...", hexadec2 => "----BEGIN CERTIFICATE-----..." }
129							#e.g. https://www.googleapis.com/oauth2/v1/certs
130	0	0	0			0	return \$kid_keys->{$kid} if $kid_keys->{$kid} && !ref $kid_keys->{$kid};
131							}
132	4	50				9	return undef if !$found;
133	4	50	33			33	return $found if $found->{kty} eq 'oct' && $alg =~ /^(HS\|dir\|PBES2-HS\|A)/;
134	0	0	0			0	return $found if $found->{kty} eq 'OKP' && $alg =~ /^(EdDSA\|ECDH-ES)/;
135	0	0	0			0	return $found if $found->{kty} eq 'EC' && $alg =~ /^(ES\|EC)/;
136	0	0	0			0	return $found if $found->{kty} eq 'RSA' && $alg =~ /^(RS\|PS)/;
137	0					0	croak "JWT: key type '$found->{kty}' cannot be used with alg '$alg'";
138							}
139
140							sub _b64u_to_hash {
141	279			279		509	my $b64url = shift;
142	279	50				650	return undef unless $b64url;
143	279					1130	my $json = decode_b64u($b64url);
144	279	50				571	return undef unless $json;
145	279					459	my $hash = eval { decode_json($json) };
	279					1584
146	279	50				830	return undef unless ref $hash eq 'HASH';
147	279					513	return $hash;
148							}
149
150							sub _add_claims {
151	19			19		51	my ($payload, %args) = @_;
152							#### claims (defined for JWS only)
153							# "exp" Expiration Time
154							# "nbf" Not Before
155							# "iat" Issued At
156							# "iss" Issuer
157							# "sub" Subject
158							# "aud" Audience
159							# "jti" JWT ID
160	19					37	my $now = time;
161	19	100				47	$payload->{iat} = $now if $args{auto_iat};
162	19	100				43	$payload->{exp} = $now + $args{relative_exp} if defined $args{relative_exp};
163	19	100				56	$payload->{nbf} = $now + $args{relative_nbf} if defined $args{relative_nbf};
164							}
165
166							sub _verify_claims {
167	267			267		821	my ($payload, %args) = @_;
168
169	267	100				697	return if $args{ignore_claims};
170
171	266	100				643	if (ref($payload) ne 'HASH') {
172							# https://github.com/DCIT/perl-Crypt-JWT/issues/31
173							# payload needs to be decoded into a HASH for checking any verify_XXXX
174	206					474	for my $claim (qw(exp nbf iat iss sub aud jti)) {
175	1430	100	100			2999	if (defined $args{"verify_$claim"} && $args{"verify_$claim"} != 0) {
176	2					269	croak "JWT: cannot check verify_$claim (payload not decoded JSON/HASH)";
177							}
178							}
179	204					518	return; # nothing to check
180							}
181
182	60		100			204	my $leeway = $args{leeway} \|\| 0;
183	60					106	my $now = time;
184
185							### exp
186	60	100	33			152	if(defined $payload->{exp}) {
		50
187	45	100	100			141	if (!defined $args{verify_exp} \|\| $args{verify_exp}==1) {
188	41	100				899	croak "JWT: exp claim check failed ($payload->{exp}/$leeway vs. $now)" if $payload->{exp} + $leeway <= $now;
189							}
190							}
191							elsif ($args{verify_exp} && $args{verify_exp}==1) {
192	0					0	croak "JWT: exp claim required but missing"
193							}
194
195							### nbf
196	53	100	33			136	if(defined $payload->{nbf}) {
		50
197	30	100	100			100	if (!defined $args{verify_nbf} \|\| $args{verify_nbf}==1) {
198	29	100				440	croak "JWT: nbf claim check failed ($payload->{nbf}/$leeway vs. $now)" if $payload->{nbf} - $leeway > $now;
199							}
200							}
201							elsif ($args{verify_nbf} && $args{verify_nbf}==1) {
202	0					0	croak "JWT: nbf claim required but missing"
203							}
204
205							### iat
206	50	100				101	if (exists $args{verify_iat}) { #default (non existing verify_iat) == no iat check
207	4	50	0			11	if(defined $payload->{iat}) {
		0
208	4	100	100			19	if (!defined $args{verify_iat} \|\| $args{verify_iat}==1) {
209	3	100				300	croak "JWT: iat claim check failed ($payload->{iat}/$leeway vs. $now)" if $payload->{iat} - $leeway > $now;
210							}
211							}
212							elsif ($args{verify_iat} && $args{verify_iat}==1) {
213	0					0	croak "JWT: iat claim required but missing"
214							}
215							}
216
217							### iss, sub, aud, jti
218	48					94	foreach my $claim (qw(iss sub aud jti)) {
219	165					285	my $check = $args{"verify_$claim"};
220	165	100				331	next unless (defined $check);
221
222	47	100				75	if (exists $payload->{$claim}) {
223	43	100				97	if (ref $check eq 'Regexp') {
		100
		50
224	15					22	my $value = $payload->{$claim};
225	15	100				26	$value = "" if !defined $value;
226	15	100				795	croak "JWT: $claim claim re check failed" unless $value =~ $check;
227							}
228							elsif (ref $check eq 'CODE') {
229	14	100				35	croak "JWT: $claim claim code check failed" unless $check->($payload->{$claim});
230							}
231							elsif (!ref $check) {
232	14					22	my $value = $payload->{$claim};
233	14	100	66			541	croak "JWT: $claim claim scalar check failed" unless defined $value && $value eq $check;
234							}
235							else {
236	0					0	croak "JWT: verify_$claim must be Regexp, Scalar or CODE";
237							}
238							}
239							else {
240	4					500	croak "JWT: $claim claim required but missing"
241							}
242							}
243
244							}
245
246							sub _payload_zip {
247	4			4		10	my ($payload, $header, $z) = @_;
248	4	100				15	my @zip = ref $z eq 'ARRAY' ? @$z : ($z);
249	4	50				12	if ($zip[0] eq 'deflate') {
250	4	100				11	my $level = defined $zip[1] ? $zip[1] : 6;
251	4					9	$header->{zip} = "DEF";
252	4					17	my $d = Compress::Raw::Zlib::Deflate->new(-Bufsize => 1024, -WindowBits => -&MAX_WBITS(), -AppendOutput => 1, -Level => $level );
253	4					3346	my $output = '';
254	4	50				53	$d->deflate($payload, $output) == Z_OK or croak "JWT: deflate failed";
255	4	50				194	$d->flush($output) == Z_OK or croak "JWT: deflate/flush failed";
256	4	50				31	croak "JWT: deflate/output failed" unless $output;
257	4					193	$payload = $output;
258							}
259							else {
260	0					0	croak "JWT: unknown zip method '$zip[0]'";
261							}
262	4					19	return $payload;
263							}
264
265							sub _payload_unzip {
266	15			15		39	my ($payload, $z) = @_;
267	15	50				36	if ($z eq "DEF") {
268	15					60	my $d = Compress::Raw::Zlib::Inflate->new(-Bufsize => 1024, -WindowBits => -&MAX_WBITS());
269	15					6472	my $output = '';
270	15					219	$d->inflate($payload, $output);
271	15	50				48	croak "JWT: inflate failed" unless $output;
272	15					74	$payload = $output;
273							}
274							else {
275	0					0	croak "JWT: unknown zip method '$z'";
276							}
277	15					34	return $payload;
278							}
279
280							sub _payload_enc {
281	148			148		268	my ($payload) = @_;
282	148	100				379	if (ref($payload) =~ /^(HASH\|ARRAY)$/) {
283	21					283	$payload = JSON->new->utf8->canonical->encode($payload);
284							}
285							else {
286	127	50				430	utf8::downgrade($payload, 1) or croak "JWT: payload cannot contain wide character";
