xtract.bot

JWT

Issue and validate JSON Web Tokens with HMAC algorithms (HS256, HS384, HS512). `jwt-sign` mints tokens with optional `exp` and automatic `iat` claims; `jwt-verify` checks signature plus the standard time-bound claims with configurable clock-skew tolerance; `jwt-decode` is a sugar for inspecting a token's header and payload without verifying. Defends against algorithm-confusion attacks via an explicit `expectedAlgorithm` parameter on the verifier.

JWT decode
Decode a JSON Web Token without verifying it. Returns header + payload + claims.
JWT sign
Sign a JWT (HS256 / HS384 / HS512).
JWT verify
Verify a JWT signature and return the decoded claims.