diff --git a/README.md b/README.md index bb7f679..6d74a9c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,9 @@ pg\_session\_jwt ================ -`pg_session_jwt` is a PostgreSQL extension designed to handle JSON Web Tokens (JWT) within PostgreSQL sessions. It provides utilities to manage JWT-based authentication and user sessions securely in the database. +`pg_session_jwt` is a PostgreSQL extension designed to handle authenticated sessions through a JWT. This JWT is then verified against a JWK (JSON Web Key) to ensure its authenticity. Both the JWK and the JWT must be provided to the extension by a Postgres superuser. The extension then stores the JWT in the database for later retrieval, and exposes functions to retrieve the user ID (the `sub` subject field) and other parts of the payload. + +The goal of this extension is to provide a secure and efficient way to manage authenticated sessions in a PostgreSQL database. The JWTs can be generated by third-party auth providers, and then developers can leverage the JWT for [Row Level Security](https://www.postgresql.org/docs/current/ddl-rowsecurity.html) (RLS) policies, or to retrieve the user ID for other purposes (column defaults, filters, etc.). > [!WARNING] > This extension is under active development. The entire API is subject to change. @@ -9,9 +11,9 @@ pg\_session\_jwt Features -------- -* **Initialize JWT sessions** using a JWKS (JSON Web Key Set). +* **Initialize JWT sessions** using a JWK (JSON Web Key). -* **Retrieve the user ID** or session-related information directly from the database. +* **Retrieve the user ID** or other session-related information directly from the database. * Simple JSONB-based storage and retrieval of session information. @@ -20,9 +22,9 @@ Usage `pg_session_jwt` exposes four main functions: -### 1\. auth.init(kid bigint, jwks jsonb) → void +### 1\. auth.init(kid bigint, jwk jsonb) → void -Initializes a session with a given key identifier (KID) and JWKS data in JSONB format. +Initializes a session with a given key identifier (KID) and JWK data in JSONB format. ### 2\. auth.jwt\_session\_init(jwt text) → void