287							}
288	148					390	return $payload;
289							}
290
291							sub _payload_dec {
292	267			267		801	my ($payload, $decode_payload) = @_;
293	267	100	100			913	return $payload if defined $decode_payload && $decode_payload == 0;
294	205					386	my $de = $payload;
295	205					300	$de = eval { decode_json($de) };
	205					2156
296	205	100				581	if ($decode_payload) {
297	14	50				38	croak "JWT: payload not a valid JSON" unless $de;
298	14					31	return $de;
299							}
300							else {
301	191	100				536	return defined $de ? $de : $payload;
302							}
303							}
304
305							sub _encrypt_jwe_cek {
306	115			115		219	my ($key, $hdr) = @_;
307	115					194	my $alg = $hdr->{alg};
308	115					191	my $enc = $hdr->{enc};
309
310	115	100				238	if ($alg eq 'dir') {
311	12					25	return (_prepare_oct_key($key), '');
312							}
313
314	103					201	my $cek;
315							my $ecek;
316	103	100				512	if ($enc =~ /^A(128\|192\|256)GCM/) {
		50
317	55					311	$cek = random_bytes($1/8);
318							}
319							elsif ($enc =~ /^A(128\|192\|256)CBC/) {
320	48					300	$cek = random_bytes(2*$1/8);
321							}
322
323	103	100				1946	if ($alg =~ /^A(128\|192\|256)KW$/) {
		100
		100
		100
		100
		50
324	18					52	$ecek = aes_key_wrap(_prepare_oct_key($key), $cek);
325	18					61	return ($cek, $ecek);
326							}
327							elsif ($alg =~ /^A(128\|192\|256)GCMKW$/) {
328	18					33	my ($t, $i);
329	18					33	($ecek, $t, $i) = gcm_key_wrap(_prepare_oct_key($key), $cek);
330	18					77	$hdr->{tag} = encode_b64u($t);
331	18					46	$hdr->{iv} = encode_b64u($i);
332	18					55	return ($cek, $ecek);
333							}
334							elsif ($alg =~ /^PBES2-HS(512\|384\|256)\+A(128\|192\|256)KW$/) {
335	24	50	33			219	my $len = looks_like_number($hdr->{p2s}) && $hdr->{p2s} >= 8 && $hdr->{p2s} <= 9999 ? $hdr->{p2s} : 16;
336	24					82	my $salt = random_bytes($len);
337	24	50				279	my $iter = looks_like_number($hdr->{p2c}) ? $hdr->{p2c} : 5000;
338	24					80	$ecek = pbes2_key_wrap(_prepare_oct_key($key), $cek, $alg, $salt, $iter);
339	24					133	$hdr->{p2s} = encode_b64u($salt);
340	24					60	$hdr->{p2c} = $iter;
341	24					100	return ($cek, $ecek);
342							}
343							elsif ($alg =~ /^RSA(-OAEP\|-OAEP-256\|1_5)$/) {
344	18					49	$key = _prepare_rsa_key($key);
345	18					55	$ecek = rsa_key_wrap($key, $cek, $alg);
346	18					68	return ($cek, $ecek);
347							}
348							elsif ($alg =~ /^ECDH-ES\+A(128\|192\|256)KW$/) {
349	19					46	$key = _prepare_ecdh_key($key);
350	19					105	($ecek, $hdr->{epk}) = ecdhaes_key_wrap($key, $cek, $alg, $hdr->{apu}, $hdr->{apv});
351	19					2584	return ($cek, $ecek);
352							}
353							elsif ($alg eq 'ECDH-ES') {
354	6					15	$key = _prepare_ecdh_key($key);
355	6					32	($cek, $hdr->{epk}) = ecdh_key_wrap($key, $enc, $hdr->{apu}, $hdr->{apv});
356	6					757	return ($cek, '');
357							}
358	0					0	croak "JWE: unknown alg '$alg'";
359							}
360
361							sub _decrypt_jwe_cek {
362	168			168		389	my ($ecek, $key, $hdr) = @_;
363	168					262	my $alg = $hdr->{alg};
364	168					284	my $enc = $hdr->{enc};
365
366	168	100				1126	if ($alg eq 'dir') {
		100
		100
		100
		100
		100
		50
367	18					54	return _prepare_oct_key($key);
368							}
369							elsif ($alg =~ /^A(128\|192\|256)KW$/) {
370	22					52	return aes_key_unwrap(_prepare_oct_key($key), $ecek);
371							}
372							elsif ($alg =~ /^A(128\|192\|256)GCMKW$/) {
373	22					65	return gcm_key_unwrap(_prepare_oct_key($key), $ecek, decode_b64u($hdr->{tag}), decode_b64u($hdr->{iv}));
374							}
375							elsif ($alg =~ /^PBES2-HS(512\|384\|256)\+A(128\|192\|256)KW$/) {
376	39					119	return pbes2_key_unwrap(_prepare_oct_key($key), $ecek, $alg, decode_b64u($hdr->{p2s}), $hdr->{p2c});
377							}
378							elsif ($alg =~ /^RSA(-OAEP\|-OAEP-256\|1_5)$/) {
379	35					94	$key = _prepare_rsa_key($key);
380	35					4350	return rsa_key_unwrap($key, $ecek, $alg);
381							}
382							elsif ($alg =~ /^ECDH-ES\+A(128\|192\|256)KW$/) {
383	22					71	$key = _prepare_ecdh_key($key);
384	22					162	return ecdhaes_key_unwrap($key, $ecek, $alg, $hdr->{epk}, $hdr->{apu}, $hdr->{apv});
385							}
386							elsif ($alg eq 'ECDH-ES') {
387	10					23	$key = _prepare_ecdh_key($key);
388	10					71	return ecdh_key_unwrap($key, $enc, $hdr->{epk}, $hdr->{apu}, $hdr->{apv});
389							}
390	0					0	croak "JWE: unknown alg '$alg'";
391							}
392
393							sub _encrypt_jwe_payload {
394	115			115		291	my ($cek, $enc, $b64u_header, $b64u_aad, $payload) = @_;
395	115	50				246	my $aad = defined $b64u_aad ? "$b64u_header.$b64u_aad" : $b64u_header;
396	115	100				828	if ($enc =~ /^A(128\|192\|256)GCM$/) {
		50
397							# https://tools.ietf.org/html/rfc7518#section-5.3
398	61					229	my $len1 = $1/8;
399	61					111	my $len2 = length($cek);
400	61	50				170	croak "JWE: wrong AES key length ($len1 vs. $len2) for $enc" unless $len1 == $len2;
401	61					190	my $iv = random_bytes(12); # for AESGCM always 12 (96 bits)
402	61					14113	my ($ct, $tag) = gcm_encrypt_authenticate('AES', $cek, $iv, $aad, $payload);
403	61					306	return ($ct, $iv, $tag);
404							}
405							elsif ($enc =~ /^A(128\|192\|256)CBC-HS(256\|384\|512)$/) {
406							# https://tools.ietf.org/html/rfc7518#section-5.2
407	54					274	my ($size, $hash) = ($1/8, "SHA$2");
408	54					125	my $key_len = length($cek) / 2;
409	54					121	my $mac_key = substr($cek, 0, $key_len);
410	54					91	my $aes_key = substr($cek, $key_len, $key_len);
411	54	50				129	croak "JWE: wrong AES key length ($key_len vs. $size)" unless $key_len == $size;
412	54					156	my $iv = random_bytes(16); # for AES always 16
413	54					795	my $m = Crypt::Mode::CBC->new('AES');
414	54					200	my $ct = $m->encrypt($payload, $aes_key, $iv);
415	54					1079	my $aad_len = length($aad);
416	54					332	my $mac_input = $aad . $iv . $ct . pack('N2', ($aad_len / 2147483647)8, ($aad_len % 2147483647)8);
417	54					677	my $mac = hmac($hash, $mac_key, $mac_input);
418	54					126	my $sig_len = length($mac) / 2;
419	54					103	my $sig = substr($mac, 0, $sig_len);
420	54					324	return ($ct, $iv, $sig);
421							}
422	0					0	croak "JWE: unsupported enc '$enc'";
423							}
424
425							sub _decrypt_jwe_payload {
426	168			168		476	my ($cek, $enc, $aad, $ct, $iv, $tag) = @_;
427	168	100				1295	if ($enc =~ /^A(128\|192\|256)GCM$/) {
		50
428							# https://tools.ietf.org/html/rfc7518#section-5.3
429	89					364	my $len1 = $1/8;
430	89					153	my $len2 = length($cek);
431	89	50				236	croak "JWE: wrong AES key length ($len1 vs. $len2) for $enc" unless $len1 == $len2;
432	89					19374	return gcm_decrypt_verify('AES', $cek, $iv, $aad, $ct, $tag);
433							}
