From 13eff118fb8e288ca01bd3daa202e4dfc77510fc Mon Sep 17 00:00:00 2001
From: mouna-elmaazouzi <mouna.elmaazouzi@4d.com>
Date: Mon, 29 Sep 2025 15:30:03 +0100
Subject: [PATCH 1/8] Create JWT.md

---
 Documentation/Classes/JWT.md | 136 +++++++++++++++++++++++++++++++++++
 1 file changed, 136 insertions(+)
 create mode 100644 Documentation/Classes/JWT.md

diff --git a/Documentation/Classes/JWT.md b/Documentation/Classes/JWT.md
new file mode 100644
index 0000000..134fdcd
--- /dev/null
+++ b/Documentation/Classes/JWT.md
@@ -0,0 +1,136 @@
+# JWT Class
+
+## Overview
+
+The `JWT` class allows you to generate, decode, and validate JSON Web Tokens (JWTs) to authenticate users and secure API calls. JWTs are widely used in modern web authentication systems, including OAuth2 and OpenID Connect.
+
+This class is typically used in three scenarios:
+
+* **Token generation**: Create a signed JWT when a user logs in.
+* **Token decoding**: Read and inspect a JWT received from an authentication provider.
+* **Token validation**: Verify the JWT’s signature and expiration before granting access to protected resources.
+
+This class can be instantiated using the `cs.NetKit.JWT.new()` function.
+
+**Note:** Shared objects are not supported by the 4D NetKit API.
+
+## Table of contents
+
+* [Initialization](#csnetkitjwtnew)
+* [JWT.encode()](#jwtencode)
+* [JWT.decode()](#jwtdecode)
+* [JWT.isValid()](#jwtisvalid)
+
+
+## **cs.NetKit.JWT.new()**
+
+**cs.NetKit.JWT.new()** : `cs.NetKit.JWT`
+
+Creates a new instance of the JWT class.
+
+### Example
+
+```4d
+var $jwt := cs.NetKit.JWT.new()
+```
+
+## JWT.decode()
+
+**JWT.decode** ( *token* : Text ) : Object
+
+### Parameters
+
+| Parameter | Type |  | Description         |
+|-----------|----- |:---:|----------------- |
+| token     | Text |->| JWT string to decode |
+| Result    | Object |<-|The decoded content of the JWT |
+
+### Description
+
+Decodes a JWT string and returns its components (header, payload, signature).
+
+### Returned object
+
+The function returns an object containing the following properties:
+
+| Property | Type | Description |
+|---|---|---|
+|header| Object |Metadata about the token type and the signing algorithm |
+|payload| Object |The information (claims) of the token like the user's name, role, user ID, or expiration date.|                                                                          
+|signature| Object |Ensures the integrity of the token and verifies the sender’s authenticity|
+
+### Example
+
+```4d
+
+var $result := cs.NetKit.JWT.new().decode($token)
+
+```
+
+## JWT.generate()
+
+**JWT.generate** ( *params* : Object ; *privateKey* : Text ) : Text
+
+### Parameters
+
+| Parameter | Type | | Description |
+|------------|--------|:--:|--------------------------------------------------------------|
+| params | Object | ->| Options for the JWT content|
+| privateKey | Text | ->| Private key used to sign the JWT |
+| Result | Text | <-| The generated JWT token |
+
+### Description
+
+Generates a signed JWT based on the provided parameters and private key.
+
+In *params*, you can pass several properties:
+
+| Property |  | Type | Description |
+|----------|--|------|-------------|
+| header | |Object | *(optional)* Metadata about the token |
+| | header.alg |Text |Signing algorithm. Defaults to `"RS256"` if not specified |
+| | header.typ |Text | Token type. Defaults to `"JWT"` if not specified|
+| payload | | Object | The claims/information you want to include in the token|                                                                                                                    
+
+### Example
+
+```4d
+
+var $claims:={header: {alg: "HS256"; typ: "JWT"}}
+$claims.payload:={sub: "123456789"; name: "John"; exp : 50}
+
+var $token := cs.NetKit.JWT.new().generate($claims; $privateKey)
+
+```
+
+## JWT.validate()
+
+**JWT.validate** ( *token* : Text ; *key* : Text ) : Boolean
+
+### Parameters
+
+| Parameter | Type | | Description |
+|-----------|------|--:|-------------------------------------------------------------|
+| token | Text | ->| JWT token to validate |
+| key | Text | ->| Public key or shared secret used to verify the signature |
+| Result | Boolean | <-| `True` if the token is valid, `False` otherwise |
+
+### Description
+
+Validates a JWT token using the provided public key or shared secret.
+
+### Example
+
+```4d
+
+var $isValid:= cs.NetKit.JWT.new().validate($token; $key)
+
+```
+## See also
+
+* [OAuth2Provider Class](./OAuth2Provider.md)
+* [Google Class](./Google.md)
+* [Office365 Class](./Office365.md)
+* [Interactive JWT Debugger](https://jwt.io/)
+
+

