https://github.com/bryanjos/joken - A JSON Web Token (JWT) Library
token = %{user_id: 123}
|> Joken.token()
|> Joken.with_signer(Joken.hs256("my_secret_key"))
|> Joken.sign()
|> Joken.get_compact()Результат - токен
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMjN9.czVgXnZv56oliGbbFV3HZMwrJsZEWgpoZO13yxgjPuA"
token
|> Joken.token()
|> Joken.peek()Результат - данные
%{"user_id" => 123}token \
|> Joken.token() \
|> Joken.with_signer(Joken.hs256("my_secret_key")) \
|> Joken.verify!()Результат - {:ok, данные}
{:ok, %{"user_id" => 123}}Поддельный токен
fake_data = token
|> String.split(".")
|> (fn([_, y, _]) -> y end).()
|> Base.url_decode64!(padding: false)
|> Poison.decode!()
|> Map.merge(%{"user_id" => 666})
|> Poison.encode!()
|> Base.url_encode64(padding: false)
"eyJ1c2VyX2lkIjo2NjZ9"
[head, _, sign] = token
|> String.split(".")
fake_token = head <> "." <> fake_data <> "." <> sign
iex(xx)> fake_token = head <> "." <> fake_data <> "." <> sign
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjo2NjZ9.czVgXnZv56oliGbbFV3HZMwrJsZEWgpoZO13yxgjPuA"
iex(xx)> token
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMjN9.czVgXnZv56oliGbbFV3HZMwrJsZEWgpoZO13yxgjPuA"проверяем
fake_token
|> Joken.token()
|> Joken.with_signer(Joken.hs256("my_secret_key"))
|> Joken.verify!()
{:error, "Invalid signature"}