434							elsif ($enc =~ /^A(128\|192\|256)CBC-HS(256\|384\|512)$/) {
435							# https://tools.ietf.org/html/rfc7518#section-5.2
436	79					449	my ($size, $hash) = ($1/8, "SHA$2");
437	79					169	my $key_len = length($cek) / 2;
438	79					179	my $mac_key = substr($cek, 0, $key_len);
439	79					146	my $aes_key = substr($cek, $key_len, $key_len);
440	79	50				254	croak "JWE: wrong AES key length ($key_len vs. $size)" unless $key_len == $size;
441	79					138	my $aad_len = length($aad); # AAD == original encoded header
442	79					422	my $mac_input = $aad . $iv . $ct . pack('N2', ($aad_len / 2147483647)8, ($aad_len % 2147483647)8);
443	79					977	my $mac = hmac($hash, $mac_key, $mac_input);
444	79					187	my $sig_len = length($mac) / 2;
445	79					150	my $sig = substr($mac, 0, $sig_len);
446	79	50				174	croak "JWE: tag mismatch" unless $sig eq $tag;
447	79					467	my $m = Crypt::Mode::CBC->new('AES');
448	79					302	my $pt = $m->decrypt($ct, $aes_key, $iv);
449	79					1918	return $pt;
450							}
451	0					0	croak "JWE: unsupported enc '$enc'";
452							}
453
454							sub _encode_jwe {
455	115			115		383	my %args = @_;
456	115					233	my $payload = $args{payload};
457	115					170	my $alg = $args{alg};
458	115					171	my $enc = $args{enc};
459	115	100				262	my $header = $args{extra_headers} ? \%{$args{extra_headers}} : {};
	2					6
460	115	50				323	croak "JWE: missing 'enc'" if !defined $enc;
461	115	50				246	croak "JWE: missing 'payload'" if !defined $payload;
462							# add claims to payload
463	115	100				287	_add_claims($payload, %args) if ref $payload eq 'HASH';
464							# serialize payload
465	115					264	$payload = _payload_enc($payload);
466							# compress payload
467	115	100				300	$payload = _payload_zip($payload, $header, $args{zip}) if $args{zip}; # may set some header items
468							# prepare header
469	115					236	$header->{alg} = $alg;
470	115					204	$header->{enc} = $enc;
471							# key
472	115	50				252	croak "JWE: missing 'key'" if !$args{key};
473	115	50				262	my $key = defined $args{keypass} ? [$args{key}, $args{keypass}] : $args{key};
474							# prepare cek
475	115					265	my ($cek, $ecek) = _encrypt_jwe_cek($key, $header); # adds some header items
476							# encode header
477	115					734	my $json_header = encode_json($header);
478	115					422	my $b64u_header = encode_b64u($json_header);
479	115	50				325	my $b64u_aad = defined $args{aad} ? encode_b64u($args{aad}) : undef;
480							# encrypt payload
481	115					335	my ($ct, $iv, $tag) = _encrypt_jwe_payload($cek, $enc, $b64u_header, $b64u_aad, $payload);
482							# return token parts
483	115					1203	return ( $b64u_header,
484							encode_b64u($ecek),
485							encode_b64u($iv),
486							encode_b64u($ct),
487							encode_b64u($tag),
488							$b64u_aad);
489							}
490
491							sub _decode_jwe {
492	174			174		1159	my ($b64u_header, $b64u_ecek, $b64u_iv, $b64u_ct, $b64u_tag, $b64u_aad, $unprotected, $shared_unprotected, %args) = @_;
493	174					506	my $header = _b64u_to_hash($b64u_header);
494	174					516	my $ecek = decode_b64u($b64u_ecek);
495	174					456	my $ct = decode_b64u($b64u_ct);
496	174					347	my $iv = decode_b64u($b64u_iv);
497	174					374	my $tag = decode_b64u($b64u_tag);
498	174	50	33			769	croak "JWE: invalid header part" if $b64u_header && !$header;
499	174	50	66			543	croak "JWE: invalid ecek part" if $b64u_ecek && !$ecek;
500	174	50	33			512	croak "JWE: invalid ct part" if $b64u_ct && !$ct;
501	174	50	33			513	croak "JWE: invalid iv part" if $b64u_iv && !$iv;
502	174	50	33			494	croak "JWE: invalid tag part" if $b64u_tag && !$tag;
503
504	174					266	my $key;
505	174	100				376	if (exists $args{key}) {
		50
506	172	50				413	$key = defined $args{keypass} ? [$args{key}, $args{keypass}] : $args{key};
507							}
508							elsif (exists $args{kid_keys}) {
509							# BEWARE: stricter approach since 0.023
510							# when 'kid_keys' specified it croaks if header doesn't contain 'kid' value or if 'kid' wasn't found in 'kid_keys'
511	2					8	my $k = _kid_lookup($header->{kid}, $args{kid_keys}, $header->{alg});
512	2	50				7	croak "JWE: kid_keys lookup failed" if !defined $k;
513	2					5	$key = $k;
514							}
515	174	50				349	croak "JWE: missing key" if !defined $key;
516
517	174					290	my $aa = $args{accepted_alg};
518	174	100	66			624	if (ref($aa) eq 'Regexp') {
		100	66
519	1	50				172	croak "JWE: alg '$header->{alg}' does not match accepted_alg" if $header->{alg} !~ $aa;
520							}
521							elsif ($aa && (ref($aa) eq 'ARRAY' \|\| !ref($aa))) {
522	5	100				18	my %acca = ref $aa ? map { $_ => 1 } @$aa : ( $aa => 1 );
	5					14
523	5	100				442	croak "JWE: alg '$header->{alg}' not in accepted_alg" if !$acca{$header->{alg}};
524							}
525
526	171					260	my $ae = $args{accepted_enc};
527	171	100	66			516	if (ref($ae) eq 'Regexp') {
		100	66
528	1	50				136	croak "JWE: enc '$header->{enc}' does not match accepted_enc" if $header->{enc} !~ $ae;
529							}
530							elsif ($ae && (ref($ae) eq 'ARRAY' \|\| !ref($ae))) {
531	5	100				17	my %acce = ref $ae ? map { $_ => 1 } @$ae : ( $ae => 1 );
	5					14
532	5	100				295	croak "JWE: enc '$header->{enc}' not in accepted_enc" if !$acce{$header->{enc}};
533							}
534
535	168					932	$header = { %$shared_unprotected, %$unprotected, %$header }; # merge headers
536	168					493	my $cek = _decrypt_jwe_cek($ecek, $key, $header);
537	168	50				509	my $aad = defined $b64u_aad ? "$b64u_header.$b64u_aad" : $b64u_header;
538	168					498	my $payload = _decrypt_jwe_payload($cek, $header->{enc}, $aad, $ct, $iv, $tag);
539	168	100				555	$payload = _payload_unzip($payload, $header->{zip}) if $header->{zip};
540	168					572	$payload = _payload_dec($payload, $args{decode_payload});
541	168					805	_verify_claims($payload, %args); # croaks on error
542	168					786	return ($header, $payload);
543							}
544
545							sub _sign_jws {
546	33			33		83	my ($b64u_header, $b64u_payload, $alg, $key) = @_;
547	33	100				71	return '' if $alg eq 'none'; # no integrity
548	32					41	my $sig;
549	32					74	my $data = "$b64u_header.$b64u_payload";
550	32	100				162	if ($alg =~ /^HS(256\|384\|512)$/) { # HMAC integrity
		100
		100
		100
		50
551	19					46	$key = _prepare_oct_key($key);
552	19					233	$sig = hmac("SHA$1", $key, $data);
553							}
554							elsif ($alg =~ /^RS(256\|384\|512)/) { # RSA+PKCS1-V1_5 signatures
555	5					16	my $pk = _prepare_rsa_key($key);
556	5					27424	$sig = $pk->sign_message($data, "SHA$1", 'v1.5');
557							}
558							elsif ($alg =~ /^PS(256\|384\|512)/) { # RSA+PSS signatures
559	3					10	my $hash = "SHA$1";
560	3					14	my $hashlen = $1/8;
