[{"data":1,"prerenderedAt":288},["ShallowReactive",2],{"navigation":3,"-examples":167,"-examples-surround":285},[4,22,78,106,141,148],{"title":5,"path":6,"stem":7,"children":8},"Introduction","\u002Fgetting-started","0.Getting-Started\u002F0.index",[9,10,14,18],{"title":5,"path":6,"stem":7},{"title":11,"path":12,"stem":13},"Installation","\u002Fgetting-started\u002Finstallation","0.Getting-Started\u002F1.installation",{"title":15,"path":16,"stem":17},"Quickstart","\u002Fgetting-started\u002Fquickstart","0.Getting-Started\u002F2.quickstart",{"title":19,"path":20,"stem":21},"Core concepts","\u002Fgetting-started\u002Fcore-concepts","0.Getting-Started\u002F3.core-concepts",{"title":23,"path":24,"stem":25,"children":26,"icon":28},"JWT","\u002Fjwt","1.JWT\u002F0.index",[27,29,52],{"title":23,"path":24,"stem":25,"icon":28},"i-carbon-certificate",{"title":30,"path":31,"stem":32,"children":33,"icon":35},"JWS","\u002Fjwt\u002Fjws","1.JWT\u002F1.JWS\u002F0.index",[34,36,40,44,48],{"title":30,"path":31,"stem":32,"icon":35},"i-carbon-document-signed",{"title":37,"path":38,"stem":39},"Signing","\u002Fjwt\u002Fjws\u002Fsigning","1.JWT\u002F1.JWS\u002F1.signing",{"title":41,"path":42,"stem":43},"Verifying","\u002Fjwt\u002Fjws\u002Fverifying","1.JWT\u002F1.JWS\u002F2.verifying",{"title":45,"path":46,"stem":47},"Multi-signature","\u002Fjwt\u002Fjws\u002Fmulti-signature","1.JWT\u002F1.JWS\u002F3.multi-signature",{"title":49,"path":50,"stem":51},"Algorithms","\u002Fjwt\u002Fjws\u002Falgorithms","1.JWT\u002F1.JWS\u002F4.algorithms",{"title":53,"path":54,"stem":55,"children":56,"icon":58},"JWE","\u002Fjwt\u002Fjwe","1.JWT\u002F2.JWE\u002F0.index",[57,59,63,67,71,75],{"title":53,"path":54,"stem":55,"icon":58},"i-carbon-locked",{"title":60,"path":61,"stem":62},"Encrypting","\u002Fjwt\u002Fjwe\u002Fencrypting","1.JWT\u002F2.JWE\u002F1.encrypting",{"title":64,"path":65,"stem":66},"Decrypting","\u002Fjwt\u002Fjwe\u002Fdecrypting","1.JWT\u002F2.JWE\u002F2.decrypting",{"title":68,"path":69,"stem":70},"Multi-recipient","\u002Fjwt\u002Fjwe\u002Fmulti-recipient","1.JWT\u002F2.JWE\u002F3.multi-recipient",{"title":72,"path":73,"stem":74},"ECDH-ES and end-to-end encryption","\u002Fjwt\u002Fjwe\u002Fecdh-es","1.JWT\u002F2.JWE\u002F4.ecdh-es",{"title":49,"path":76,"stem":77},"\u002Fjwt\u002Fjwe\u002Falgorithms","1.JWT\u002F2.JWE\u002F5.algorithms",{"title":79,"path":80,"stem":81,"children":82,"icon":84},"Examples","\u002Fexamples","10.Examples\u002F0.index",[83,85,90,94,98,102],{"title":79,"path":80,"stem":81,"icon":84},"i-carbon-code-reference",{"title":86,"path":87,"stem":88,"icon":89},"Authentication basics","\u002Fexamples\u002Fauthentication-basics","10.Examples\u002F1.authentication-basics","i-lucide-code",{"title":91,"path":92,"stem":93,"icon":89},"Consuming a JWKS endpoint","\u002Fexamples\u002Fjwks-endpoint","10.Examples\u002F2.jwks-endpoint",{"title":95,"path":96,"stem":97,"icon":89},"Refresh token pattern","\u002Fexamples\u002Frefresh-token-pattern","10.Examples\u002F3.refresh-token-pattern",{"title":99,"path":100,"stem":101,"icon":89},"End-to-end encryption","\u002Fexamples\u002Fend-to-end-encryption","10.Examples\u002F4.end-to-end-encryption",{"title":103,"path":104,"stem":105,"icon":89},"Signed receipts","\u002Fexamples\u002Fsigned-receipts","10.Examples\u002F5.signed-receipts",{"title":107,"path":108,"stem":109,"children":110,"icon":112},"JWK","\u002Fjwk","2.JWK\u002F0.index",[111,113,117,121,125,129,133,137],{"title":107,"path":108,"stem":109,"icon":112},"i-carbon-two-factor-authentication",{"title":114,"path":115,"stem":116},"Generating keys","\u002Fjwk\u002Fgenerating","2.JWK\u002F1.generating",{"title":118,"path":119,"stem":120},"Importing and exporting","\u002Fjwk\u002Fimport-export","2.JWK\u002F2.import-export",{"title":122,"path":123,"stem":124},"PEM conversion","\u002Fjwk\u002Fpem","2.JWK\u002F3.pem",{"title":126,"path":127,"stem":128},"Key wrapping","\u002Fjwk\u002Fwrapping","2.JWK\u002F4.wrapping",{"title":130,"path":131,"stem":132},"Password derivation","\u002Fjwk\u002Fpassword-derivation","2.JWK\u002F5.password-derivation",{"title":134,"path":135,"stem":136},"JWK