# pgjwt

**Repository Path**: RemoteBridge_admin/pgjwt

## Basic Information

- **Project Name**: pgjwt
- **Description**: pgjwt 是一个用于PostgreSQL的关系型数据库中的JSON Web Token（JWT）实现。JWT是一种常见的身份验证和授权机制，广泛应用于现代web应用程序和API安全中。这个库允许开发者在数据库层面处理JWT的生成和验证，而无需依赖于应用程序层的复杂逻辑。它要求数据库环境中已经安装了pgcrypto扩展，这是大多数发行版的postgresql-contrib包的一部分。
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2026-03-03
- **Last Updated**: 2026-03-03

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# pgjwt
PostgreSQL implementation of [JSON Web Tokens](https://jwt.io/)

## Dependencies

This code requires the pgcrypto extension, included in most
distribution's "postgresql-contrib" package.  The tests require the
pgtap extension to run.

## Install

You will require sudo privledges and the postgres development
libraries for your operating system in most cases.  For ubuntu on
postgres 9.5 for example, you can install them with:

    sudo apt-get install postgresql-server-dev-9.5

Clone the repository and then run:

    'make install'

This creates a new extension that can be installed with 'CREATE
EXTENSION pgjwt;'

To run the tests install pgtap and run 'pg_prove test/test.sql'.
Another approach is to use the docker based test runner, but running
'./test.sh'.  This will require you have docker installed.

## Usage

Create a token.  The first argument must be valid json, the second argument any text:

    => select sign('{"sub":"1234567890","name":"John Doe","admin":true}', 'secret');
                                                                            sign
    -------------------------------------------------------------------------------------------------------------------------------------------------------
     eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

Verify a token:

    => select * from verify('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', 'secret');
               header            |                       payload                       | valid
    -----------------------------+-----------------------------------------------------+-------
     {"alg":"HS256","typ":"JWT"} | {"sub":"1234567890","name":"John Doe","admin":true} | t

Algorithm
---------

sign() and verify() take an optional algorithm argument that can be
'HS256', 'HS384' or 'HS512'.  The default is 'HS256':

    => select sign('{"sub":"1234567890","name":"John Doe","admin":true}', 'secret', 'HS384'),


## TODO

* public/private keys when pgcrypto gets *_verify() functions

* SET ROLE and key lookup helper functions