561	3					11	my $pk = _prepare_rsa_key($key);
562	3					15960	$sig = $pk->sign_message($data, $hash, 'pss', $hashlen);
563							}
564							elsif ($alg =~ /^ES(256\|256K\|384\|512)$/) { # ECDSA signatures
565	4					16	my $hash = {ES256 => 'SHA256', ES256K => 'SHA256', ES384 => 'SHA384', ES512 => 'SHA512'}->{$alg};
566	4					16	my $pk = _prepare_ecc_key($key);
567	4					20683	$sig = $pk->sign_message_rfc7518($data, $hash);
568							}
569							elsif ($alg eq 'EdDSA') { # Ed25519 signatures
570	1					5	my $pk = _prepare_ed25519_key($key);
571	1					6262	$sig = $pk->sign_message($data);
572							}
573	32					178	return encode_b64u($sig);
574							}
575
576							sub _verify_jws {
577	98			98		233	my ($b64u_header, $b64u_payload, $b64u_sig, $alg, $key) = @_;
578	98					321	my $sig = decode_b64u($b64u_sig);
579	98	50	33			332	croak "JWS: invalid sig part" if $b64u_sig && !$sig;
580	98					269	my $data = "$b64u_header.$b64u_payload";
581
582	98	50				529	if ($alg eq 'none' ) { # no integrity
		100
		100
		100
		100
		50
583	0					0	return 1;
584							}
585							elsif ($alg =~ /^HS(256\|384\|512)$/) { # HMAC integrity
586	62					144	$key = _prepare_oct_key($key);
587	62	50				822	return 1 if $sig eq hmac("SHA$1", $key, $data);
588							}
589							elsif ($alg =~ /^RS(256\|384\|512)/) { # RSA+PKCS1-V1_5 signatures
590	20					56	my $hash = "SHA$1";
591	20					53	my $pk = _prepare_rsa_key($key);
592	19	50				7822	return 1 if $pk->verify_message($sig, $data, $hash, 'v1.5');
593							}
594							elsif ($alg =~ /^PS(256\|384\|512)/) { # RSA+PSS signatures
595	6					32	my $hash = "SHA$1";
596	6					22	my $hashlen = $1/8;
597	6					14	my $pk = _prepare_rsa_key($key);
598	6	50				1903	return 1 if $pk->verify_message($sig, $data, $hash, 'pss', $hashlen);
599							}
600							elsif ($alg =~ /^ES(256\|256K\|384\|512)$/) { # ECDSA signatures
601	9					46	my $hash = {ES256 => 'SHA256', ES256K => 'SHA256', ES384 => 'SHA384', ES512 => 'SHA512'}->{$alg};
602	9					37	my $pk = _prepare_ecc_key($key);
603	8	50				50347	return 1 if $pk->verify_message_rfc7518($sig, $data, $hash);
604							}
605							elsif ($alg eq 'EdDSA') { # Ed25519 signatures
606	1					3	my $pk = _prepare_ed25519_key($key);
607	1	50				6222	return 1 if $pk->verify_message($sig, $data);
608							}
609	0					0	return 0;
610							}
611
612							sub _encode_jws {
613	34			34		89	my %args = @_;
614	34					70	my $payload = $args{payload};
615	34					47	my $alg = $args{alg};
616	34	100				83	my $header = $args{extra_headers} ? \%{$args{extra_headers}} : {};
	2					5
617	34	50				82	croak "JWS: missing 'payload'" if !defined $payload;
618	34	100	100			228	croak "JWS: alg 'none' not allowed" if $alg eq 'none' && !$args{allow_none};
619							# add claims to payload
620	33	100				102	_add_claims($payload, %args) if ref $payload eq 'HASH';
621							# serialize payload
622	33					70	$payload = _payload_enc($payload);
623							# compress payload
624	33	100				89	$payload = _payload_zip($payload, $header, $args{zip}) if $args{zip}; # may set some header items
625							# encode payload
626	33					121	my $b64u_payload = encode_b64u($payload);
627							# prepare header
628	33					103	$header->{alg} = $alg;
629							# encode header
630	33					134	my $json_header = encode_json($header);
631	33					86	my $b64u_header = encode_b64u($json_header);
632							# key
633	33	50	66			126	croak "JWS: missing 'key'" if !$args{key} && $alg ne 'none';
634	33	50				75	my $key = defined $args{keypass} ? [$args{key}, $args{keypass}] : $args{key};
635							# sign header
636	33					73	my $b64u_signature = _sign_jws($b64u_header, $b64u_payload, $alg, $key);
637	33					171	return ($b64u_header, $b64u_payload, $b64u_signature);
638							}
639
640							sub _decode_jws {
641	105			105		528	my ($b64u_header, $b64u_payload, $b64u_sig, $unprotected_header, %args) = @_;
642	105					257	my $header = _b64u_to_hash($b64u_header);
643	105	50	33			449	croak "JWS: invalid header part" if $b64u_header && !$header;
644	105	100				244	$unprotected_header = {} if ref $unprotected_header ne 'HASH';
645
646	105	100				239	if (!$args{ignore_signature}) {
647	104					177	my $alg = $header->{alg};
648	104	50				188	croak "JWS: missing header 'alg'" unless $alg;
649	104	100	100			331	croak "JWS: alg 'none' not allowed" if $alg eq 'none' && !$args{allow_none};
650	103	50	66			212	croak "JWS: alg 'none' expects no signature" if $alg eq 'none' && defined $b64u_sig && length($b64u_sig) > 0;
			66
651
652	103					152	my $aa = $args{accepted_alg};
653	103	100				310	if (ref $aa eq 'Regexp') {
		100
		100
654	1	50				137	croak "JWS: alg '$alg' does not match accepted_alg" if $alg !~ $aa;
655							}
656							elsif (ref $aa eq 'ARRAY') {
657	2					9	my %acca = map { $_ => 1 } @$aa;
	5					14
658	2	100				247	croak "JWS: alg '$alg' not in accepted_alg" if !$acca{$alg};
659							}
660							elsif (defined $aa) {
661	3	100				121	croak "JWS: alg '$alg' not accepted_alg" if $aa ne $alg;
662							}
663
664	100	100				208	if ($alg ne 'none') {
665	98					133	my $key;
666	98	100				184	if (exists $args{key}) {
		100
		50
667	95	50				208	$key = defined $args{keypass} ? [$args{key}, $args{keypass}] : $args{key};
668							}
669							elsif (exists $args{kid_keys}) {
670							# BEWARE: stricter approach since 0.023
671							# when 'kid_keys' specified it croaks if header doesn't contain 'kid' value or if 'kid' wasn't found in 'kid_keys'
672	2	50				6	my $kid = exists $header->{kid} ? $header->{kid} : $unprotected_header->{kid};
673	2					9	my $k = _kid_lookup($kid, $args{kid_keys}, $alg);
674	2	50				6	croak "JWS: kid_keys lookup failed" if !defined $k;
675	2					5	$key = $k;
676							}
677							elsif ($args{key_from_jwk_header}) {
678							# BEWARE: stricter approach since 0.023
679							# - header 'jwk' is by default ignored (unless given: key_from_jwk_header => 1)
680							# - only RSA/ECDSA public keys are accepted
681	1					3	my $k = $header->{jwk};
682	1	50	33			8	croak "JWS: jwk header does not contain a key" if !defined $k \|\| ref($k) ne 'HASH' \|\| !defined $k->{kty};
			33
683	1	50	33			29	croak "JWS: jwk header allowed only for RSA/ECDSA" if $alg !~ /^(RS\|PS\|ES)/ \|\| $k->{kty} !~ /^(RSA\|EC)$/;
684	1	50	33			20	croak "JWS: jwk header must be a public key" if $k->{d} \|\| $k->{p} \|\| $k->{q} \|\| $k->{dp} \|\| $k->{dq} \|\| $k->{qi};
			33
			33
			33
			33
685	1					3	$key = $k;
686							}
687	98	50				197	croak "JWS: missing key" if !defined $key;
688
689	98					229	my $valid = _verify_jws($b64u_header, $b64u_payload, $b64u_sig, $alg, $key);
690	96	50				289	croak "JWS: invalid signature" if !$valid;