Sets","\u002Fjwk\u002Fjwk-sets","2.JWK\u002F6.jwk-sets",{"title":138,"path":139,"stem":140},"JWK cache","\u002Fjwk\u002Fcache","2.JWK\u002F7.cache",{"title":142,"path":143,"stem":144,"children":145,"icon":147},"Utilities","\u002Futilities","3.Utilities\u002F0.index",[146],{"title":142,"path":143,"stem":144,"icon":147},"i-carbon-tool-box",{"title":149,"path":150,"stem":151,"children":152,"icon":154},"Adapters","\u002Fadapters","99.Adapters\u002F0.index",[153,155,159,163],{"title":149,"path":150,"stem":151,"icon":154},"i-carbon-plug",{"title":156,"path":157,"stem":158},"H3 sessions","\u002Fadapters\u002Fh3-sessions","99.Adapters\u002F1.h3-sessions",{"title":160,"path":161,"stem":162},"Lifecycle hooks","\u002Fadapters\u002Fhooks","99.Adapters\u002F2.hooks",{"title":164,"path":165,"stem":166},"Lower-level functions","\u002Fadapters\u002Flower-level","99.Adapters\u002F3.lower-level",{"id":168,"title":79,"body":169,"description":268,"extension":280,"meta":281,"navigation":282,"path":80,"seo":283,"stem":81,"__hash__":284},"content\u002F10.Examples\u002F0.index.md",{"type":170,"value":171,"toc":267,"icon":84},"minimark",[172,176,181,189,197,203,214,220,227,233,236,242,253,257],[173,174,175],"p",{},"Each example is a complete, runnable walkthrough of a pattern you'll encounter in real systems. All code is production-shape (error handling, claim validation, key persistence notes included) — not toy snippets.",[177,178,180],"h2",{"id":179},"the-examples","The examples",[182,183,185],"h3",{"id":184},"authentication-basics",[186,187,188],"a",{"href":87},"Authentication basics →",[173,190,191,192,196],{},"Sign a JWT on login, verify it on every protected request. Covers symmetric keys, ",[193,194,195],"code",{},"expiresIn",", audience\u002Fissuer binding, and the minimum viable auth setup.",[182,198,200],{"id":199},"consuming-a-jwks-endpoint",[186,201,202],{"href":92},"Consuming a JWKS endpoint →",[173,204,205,206,209,210,213],{},"Verify tokens issued by a third party (your OAuth provider, Auth0, Okta, Entra, Keycloak, …). Fetch the JWK Set, cache it, and let ",[193,207,208],{},"verify()"," pick the right key by ",[193,211,212],{},"kid",".",[182,215,217],{"id":216},"refresh-token-pattern",[186,218,219],{"href":96},"Refresh token pattern →",[173,221,222,223,226],{},"Short-lived JWS access tokens, long-lived JWE refresh tokens. Automatic refresh on access-token expiry via the H3 adapter's ",[193,224,225],{},"onExpire"," hook.",[182,228,230],{"id":229},"end-to-end-encryption",[186,231,232],{"href":100},"End-to-end encryption →",[173,234,235],{},"One-to-one and one-to-many E2EE with ECDH-ES. The fan-out (one token per recipient) and shared-ciphertext (one encryption, per-recipient wrapped keys) patterns both covered.",[182,237,239],{"id":238},"signed-receipts",[186,240,241],{"href":104},"Signed receipts →",[173,243,244,245,248,249,252],{},"Multi-signature JWS for notarized documents, quorum approvals, and audit trails. Uses ",[193,246,247],{},"signMulti"," + ",[193,250,251],{},"verifyMultiAll"," with per-signer policy.",[177,254,256],{"id":255},"request-an-example","Request an example",[173,258,259,260,266],{},"Found a pattern you use that isn't here? ",[186,261,265],{"href":262,"rel":263},"https:\u002F\u002Fgithub.com\u002Fsandros94\u002Funjwt\u002Fdiscussions",[264],"nofollow","Open a discussion"," with the use case — real-world examples are where this section grows.",{"title":268,"searchDepth":269,"depth":269,"links":270},"",2,[271,279],{"id":179,"depth":269,"text":180,"children":272},[273,275,276,277,278],{"id":184,"depth":274,"text":188},3,{"id":199,"depth":274,"text":202},{"id":216,"depth":274,"text":219},{"id":229,"depth":274,"text":232},{"id":238,"depth":274,"text":241},{"id":255,"depth":269,"text":256},"md",{"icon":84},{"icon":84},{"title":79,"description":268},"vucq0XcDb6AbTw4O9m0x7aDiSu5MCAzqIJvuKlovacU",[286,287],{"title":49,"path":76,"stem":77,"description":268,"children":-1},{"title":86,"path":87,"stem":88,"description":268,"icon":89,"children":-1},1776888557911]