fastjwt 1.0.0

A Simple and fast D implementation of JSON Web Tokens

To use this package, put the following dependency into your project's dependencies section:



alt text <a href="" title="Go to fastjwt"><img src="" alt="Dub version"></a>

FastJWT is a very fast, vibe.d focused Json Web Token (JWT) implementation that tries to avoid the use of the GC. If the the JWT is shorter than 512 charaters no memory will be allocated. If it is longer the memory will be automatically allocated and free by the used StringBuffer.

Performance comparision with LDC calling encode/decode 50000 times:

fastjwt : 309 ms, 474 μs, and 3 hnsecs

jwtd : 499 ms, 281 μs, and 9 hnsecs

jwt : 2 secs, 233 ms, 331 μs, and 3 hnsecs


The following example shows an examplary use of the fastjwt library in combiation with vibe.d. To use the /secureapi endpoint the JWT created by the /login entpoint needs to be send to the in the request header in the authentication field with the Bearer prefix to.

import vibe.d;

import fastjwt.jwt;
import stringbuffer;

string secret = "SuperStrongPassword";
JWTAlgorithm algo = JWTAlgorithm.HS512;

shared static this()
	auto settings = new HTTPServerSettings;
	settings.port = 8080;
	settings.bindAddresses = ["::1", ""];

	auto router = new URLRouter();
	router.get("/login", &login);
	router.get("/secureapi", &validator!securedApi);

	listenHTTP(settings, router);
	logInfo("Please open in your browser.");

// Get a new JWTToken
void login(HTTPServerRequest req, HTTPServerResponse res) {
	StringBuffer buf;
	encodeJWTToken(buf, algo, secret, "sub", 1337);

// An example validator function that can be used as a template to custom
// validator function. See the router in the shared statis this for its usage.
void validator(alias fun)(HTTPServerRequest req,
		HTTPServerResponse res)
	import std.algorithm.searching : startsWith;

	auto authStr = "Authorization";
	auto bearer = "Bearer ";

	if(authStr !in req.headers || !req.headers[authStr].startsWith(bearer)) {
		res.writeBody("Get out, you're not welcome");

	// Make sure that no reference of any StringBuffer do not escape, as their
	// stored data will be freed.
	StringBuffer header;
	StringBuffer payload;

	const rslt = decodeJWTToken(req.headers[authStr][bearer.length .. $],
			secret, algo, header, payload);

	if(rslt > 0) {
		res.writeBody("Your token was not OK");

	// Here you would parse payload into Json and see if you find the data
	// you were expecting

	fun(req, res);

// If you JWTToken is not ok you cannot use this api.
void securedApi(HTTPServerRequest req, HTTPServerResponse res) {
	res.writeBody("Here is your secure api!");

Authors:Robert burner Schadek

Dependencies:vibe-d:data, stringbuffer

1.0.0 2017-Feb-24
0.0.2 2017-Feb-02
0.0.1 2017-Feb-02
~master 2017-Feb-24
Show all 4 versions

statistics are temporarily disabled.