Database

pgjwt: JSON Web Tokens

The pgjwt (Postgres JSON Web Token) extension allows you to create and parse JSON Web Tokens (JWTs) within a Postgres database. JWTs are commonly used for authentication and authorization in web applications and services.

Enable the extension

  1. Go to the Database page in the Dashboard.
  2. Click on Extensions in the sidebar.
  3. Search for pgjwt and enable the extension.

API

Where:

  • payload is an encrypted JWT represented as a string.
  • secret is the private/secret passcode which is used to sign the JWT and verify its integrity.
  • algorithm is the method used to sign the JWT using the secret.
  • token is an encrypted JWT represented as a string.

Usage

Once the extension is installed, you can use its functions to create and parse JWTs. Here's an example of how you can use the sign function to create a JWT:

1
2
3
4
5
6
select  extensions.sign(    payload   := '{"sub":"1234567890","name":"John Doe","iat":1516239022}',    secret    := 'secret',    algorithm := 'HS256'  );

The pgjwt_encode function returns a string that represents the JWT, which can then be safely transmitted between parties.

1
2
3
4
5
6
7
8
sign--------------------------------- eyJhbGciOiJIUzI1NiIsInR5cCI6IkpX VCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiw ibmFtZSI6IkpvaG4gRG9lIiwiaWF0Ijo xNTE2MjM5MDIyfQ.XbPfbIHMI6arZ3Y9 22BhjWgQzWXcXNrz0ogtVhfEd2o(1 row)

To parse a JWT and extract its claims, you can use the verify function. Here's an example:

1
2
3
4
5
6
select  extensions.verify(    token := 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiRm9vIn0.Q8hKjuadCEhnCPuqIj9bfLhTh_9QSxshTRsA5Aq4IuM',    secret    := 'secret',    algorithm := 'HS256'  );

Which returns the decoded contents and some associated metadata.

1
2
3
4
header            |    payload     | valid-----------------------------+----------------+------- {"alg":"HS256","typ":"JWT"} | {"name":"Foo"} | t(1 row)

Resources