bx-jwt is a new enterprise-grade JWT/JWE module for BoxLang, covering the full JWT specification stack including JWS signing (HMAC, RSA, Elliptic Curve) and JWE encryption. It offers two APIs: a fluent builder via jwtNew() and a suite of BIF functions. Security defaults are unconditional — alg:none tokens are always rejected, HMAC minimum key lengths per RFC 7518 are enforced, and an algorithm allowlist prevents confusion attacks. A Key Registry enables named key management and rotation via config rather than code changes. The module also supports clock skew tolerance, token refresh with grace periods, and kid-based key rotation. It requires a BoxLang+ or BoxLang++ subscription.
Sort: