Question 1

How do I sign a JWT with JOSE in Elixir?

Accepted Answer

Use JOSE.JWT.sign with a JSON Web Key (JWK), JWS header, and claims map. The README provides a clear example using HMAC SHA-256 (HS256), and you can specify other algorithms like RS256 or ES256 in the header.

Question 2

JOSE vs Guardian for authentication in Phoenix apps?

Accepted Answer

JOSE is a low-level library for JOSE standards implementation, offering extensive algorithm control, while Guardian is a higher-level framework for token-based auth. Choose JOSE for custom, standards-compliant crypto, and Guardian for easier, convention-over-configuration auth flows.

Question 3

Does JOSE support Ed25519 for signing?

Accepted Answer

Yes, JOSE fully supports Ed25519 and related algorithms like Ed25519ph via OKP key types, with optional acceleration through external libraries like libdecaf or libsodium, as mentioned in the Curve25519 support section.

Question 4

How to set up JOSE with libsodium for better performance?

Accepted Answer

Install the erlang-libsodium dependency and configure JOSE to use it via JOSE.chacha20_poly1305_module(:libsodium) or similar calls. The README notes this replaces slow pure Erlang fallbacks for operations like ChaCha20/Poly1305.

Question 5

What happens if I don't specify a JSON module in older OTP?

Accepted Answer

JOSE will attempt to auto-detect a JSON encoder/decoder from supported libraries like jiffy or Jason, but you must include one as a dependency. For OTP 27+, it uses the built-in json module unless overridden.

Question 6

Is the 'none' algorithm ever safe to use with JOSE?

Accepted Answer

No, the 'none' algorithm is inherently vulnerable and disabled by default. The README warns against enabling it via unsecured_signing settings, except for debugging or specific legacy interoperability needs.

Question 7

Can JOSE encrypt data with RSA-OAEP-256?

Accepted Answer

Yes, RSA-OAEP-256 is supported for JSON Web Encryption (JWE). You can specify it in the JWE header when using block_encrypt, as shown in the RSA examples in the usage section.

jose

What is jose?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions