Sessions on JWT

Package jaguar_session_jwt provides:

1. SessionManager to parse and store sessions from JWT
2. JwtConfig to configure
3. Claims to issue a token
4. HMAC private key to issue and verify tokens
5. JwtValidationConfig to validate a token received

Using Jwt Session manager

To store sessions as JWT instead of default Jaguar sessions, replace the default JaguarSessionManager with an instance of JwtSession in Jaguar using sessionManager parameter of constructor:

main() async {
  final server = Jaguar(sessionManager: JwtSession(jwtConfig));
  // add routes here
  await server.serve();
}

Configuring JWT

JwtSession can be configured using config and validationConfig parameters.

config takes the information required to issue, sign and decode JWT tokens. Some of the important parameters are:

• issuer: Issuer used in iss field of JWT
• audience: Audience used in aud field of JWT
• maxAge: Period for which the token is valid
• hmacKey: The key used to sign the JWT tokens. Keep this key a secret.

const jwtConfig = const JwtConfig('sdgdflgujsdgndsflkgjsdlnwertwert78676',
    issuer: 'jaguar.com');

Configuring transport

Use io to configure how session data is transported. Built-in options are:

1. SessionIoCookie: Stores token in cookie
2. SessionIoAuthHeader: Stores token in authorization header
3. SessionIoHeader: Stores token in header

By default, JwtSession uses SessionIoAuthHeader.

What's next?

TODO