WebCrypto JWK support

jacobparker1992 · May 23, 2020, 1:08pm

Most JWT packages seem to use most of the 1mb limit for workers. If we had JWK support in the WebCrypto implementation, you’d be able to remove a lot of code.

Or maybe CF has another way to validate JWTs for apps?

thomas4 · May 27, 2020, 5:45pm

It’s fully possible to use JWTs with the Web Crypto API.

I’m signing, parsing and decoding JWTs without any issues and my script is just 2kb large.

There are a few threads about it here that you can piece together to a working JTW package.

If you’re after full App authentication, I’d suggest using CF Access instead.

markus · May 29, 2020, 2:56pm

github.com

markusahlstrand/cloudworker-proxy/blob/master/src/handlers/jwt.js

/**
 * Parse and decode a JWT.
 * A JWT is three, base64 encoded, strings concatenated with ‘.’:
 *   a header, a payload, and the signature.
 * The signature is “URL safe”, in that ‘/+’ characters have been replaced by ‘_-’
 *
 * Steps:
 * 1. Split the token at the ‘.’ character
 * 2. Base64 decode the individual parts
 * 3. Retain the raw Bas64 encoded strings to verify the signature
 */
function decodeJwt(token) {
  const parts = token.split('.');
  const header = JSON.parse(atob(parts[0]));
  const payload = JSON.parse(atob(parts[1]));
  const signature = atob(parts[2].replace(/-/g, '+').replace(/_/g, '/'));

  return {
    header,
    payload,

This file has been truncated. show original

100 lines of js and no dependencies

Think I borrowed this code from someone on the forum, so thanks!

Topic		Replies	Views
How to use jwks for auth0 jwt validation in Cloudflare workers Workers	4	5281	January 25, 2021
Generating signed tokens in Node Stream	3	2546	November 22, 2021
Worker script exceeded time limit when verify jwt Workers	10	2882	January 27, 2021
[Solved] Can't make the jwt create/sign/verify work in cloudflare workers Workers	10	3928	July 22, 2023
Web Crypto Export JWK Not Working Workers	4	2731	May 7, 2021

WebCrypto JWK support

Related topics