691							}
692							}
693	99					286	my $payload = decode_b64u($b64u_payload);
694	99	50	66			394	croak "JWS: invalid payload part" if $b64u_payload && !$payload;
695	99	100				262	$payload = _payload_unzip($payload, $header->{zip}) if $header->{zip};
696	99					290	$payload = _payload_dec($payload, $args{decode_payload});
697	99					614	_verify_claims($payload, %args); # croaks on error
698	68					353	$header = { %$unprotected_header, %$header }; # merge headers
699	68					250	return ($header, $payload);
700							}
701
702							sub encode_jwt {
703	149			149	1	219742	my %args = @_;
704
705	149	50				483	croak "JWT: missing 'alg'" unless $args{alg};
706	149		50			607	my $ser = $args{serialization} \|\| 'compact';
707	149	100				1330	if ($args{alg} =~ /^(none\|EdDSA\|(HS\|RS\|PS)(256\|384\|512)\|ES(256\|256K\|384\|512))$/) {
		50
708							###JWS
709	34					121	my ($b64u_header, $b64u_payload, $b64u_signature) = _encode_jws(%args);
710	33	50				106	if ($ser eq 'compact') { # https://tools.ietf.org/html/rfc7515#section-7.1
		0
711	33	50				89	croak "JWT: cannot use 'unprotected_headers' with compact serialization" if defined $args{unprotected_headers};
712	33					191	return "$b64u_header.$b64u_payload.$b64u_signature";
713							}
714							elsif ($ser eq 'flattened') { # https://tools.ietf.org/html/rfc7515#section-7.2.2
715	0					0	my $token = { protected => $b64u_header, payload => $b64u_payload, signature => $b64u_signature };
716	0	0				0	$token->{header} = \%{$args{unprotected_headers}} if ref $args{unprotected_headers} eq 'HASH';
	0					0
717	0					0	return encode_json($token);
718							}
719							else {
720	0					0	croak "JWT: unsupported JWS serialization '$ser'";
721							}
722							}
723							elsif ($args{alg} =~ /^(dir\|A(128\|192\|256)KW\|A(128\|192\|256)GCMKW\|PBES2-(HS256\+A128KW\|HS384\+A192KW\|HS512\+A256KW)\|RSA-OAEP\|RSA-OAEP-256\|RSA1_5\|ECDH-ES\+A(128\|192\|256)KW\|ECDH-ES)$/) {
724							### JWE
725	115					439	my ($b64u_header, $b64u_ecek, $b64u_iv, $b64u_ct, $b64u_tag, $b64u_aad) = _encode_jwe(%args);
726	115	50				406	if ($ser eq 'compact') { # https://tools.ietf.org/html/rfc7516#section-7.1
		0
727	115	50				334	croak "JWT: cannot use 'aad' with compact serialization" if defined $args{aad};
728	115	50				234	croak "JWT: cannot use 'unprotected_headers' with compact serialization" if defined $args{unprotected_headers};
729	115	50				238	croak "JWT: cannot use 'shared_unprotected_headers' with compact serialization" if defined $args{shared_unprotected_headers};
730	115					778	return "$b64u_header.$b64u_ecek.$b64u_iv.$b64u_ct.$b64u_tag";
731							}
732							elsif ($ser eq 'flattened') { # https://tools.ietf.org/html/rfc7516#section-7.2.2
733	0					0	my $token = {
734							protected => $b64u_header,
735							encrypted_key => $b64u_ecek,
736							iv => $b64u_iv,
737							ciphertext => $b64u_ct,
738							tag => $b64u_tag,
739							};
740							# header: JWE Per-Recipient Unprotected Header when the JWE Per-Recipient Unprotected Header
741	0	0				0	$token->{header} = \%{$args{unprotected_headers}} if ref $args{unprotected_headers} eq 'HASH';
	0					0
742							# unprotected: JWE Shared Unprotected Header
743	0	0				0	$token->{unprotected} = \%{$args{shared_unprotected_headers}} if ref $args{shared_unprotected_headers} eq 'HASH';
	0					0
744							# aad: Additional Authenticated Data (AAD)
745	0	0				0	$token->{aad} = $b64u_aad if defined $b64u_aad;
746	0					0	return encode_json($token);
747							}
748							else {
749	0					0	croak "JWT: unsupported JWE serialization '$ser'";
750							}
751							}
752							else {
753	0					0	croak "JWT: unexpected alg '$args{alg}'";
754							}
755							}
756
757							sub decode_jwt {
758	279			279	1	115482	my %args = @_;
759	279					606	my ($header, $payload);
760
761	279	50				2660	if (!$args{token}) {
		100
		50
762	0					0	croak "JWT: missing token";
763							}
764							elsif ($args{token} =~ /^([a-zA-Z0-9_-]+)=\.([a-zA-Z0-9_-])=\.([a-zA-Z0-9_-])=(?:\.([a-zA-Z0-9_-]+)=\.([a-zA-Z0-9_-]+)=*)?$/) {
765	276	100				915	if (length($5)) {
766							# JWE token (5 segments)
767	173					811	($header, $payload) = Crypt::JWT::_decode_jwe($1, $2, $3, $4, $5, undef, {}, {}, %args);
768							} else {
769							# JWS token (3 segments)
770	103					374	($header, $payload) = Crypt::JWT::_decode_jws($1, $2, $3, {}, %args);
771							}
772							}
773							elsif ($args{token} =~ /^\s\{.?\}\s*$/s) {
774	3					28	my $hash = decode_json($args{token});
775	3	100	66			27	if (defined $hash->{payload} && $hash->{protected}) {
		50	33
776							# Flattened JWS JSON Serialization
777	2					15	($header, $payload) = _decode_jws($hash->{protected}, $hash->{payload}, $hash->{signature}, $hash->{header}, %args);
778							}
779							elsif ($hash->{ciphertext} && $hash->{protected}) {
780							# Flattened JWE JSON Serialization
781	1					7	($header, $payload) = _decode_jwe($hash->{protected}, $hash->{encrypted_key}, $hash->{iv}, $hash->{ciphertext}, $hash->{tag}, $hash->{aad}, $hash->{header}, $hash->{unprotected}, %args);
782							}
783							else {
784	0					0	croak "JWT: unsupported JWS/JWT JSON Serialization";
785							}
786							}
787							else {
788	0					0	croak "JWT: invalid token format";
789							}
790	236	100				985	return ($header, $payload) if $args{decode_header};
791	228					956	return $payload;
792							}
793
794							1;
795
796							#### URLs
797							# https://metacpan.org/pod/JSON::WebToken
798							# https://metacpan.org/pod/Mojo::JWT
799							# https://bitbucket.org/b_c/jose4j/wiki/JWE%20Examples
800							# https://bitbucket.org/b_c/jose4j/wiki/JWS%20Examples
801							# https://github.com/dvsekhvalnov/jose-jwt/tree/master/JWT/jwe
802							# https://github.com/progrium/ruby-jwt
803							# https://github.com/jpadilla/pyjwt/
804
805							=pod
806
807							=head1 NAME
808
809							Crypt::JWT - JSON Web Token (JWT, JWS, JWE) as defined by RFC7519, RFC7515, RFC7516
810
811							=head1 SYNOPSIS
812
813							# encoding
814							use Crypt::JWT qw(encode_jwt);
815							my $jws_token = encode_jwt(payload=>$data, alg=>'HS256', key=>'secret');
816							my $jwe_token = encode_jwt(payload=>$data, alg=>'PBES2-HS256+A128KW', enc=>'A128GCM', key=>'secret');
817
818							# decoding
819							use Crypt::JWT qw(decode_jwt);
820							my $data1 = decode_jwt(token=>$jws_token, key=>'secret');
821							my $data2 = decode_jwt(token=>$jwe_token, key=>'secret');
822
823							=head1 DESCRIPTION
824
825							Implements B - L.
826							The implementation covers not only B - L,
827							but also B - L.