From 84353fa74dd02828445a5332cd4627324acf2cc7 Mon Sep 17 00:00:00 2001
From: mouna-elmaazouzi <mouna.elmaazouzi@4d.com>
Date: Mon, 29 Sep 2025 15:52:57 +0100
Subject: [PATCH 2/8] Update README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 2ae5aa5..12d9159 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@
 ## Table of contents
 
 * [OAuth2Provider class](Documentation/Classes/OAuth2Provider.md)
+* [JWT class](Documentation/Classes/JWT.md)
 * [Office365 class](Documentation/Classes/Office365.md)
 * [Google class](Documentation/Classes/Google.md)
 * [Tutorial : Authenticate to the Microsoft Graph API in service mode](Documentation/Tutorial.md)

From e28449aaaf8530aef2cba6562fef1f35b62638f6 Mon Sep 17 00:00:00 2001
From: mouna-elmaazouzi <mouna.elmaazouzi@4d.com>
Date: Mon, 29 Sep 2025 17:16:51 +0100
Subject: [PATCH 3/8] Update JWT.md

---
 Documentation/Classes/JWT.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Documentation/Classes/JWT.md b/Documentation/Classes/JWT.md
index 134fdcd..68fc58e 100644
--- a/Documentation/Classes/JWT.md
+++ b/Documentation/Classes/JWT.md
@@ -10,16 +10,16 @@ This class is typically used in three scenarios:
 * **Token decoding**: Read and inspect a JWT received from an authentication provider.
 * **Token validation**: Verify the JWT’s signature and expiration before granting access to protected resources.
 
-This class can be instantiated using the `cs.NetKit.JWT.new()` function.
+This class is instantiated using the `cs.NetKit.JWT.new()` function.
 
 **Note:** Shared objects are not supported by the 4D NetKit API.
 
 ## Table of contents
 
 * [Initialization](#csnetkitjwtnew)
-* [JWT.encode()](#jwtencode)
 * [JWT.decode()](#jwtdecode)
-* [JWT.isValid()](#jwtisvalid)
+* [JWT.generate()](#jwtgenerate)
+* [JWT.validate()](#jwtvalidate)
 
 
 ## **cs.NetKit.JWT.new()**

From e60cc070f67840b6264a6ebca1b1c804b0ffb7a3 Mon Sep 17 00:00:00 2001
From: mouna-elmaazouzi <mouna.elmaazouzi@4d.com>
Date: Mon, 29 Sep 2025 17:22:33 +0100
Subject: [PATCH 4/8] Update JWT.md

---
 Documentation/Classes/JWT.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Documentation/Classes/JWT.md b/Documentation/Classes/JWT.md
index 68fc58e..50c2148 100644
--- a/Documentation/Classes/JWT.md
+++ b/Documentation/Classes/JWT.md
@@ -16,13 +16,13 @@ This class is instantiated using the `cs.NetKit.JWT.new()` function.
 
 ## Table of contents
 
-* [Initialization](#csnetkitjwtnew)
+* [cs.NetKit.JWT.new()](#csnetkitjwtnew)
 * [JWT.decode()](#jwtdecode)
 * [JWT.generate()](#jwtgenerate)
 * [JWT.validate()](#jwtvalidate)
 
 
-## **cs.NetKit.JWT.new()**
+## cs.NetKit.JWT.new()
 
 **cs.NetKit.JWT.new()** : `cs.NetKit.JWT`
 

From e9793b4209345a860fd9d3427392b27dc821b0cc Mon Sep 17 00:00:00 2001
From: mouna-elmaazouzi <mouna.elmaazouzi@4d.com>
Date: Mon, 29 Sep 2025 17:37:47 +0100
Subject: [PATCH 5/8] Update JWT.md

---
 Documentation/Classes/JWT.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Documentation/Classes/JWT.md b/Documentation/Classes/JWT.md
index 50c2148..5aa6a14 100644
--- a/Documentation/Classes/JWT.md
+++ b/Documentation/Classes/JWT.md
@@ -96,10 +96,10 @@ In *params*, you can pass several properties:
 
 ```4d
 
-var $claims:={header: {alg: "HS256"; typ: "JWT"}}
-$claims.payload:={sub: "123456789"; name: "John"; exp : 50}
+var $params:={header: {alg: "HS256"; typ: "JWT"}}
+$params.payload:={sub: "123456789"; name: "John"; exp : 50}
 
-var $token := cs.NetKit.JWT.new().generate($claims; $privateKey)
+var $token := cs.NetKit.JWT.new().generate($params; $privateKey)
 
 ```
 

From 5997c6bcb5974c5dd3d778d7ab88e818269cc08e Mon Sep 17 00:00:00 2001
From: mouna-elmaazouzi <mouna.elmaazouzi@4d.com>
Date: Tue, 30 Sep 2025 09:13:40 +0100
Subject: [PATCH 6/8] Update JWT.md