828
829							The module implements B defined in L - B.
830
831							This module supports B and B serialization, general JSON serialization is not supported yet.
832
833							=head1 EXPORT
834
835							Nothing is exported by default.
836
837							You can export selected functions:
838
839							use Crypt::JWT qw(decode_jwt encode_jwt);
840
841							Or all of them at once:
842
843							use Crypt::JWT ':all';
844
845							=head1 FUNCTIONS
846
847							=head2 decode_jwt
848
849							my $data = decode_jwt(%named_args);
850
851							Named arguments:
852
853							=over
854
855							=item token
856
857							Mandatory argument, a string with either JWS or JWE JSON Web Token.
858
859							### JWS token example (3 segments)
860							$t = "eyJhbGciOiJIUzI1NiJ9.dGVzdA.ujBihtLSr66CEWqN74SpLUkv28lra_CeHnxLmLNp4Jo";
861							my $data = decode_jwt(token=>$t, key=>$k);
862
863							### JWE token example (5 segments)
864							$t = "eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiQTEyOEtXIn0.UusxEbzhGkORxTRq0xkFKhvzPrXb9smw.VGfOuq0Fxt6TsdqLZUpnxw.JajIQQ.pkKZ7MHS0XjyGmRsqgom6w";
865							my $data = decode_jwt(token=>$t, key=>$k);
866
867							=item key
868
869							A key used for token decryption (JWE) or token signature validation (JWS).
870							The value depends on the C token header value.
871
872							JWS alg header key value
873							------------------ ----------------------------------
874							none no key required
875							HS256 string (raw octects) of any length (or perl HASH ref with JWK, kty=>'oct')
876							HS384 dtto
877							HS512 dtto
878							RS256 public RSA key, perl HASH ref with JWK key structure,
879							a reference to SCALAR string with PEM or DER or JSON/JWK data,
880							object: Crypt::PK::RSA, Crypt::OpenSSL::RSA, Crypt::X509 or Crypt::OpenSSL::X509
881							RS384 public RSA key, see RS256
882							RS512 public RSA key, see RS256
883							PS256 public RSA key, see RS256
884							PS384 public RSA key, see RS256
885							PS512 public RSA key, see RS256
886							ES256 public ECC key, perl HASH ref with JWK key structure,
887							a reference to SCALAR string with PEM or DER or JSON/JWK data,
888							an instance of Crypt::PK::ECC
889							ES256K public ECC key, see ES256
890							ES384 public ECC key, see ES256
891							ES512 public ECC key, see ES256
892							EdDSA public Ed25519 key
893
894							JWE alg header key value
895							------------------ ----------------------------------
896							dir string (raw octects) or perl HASH ref with JWK, kty=>'oct', length depends on 'enc' algorithm
897							A128KW string (raw octects) 16 bytes (or perl HASH ref with JWK, kty=>'oct')
898							A192KW string (raw octects) 24 bytes (or perl HASH ref with JWK, kty=>'oct')
899							A256KW string (raw octects) 32 bytes (or perl HASH ref with JWK, kty=>'oct')
900							A128GCMKW string (raw octects) 16 bytes (or perl HASH ref with JWK, kty=>'oct')
901							A192GCMKW string (raw octects) 24 bytes (or perl HASH ref with JWK, kty=>'oct')
902							A256GCMKW string (raw octects) 32 bytes (or perl HASH ref with JWK, kty=>'oct')
903							PBES2-HS256+A128KW string (raw octects) of any length (or perl HASH ref with JWK, kty=>'oct')
904							PBES2-HS384+A192KW string (raw octects) of any length (or perl HASH ref with JWK, kty=>'oct')
905							PBES2-HS512+A256KW string (raw octects) of any length (or perl HASH ref with JWK, kty=>'oct')
906							RSA-OAEP private RSA key, perl HASH ref with JWK key structure,
907							a reference to SCALAR string with PEM or DER or JSON/JWK data,
908							an instance of Crypt::PK::RSA or Crypt::OpenSSL::RSA
909							RSA-OAEP-256 private RSA key, see RSA-OAEP
910							RSA1_5 private RSA key, see RSA-OAEP
911							ECDH-ES private ECC or X25519 key, perl HASH ref with JWK key structure,
912							a reference to SCALAR string with PEM or DER or JSON/JWK data,
913							an instance of Crypt::PK::ECC
914							ECDH-ES+A128KW private ECC or X25519 key, see ECDH-ES
915							ECDH-ES+A192KW private ECC or X25519 key, see ECDH-ES
916							ECDH-ES+A256KW private ECC or X25519 key, see ECDH-ES
917
918							Example using the key from C token header:
919
920							my $data = decode_jwt(token=>$t, key_from_jwk_header=>1);
921							my ($header, $data) = decode_jwt(token=>$t, decode_header=>1, key_from_jwk_header=>1);
922
923							Examples with raw octet keys:
924
925							#string
926							my $data = decode_jwt(token=>$t, key=>'secretkey');
927							#binary key
928							my $data = decode_jwt(token=>$t, key=>pack("H*", "788A6E38F36B7596EF6A669E94"));
929							#perl HASH ref with JWK structure (key type 'oct')
930							my $data = decode_jwt(token=>$t, key=>{kty=>'oct', k=>"GawgguFyGrWKav7AX4VKUg"});
931
932							Examples with RSA keys:
933
934							my $pem_key_string = <<'EOF';
935							-----BEGIN PRIVATE KEY-----
936							MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoVm/Sl5r+Ofky
937							jioRSZK26GW6WyjyfWKddsSi13/NOtCn0rRErSF/u3QrgGMpWFqKohqbi1VVC+SZ
938							...
939							8c1vm2YFafgdkSk9Qd1oU2Fv1aOQy4VovOFzJ3CcR+2r7cbRfcpLGnintHtp9yek
940							02p+d5g4OChfFNDhDtnIqjvY
941							-----END PRIVATE KEY-----
942							EOF
943
944							my $jwk_key_json_string = '{"kty":"RSA","n":"0vx7agoebG...L6tSoc_BJECP","e":"AQAB"}';
945
946							#a reference to SCALAR string with PEM or DER or JSON/JWK data,
947							my $data = decode_jwt(token=>$t, key=>\$pem_key_string);
948							my $data = decode_jwt(token=>$t, key=>\$der_key_string);
949							my $data = decode_jwt(token=>$t, key=>\$jwk_key_json_string);
950
951							#instance of Crypt::PK::RSA
952							my $data = decode_jwt(token=>$t, key=>Crypt::PK::RSA->new('keyfile.pem'));
953							my $data = decode_jwt(token=>$t, key=>Crypt::PK::RSA->new(\$pem_key_string));
954
955							#instance of Crypt::OpenSSL::RSA
956							my $data = decode_jwt(token=>$t, key=>Crypt::OpenSSL::RSA->new_private_key($pem_key_string));
957
958							#instance of Crypt::X509 (public key only)
959							my $data = decode_jwt(token=>$t, key=>Crypt::X509->new(cert=>$cert));
960
961							#instance of Crypt::OpenSSL::X509 (public key only)
962							my $data = decode_jwt(token=>$t, key=>Crypt::OpenSSL::X509->new_from_file('cert.pem'));
963							my $data = decode_jwt(token=>$t, key=>Crypt::OpenSSL::X509->new_from_string($cert));
964
965							#perl HASH ref with JWK structure (key type 'RSA')
966							my $rsa_priv = {
967							kty => "RSA",
968							n => "0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
969							e => "AQAB",
970							d => "X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
971							p => "83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
972							q => "3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
973							dp => "G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
974							dq => "s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
975							qi => "GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
976							};
977							my $data = decode_jwt(token=>$t, key=>$rsa_priv});
978
979							Examples with ECC keys:
980
981							my $pem_key_string = <<'EOF';
982							-----BEGIN EC PRIVATE KEY-----
983							MHcCAQEEIBG1c3z52T8XwMsahGVdOZWgKCQJfv+l7djuJjgetdbDoAoGCCqGSM49
984							AwEHoUQDQgAEoBUyo8CQAFPeYPvv78ylh5MwFZjTCLQeb042TjiMJxG+9DLFmRSM
985							lBQ9T/RsLLc+PmpB1+7yPAR+oR5gZn3kJQ==
986							-----END EC PRIVATE KEY-----
987							EOF
988
989							my $jwk_key_json_string = '{"kty":"EC","crv":"P-256","x":"MKB..7D4","y":"4Et..FyM"}';
990
991							#a reference to SCALAR string with PEM or DER or JSON/JWK data,
992							my $data = decode_jwt(token=>$t, key=>\$pem_key_string);
993							my $data = decode_jwt(token=>$t, key=>\$der_key_string);
994							my $data = decode_jwt(token=>$t, key=>\$jwk_key_json_string);
995
996							#instance of Crypt::PK::ECC
997							my $data = decode_jwt(token=>$t, key=>Crypt::PK::ECC->new('keyfile.pem'));
998							my $data = decode_jwt(token=>$t, key=>Crypt::PK::ECC->new(\$pem_key_string));
999
1000							#perl HASH ref with JWK structure (key type 'EC')
1001							my $ecc_priv = {
1002							kty => "EC",
1003							crv => "P-256",
1004							x => "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
1005							y => "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
1006							d => "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
1007							};
1008							my $data = decode_jwt(token=>$t, key=>$ecc_priv});
1009
1010							=item keypass
1011
1012							When 'key' parameter is an encrypted private RSA or ECC key this optional parameter may contain a password for private key decryption.
1013
1014							=item kid_keys
1015
1016							This parametes can be either a JWK Set JSON string (see RFC7517) or a perl HASH ref with JWK Set structure like this:
1017
1018							my $keylist = {
1019							keys => [
1020							{ kid=>"key1", kty=>"oct", k=>"GawgguFyGrWKav7AX4VKUg" },
1021							{ kid=>"key2", kty=>"oct", k=>"ulxLGy4XqhbpkR5ObGh1gX" },
1022							]
1023							};
1024							my $payload = decode_jwt(token=>$t, kid_keys=>$keylist);
1025
1026							You can use L to generate a JWK for RSA:
1027
1028							my $pubkey = Crypt::PK::RSA->new('rs256-4096-public.pem');
1029							my $jwk_hash = $pubkey->export_key_jwk('public', 1);
1030							$jwk_hash->{kid} = 'key1';
1031							my $keylist = {
1032							keys => [
1033							$jwk_hash,
1034							]
1035							};
1036
1037							The structure described above is used e.g. by L
1038
1039							use Mojo::UserAgent;
1040							my $ua = Mojo::UserAgent->new;
1041							my $google_keys => $ua->get('https://www.googleapis.com/oauth2/v2/certs')->result->json;
1042							my $payload = decode_jwt(token => $t, kid_keys => $google_keys);
1043
1044							B we also support alternative structure used e.g. by L:
1045
1046							use LWP::Simple;
1047							my $google_certs = get('https://www.googleapis.com/oauth2/v1/certs');
1048							my $payload = decode_jwt(token => $t, kid_keys => $google_certs);
1049
1050							When the token header contains C item the corresponding key is looked up in C list and used for token
1051							decoding (you do not need to pass the explicit key via C parameter). Add a kid header using L.
1052
1053							B When C is specified it croaks if token header does not contain C value or
1054							if C was not found in C.
1055
1056							=item key_from_jwk_header
1057
1058							B
1059
1060							C<1> - use C header value for validating JWS signature if neither C nor C specified, B
1061
1062							C<0> (default) - ignore C header value when validating JWS signature
1063
1064							Keep in mind that enabling C requires C header to exist and be an valid RSA/ECDSA public key (otherwise it croaks).
1065
1066							=item allow_none
1067
1068							C<1> - accept JWS tokens with C 'alg' header value (which means that token has no signature), B
1069
1070							C<0> (default) - do not allow JWS with C 'alg' header value
1071
1072							=item ignore_signature
1073
1074							C<1> - do not check signature on JWS tokens, B
1075
1076							C<0> (default) - check signature on JWS tokens
1077
1078							=item accepted_alg
1079
1080							C (default) means accept all 'alg' algorithms except 'none' (for accepting 'none' use C)
1081
1082							C name of accepted 'alg' algorithm (only one)
1083
1084							C a list of accepted 'alg' algorithms
1085
1086							C that has to match 'alg' algorithm name
1087
1088							my $payload = decode_jwt(token=>$t, key=>$k, accepted_alg=>'HS256');
1089							#or
1090							my $payload = decode_jwt(token=>$t, key=>$k, accepted_alg=>['HS256','HS384']);
1091							#or
1092							my $payload = decode_jwt(token=>$t, key=>$k, accepted_alg=>qr/^HS(256\|384\|512)$/);
1093
1094							=item accepted_enc
1095
1096							C (default) means accept all 'enc' algorithms
1097
1098							C name of accepted 'enc' algorithm (only one)
1099
1100							C a list of accepted 'enc' algorithms
1101
1102							C that has to match 'enc' algorithm name
1103
1104							my $payload = decode_jwt(token=>$t, key=>$k, accepted_enc=>'A192GCM');
1105							#or
1106							my $payload = decode_jwt(token=>$t, key=>$k, accepted_enc=>['A192GCM','A256GCM']);
1107							#or
1108							my $payload = decode_jwt(token=>$t, key=>$k, accepted_enc=>qr/^A(128\|192\|256)GCM$/);
1109
1110							=item decode_payload
1111
1112							C<0> - do not decode payload, return it as a raw string (octects).
1113
1114							C<1> - decode payload from JSON string, return it as perl hash ref (or array ref) - decode_json failure means fatal error (croak).
1115
1116							C (default) - if possible decode payload from JSON string, if decode_json fails return payload as a raw string (octets).
1117
1118							=item decode_header
1119
1120							C<0> (default) - do not return decoded header as a return value of decode_jwt()
1121
1122							C<1> - return decoded header as a return value of decode_jwt()
1123
1124							my $payload = decode_jwt(token=>$t, key=>$k);
1125							#or
1126							my ($header, $payload) = decode_jwt(token=>$t, key=>$k, decode_header=>1);
1127
1128							=item verify_iss
1129
1130							B If C is specified and
1131							claim C (Issuer) is completely missing it is a failure since 0.024
1132
1133							C `- subroutine (with 'iss' claim value passed as argument) should return C otherwise verification fails`
1134
1135							C - 'iss' claim value has to match given regexp otherwise verification fails
1136
1137							C - 'iss' claim value has to be equal to given string (since 0.029)
1138
1139							C (default) - do not verify 'iss' claim
1140
1141							=item verify_aud
1142
1143							B If C is specified and
1144							claim C (Audience) is completely missing it is a failure since 0.024
1145
1146							C `- subroutine (with 'aud' claim value passed as argument) should return C otherwise verification fails`
1147
1148							C - 'aud' claim value has to match given regexp otherwise verification fails
1149
1150							C - 'aud' claim value has to be equal to given string (since 0.029)
1151
1152							C (default) - do not verify 'aud' claim
1153
1154							=item verify_sub
1155
1156							B If C is specified and
1157							claim C_{(Subject) is completely missing it is a failure since 0.024}
1158
1159							C `- subroutine (with 'sub' claim value passed as argument) should return C otherwise verification fails`
1160
1161							C - 'sub' claim value has to match given regexp otherwise verification fails
1162
1163							C - 'sub' claim value has to be equal to given string (since 0.029)
1164
1165							C (default) - do not verify 'sub' claim
1166
1167							=item verify_jti
1168
1169							B If C is specified and
1170							claim C (JWT ID) is completely missing it is a failure since 0.024
1171
1172							C `- subroutine (with 'jti' claim value passed as argument) should return C otherwise verification fails`
1173
1174							C - 'jti' claim value has to match given regexp otherwise verification fails
1175
1176							C - 'jti' claim value has to be equal to given string (since 0.029)
1177
1178							C (default) - do not verify 'jti' claim
1179
1180							=item verify_iat
1181
1182							C - Issued At 'iat' claim must be valid (not in the future) if present
1183
1184							C<0> (default) - ignore 'iat' claim
1185
1186							C<1> - require valid 'iat' claim
1187
1188							=item verify_nbf
1189
1190							C (default) - Not Before 'nbf' claim must be valid if present
1191
1192							C<0> - ignore 'nbf' claim
1193
1194							C<1> - require valid 'nbf' claim
1195
1196							=item verify_exp
1197
1198							C (default) - Expiration Time 'exp' claim must be valid if present
1199
1200							C<0> - ignore 'exp' claim
1201
1202							C<1> - require valid 'exp' claim
1203
1204							=item leeway
1205
1206							Tolerance in seconds related to C, C and C. Default is C<0>.
1207
1208							=item ignore_claims
1209
1210							C<1> - do not check claims (iat, exp, nbf, iss, aud, sub, jti), B
1211
1212							C<0> (default) - check claims
1213
1214							=back
1215
1216							=head2 encode_jwt
1217
1218							my $token = encode_jwt(%named_args);
1219
1220							Named arguments:
1221
1222							=over
1223
1224							=item payload
1225
1226							Value of this mandatory parameter can be a string/buffer or HASH ref or ARRAY ref
1227
1228							my $token = encode_jwt(payload=>"any raw data", key=>$k, alg=>'HS256');
1229							#or
1230							my $token = encode_jwt(payload=>{a=>1,b=>2}, key=>$k, alg=>'HS256');
1231							#or
1232							my $token = encode_jwt(payload=>[11,22,33,44], key=>$k, alg=>'HS256');