---
 Documentation/Classes/JWT.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Documentation/Classes/JWT.md b/Documentation/Classes/JWT.md
index 5aa6a14..a386873 100644
--- a/Documentation/Classes/JWT.md
+++ b/Documentation/Classes/JWT.md
@@ -112,7 +112,7 @@ var $token := cs.NetKit.JWT.new().generate($params; $privateKey)
 | Parameter | Type | | Description |
 |-----------|------|--:|-------------------------------------------------------------|
 | token | Text | ->| JWT token to validate |
-| key | Text | ->| Public key or shared secret used to verify the signature |
+| key | Text | ->| Used to verify the signature. Can either be a public key (used with asymmetric algorithms like RS256) or a shared secret (used with symmetric algorithms like HS256), depending on how the JWT was signed.|
 | Result | Boolean | <-| `True` if the token is valid, `False` otherwise |
 
 ### Description

From 8e5c387f9147a4380087d844ced1e01e173005dc Mon Sep 17 00:00:00 2001
From: mouna-elmaazouzi <mouna.elmaazouzi@4d.com>
Date: Tue, 30 Sep 2025 09:19:42 +0100
Subject: [PATCH 7/8] Update JWT.md

---
 Documentation/Classes/JWT.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Documentation/Classes/JWT.md b/Documentation/Classes/JWT.md
index a386873..4250e0d 100644
--- a/Documentation/Classes/JWT.md
+++ b/Documentation/Classes/JWT.md
@@ -131,6 +131,5 @@ var $isValid:= cs.NetKit.JWT.new().validate($token; $key)
 * [OAuth2Provider Class](./OAuth2Provider.md)
 * [Google Class](./Google.md)
 * [Office365 Class](./Office365.md)
-* [Interactive JWT Debugger](https://jwt.io/)
 
 

From 746142b01cdeb2dd7f4819430c03fc68f3120476 Mon Sep 17 00:00:00 2001
From: mouna-elmaazouzi <mouna.elmaazouzi@4d.com>
Date: Tue, 14 Oct 2025 10:04:40 +0100
Subject: [PATCH 8/8] Update JWT.md

---
 Documentation/Classes/JWT.md | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/Documentation/Classes/JWT.md b/Documentation/Classes/JWT.md
index 4250e0d..bbc17e2 100644
--- a/Documentation/Classes/JWT.md
+++ b/Documentation/Classes/JWT.md
@@ -24,14 +24,21 @@ This class is instantiated using the `cs.NetKit.JWT.new()` function.
 
 ## cs.NetKit.JWT.new()
 
-**cs.NetKit.JWT.new()** : `cs.NetKit.JWT`
+**cs.NetKit.JWT.new** ( *key* : Text or Object ) : `cs.NetKit.JWT`
 
 Creates a new instance of the JWT class.
 
+### Parameters
+
+| Parameter | Type         | Description |
+|-----------|--------------|-------------|
+| key       | Text/Object  | *Optional.* If text → Key in PEM format.<br>- If object → Must be an object returned by `4D.CryptoKey`.<br>If it's a private key, the public key will be inferred. |
+
 ### Example
 
 ```4d
-var $jwt := cs.NetKit.JWT.new()
+var $jwt := cs.NetKit.JWT.new($key)
+
 ```
 
 ## JWT.decode()
@@ -69,19 +76,19 @@ var $result := cs.NetKit.JWT.new().decode($token)
 
 ## JWT.generate()
 
-**JWT.generate** ( *params* : Object ; *privateKey* : Text ) : Text
+**JWT.generate** ( *params* : Object { ; *privateKey* : Text or Object } ) : Text
 
 ### Parameters
 
 | Parameter | Type | | Description |
 |------------|--------|:--:|--------------------------------------------------------------|
 | params | Object | ->| Options for the JWT content|
-| privateKey | Text | ->| Private key used to sign the JWT |
+| privateKey | Text/Object | ->| *Optional.* If text → Private key in PEM format.<br>- If object → Must be returned by `4D.CryptoKey`.<br>If omitted, the key passed to `JWT.new()` will be used. |
 | Result | Text | <-| The generated JWT token |
 
 ### Description
 
-Generates a signed JWT based on the provided parameters and private key.
+Generates a signed JWT based on the provided parameters and optional private key.
 
 In *params*, you can pass several properties:
 
@@ -105,19 +112,19 @@ var $token := cs.NetKit.JWT.new().generate($params; $privateKey)
 
 ## JWT.validate()
 
-**JWT.validate** ( *token* : Text ; *key* : Text ) : Boolean
+**JWT.validate** ( *token* : Text { ; *key* : Text or Object } ) : Boolean
 
 ### Parameters
 
 | Parameter | Type | | Description |
 |-----------|------|--:|-------------------------------------------------------------|
 | token | Text | ->| JWT token to validate |
-| key | Text | ->| Used to verify the signature. Can either be a public key (used with asymmetric algorithms like RS256) or a shared secret (used with symmetric algorithms like HS256), depending on how the JWT was signed.|
+| key | Text | ->| *Optional.* If text → Private or public key in PEM format.<br>- If object → Must be returned by `4D.CryptoKey`.<br>If omitted, the key passed to `JWT.new()` will be used. |
 | Result | Boolean | <-| `True` if the token is valid, `False` otherwise |
 
 ### Description
 
-Validates a JWT token using the provided public key or shared secret.
+Validates a JWT token using the provided public key or the key passed to the constructor.
 
 ### Example