1233
1234							HASH refs and ARRAY refs payloads are serialized as JSON strings
1235
1236							=item alg
1237
1238							The 'alg' header value is mandatory for both JWE and JWS tokens.
1239
1240							Supported JWE 'alg' algorithms:
1241
1242							dir
1243							A128KW
1244							A192KW
1245							A256KW
1246							A128GCMKW
1247							A192GCMKW
1248							A256GCMKW
1249							PBES2-HS256+A128KW
1250							PBES2-HS384+A192KW
1251							PBES2-HS512+A256KW
1252							RSA-OAEP
1253							RSA-OAEP-256
1254							RSA1_5
1255							ECDH-ES+A128KW
1256							ECDH-ES+A192KW
1257							ECDH-ES+A256KW
1258							ECDH-ES
1259
1260							Supported JWS algorithms:
1261
1262							none ... no integrity (NOTE: disabled by default)
1263							HS256 ... HMAC+SHA256 integrity
1264							HS384 ... HMAC+SHA384 integrity
1265							HS512 ... HMAC+SHA512 integrity
1266							RS256 ... RSA+PKCS1-V1_5 + SHA256 signature
1267							RS384 ... RSA+PKCS1-V1_5 + SHA384 signature
1268							RS512 ... RSA+PKCS1-V1_5 + SHA512 signature
1269							PS256 ... RSA+PSS + SHA256 signature
1270							PS384 ... RSA+PSS + SHA384 signature
1271							PS512 ... RSA+PSS + SHA512 signature
1272							ES256 ... ECDSA + SHA256 signature
1273							ES256K ... ECDSA + SHA256 signature
1274							ES384 ... ECDSA + SHA384 signature
1275							ES512 ... ECDSA + SHA512 signature
1276							EdDSA ... Ed25519 signature
1277
1278							=item enc
1279
1280							The 'enc' header is mandatory for JWE tokens.
1281
1282							Supported 'enc' algorithms:
1283
1284							A128GCM
1285							A192GCM
1286							A256GCM
1287							A128CBC-HS256
1288							A192CBC-HS384
1289							A256CBC-HS512
1290
1291							=item key
1292
1293							A key used for token encryption (JWE) or token signing (JWS). The value depends on C token header value.
1294
1295							JWS alg header key value
1296							------------------ ----------------------------------
1297							none no key required
1298							HS256 string (raw octects) of any length (or perl HASH ref with JWK, kty=>'oct')
1299							HS384 dtto
1300							HS512 dtto
1301							RS256 private RSA key, perl HASH ref with JWK key structure,
1302							a reference to SCALAR string with PEM or DER or JSON/JWK data,
1303							object: Crypt::PK::RSA, Crypt::OpenSSL::RSA, Crypt::X509 or Crypt::OpenSSL::X509
1304							RS384 private RSA key, see RS256
1305							RS512 private RSA key, see RS256
1306							PS256 private RSA key, see RS256
1307							PS384 private RSA key, see RS256
1308							PS512 private RSA key, see RS256
1309							ES256 private ECC key, perl HASH ref with JWK key structure,
1310							a reference to SCALAR string with PEM or DER or JSON/JWK data,
1311							an instance of Crypt::PK::ECC
1312							ES256K private ECC key, see ES256
1313							ES384 private ECC key, see ES256
1314							ES512 private ECC key, see ES256
1315							EdDSA private Ed25519 key
1316
1317							JWE alg header key value
1318							------------------ ----------------------------------
1319							dir string (raw octects) or perl HASH ref with JWK, kty=>'oct', length depends on 'enc' algorithm
1320							A128KW string (raw octects) 16 bytes (or perl HASH ref with JWK, kty=>'oct')
1321							A192KW string (raw octects) 24 bytes (or perl HASH ref with JWK, kty=>'oct')
1322							A256KW string (raw octects) 32 bytes (or perl HASH ref with JWK, kty=>'oct')
1323							A128GCMKW string (raw octects) 16 bytes (or perl HASH ref with JWK, kty=>'oct')
1324							A192GCMKW string (raw octects) 24 bytes (or perl HASH ref with JWK, kty=>'oct')
1325							A256GCMKW string (raw octects) 32 bytes (or perl HASH ref with JWK, kty=>'oct')
1326							PBES2-HS256+A128KW string (raw octects) of any length (or perl HASH ref with JWK, kty=>'oct')
1327							PBES2-HS384+A192KW string (raw octects) of any length (or perl HASH ref with JWK, kty=>'oct')
1328							PBES2-HS512+A256KW string (raw octects) of any length (or perl HASH ref with JWK, kty=>'oct')
1329							RSA-OAEP public RSA key, perl HASH ref with JWK key structure,
1330							a reference to SCALAR string with PEM or DER or JSON/JWK data,
1331							an instance of Crypt::PK::RSA or Crypt::OpenSSL::RSA
1332							RSA-OAEP-256 public RSA key, see RSA-OAEP
1333							RSA1_5 public RSA key, see RSA-OAEP
1334							ECDH-ES public ECC or X25519 key, perl HASH ref with JWK key structure,
1335							a reference to SCALAR string with PEM or DER or JSON/JWK data,
1336							an instance of Crypt::PK::ECC
1337							ECDH-ES+A128KW public ECC or X25519 key, see ECDH-ES
1338							ECDH-ES+A192KW public ECC or X25519 key, see ECDH-ES
1339							ECDH-ES+A256KW public ECC or X25519 key, see ECDH-ES
1340
1341							=item keypass
1342
1343							When 'key' parameter is an encrypted private RSA or ECC key this optional parameter may contain a password for private key decryption.
1344
1345							=item allow_none
1346
1347							C<1> - allow JWS with C 'alg' header value (which means that token has no signature), B
1348
1349							C<0> (default) - do not allow JWS with C 'alg' header value
1350
1351							=item extra_headers
1352
1353							This optional parameter may contain a HASH ref with items that will be added to JWT header.
1354
1355							If you want to use PBES2-based 'alg' like C you can set PBES2 salt len (p2s) in bytes and
1356							iteration count (p2c) via C like this:
1357
1358							my $token = encode_jwt(payload=>$p, key=>$k, alg=>'PBES2-HS512+A256KW', extra_headers=>{p2c=8000, p2s=>32});
1359							#NOTE: handling of p2s header is a special case, in the end it is replaced with the generated salt
1360
1361							You can also use this to specify a kid value (see L)
1362
1363							my $token = encode_jwt(payload=>$p, key=>$k, alg => 'RS256', extra_headers=>{kid=>'key1'});
1364
1365							=item unprotected_headers
1366
1367							A hash with additional integrity unprotected headers - JWS and JWE (not available for C serialization);
1368
1369							=item shared_unprotected_headers
1370
1371							A hash with additional integrity unprotected headers - JWE only (not available for C serialization);
1372
1373							=item aad
1374
1375							Additional Authenticated Data - scalar value with any (even raw octects) data - JWE only (not available for C serialization);
1376
1377							=item serialization
1378
1379							Specify serialization method: C (= default) for Compact JWS/JWE serialization or C for Flattened JWS/JWE JSON serialization.
1380
1381							General JSON serialization is not supported yet.
1382
1383							=item zip
1384
1385							Compression method, currently 'deflate' is the only one supported. C (default) means no compression.
1386
1387							my $token = encode_jwt(payload=>$p, key=>$k, alg=>'HS256', zip=>'deflate');
1388							#or define compression level
1389							my $token = encode_jwt(payload=>$p, key=>$k, alg=>'HS256', zip=>['deflate', 9]);
1390
1391							=item auto_iat
1392
1393							C<1> - set 'iat' (Issued At) claim to current time (epoch seconds since 1970) at the moment of token encoding
1394
1395							C<0> (default) - do not set 'iat' claim
1396
1397							NOTE: claims are part of the payload and can be used only if the payload is a HASH ref!
1398
1399							=item relative_exp
1400
1401							Set 'exp' claim (Expiration Time) to current time + C value (in seconds).
1402
1403							NOTE: claims are part of the payload and can be used only if the payload is a HASH ref!
1404
1405							=item relative_nbf
1406
1407							Set 'nbf' claim (Not Before) to current time + C value (in seconds).
1408
1409							NOTE: claims are part of the payload and can be used only if the payload is a HASH ref!
1410
1411							=back
1412
1413							=head1 SEE ALSO
1414
1415							L, L, L, L, L, L
1416
1417							=head1 LICENSE
1418
1419							This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
1420
1421							=head1 COPYRIGHT
1422
1423							Copyright (c) 2015-2023 DCIT, a.s. L / Karel Miko