| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Jose.Jwt
Description
High-level JWT encoding and decoding.
Example usage:
>>>import Jose.Jwe>>>import Jose.Jwa>>>import Jose.Jwk>>>import Data.Aeson (decodeStrict)>>>import Crypto.Random.AESCtr>>>g <- makeSystem>>>let jsonJwk = "{\"kty\":\"RSA\", \"kid\":\"mykey\", \"n\":\"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ\", \"e\":\"AQAB\", \"d\":\"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ\"}">>>let Just jwk = decodeStrict jsonJwk :: Maybe Jwk>>>let (Right jwtEncoded, g') = encode g jwk (Signed RS256) Nothing "public claims">>>let (Right jwtDecoded, g'') = Jose.Jwt.decode g' [jwk] jwtEncoded>>>jwtDecodedJws (JwsHeader {jwsAlg = RS256, jwsTyp = Nothing, jwsCty = Nothing, jwsKid = Just "mykey"},"public claims")
- data Jwt
- type Jwe = (JweHeader, ByteString)
- type Jws = (JwsHeader, ByteString)
- data JwtClaims = JwtClaims {}
- data JwsHeader = JwsHeader {}
- data JweHeader = JweHeader {}
- data JwtError
- encode :: CPRG g => g -> Jwk -> Alg -> Maybe Enc -> ByteString -> (Either JwtError ByteString, g)
- decode :: CPRG g => g -> [Jwk] -> ByteString -> (Either JwtError Jwt, g)
- decodeClaims :: ByteString -> Either JwtError (JwtHeader, JwtClaims)
Documentation
A decoded JWT which can be either a JWE or a JWS.
type Jwe = (JweHeader, ByteString) Source
The header and claims of a decoded JWE.
type Jws = (JwsHeader, ByteString) Source
The header and claims of a decoded JWS.
Registered claims defined in section 4 of the JWT spec.
Constructors
| JwtClaims | |
Header content for a JWS.
Constructors
| JwsHeader | |
Header content for a JWE.
Constructors
| JweHeader | |
Decoding errors.
Constructors
| KeyError Text | No suitable key or wrong key type |
| BadAlgorithm Text | The supplied algorithm is invalid |
| BadDots Int | Wrong number of "." characters in the JWT |
| BadHeader Text | Header couldn't be decoded or contains bad data |
| BadClaims | Claims part couldn't be decoded or contains bad data |
| BadSignature | Signature is invalid |
| BadCrypto | A cryptographic operation failed |
| Base64Error String | A base64 decoding error |
Arguments
| :: CPRG g | |
| => g | Random number generator. |
| -> Jwk | The key. Must be consistent with the chosen algorithm |
| -> Alg | The JWS or JWE algorithm |
| -> Maybe Enc | The payload encryption algorithm (if applicable) |
| -> ByteString | The payload (claims) |
| -> (Either JwtError ByteString, g) | The encode JWT, if successful |
Use the supplied JWK to create a JWT.
Arguments
| :: CPRG g | |
| => g | Random number generator. Only used for RSA blinding |
| -> [Jwk] | The keys to use for decoding |
| -> ByteString | The encoded JWT |
| -> (Either JwtError Jwt, g) | The decoded JWT, if successful |
Uses the supplied keys to decode a JWT.
Locates a matching key by header kid value where possible
or by suitable key type.
The JWK use and alg options are currently ignored.
decodeClaims :: ByteString -> Either JwtError (JwtHeader, JwtClaims) Source
Convenience function to return the claims contained in a JWT. This is required in situations such as client assertion authentication, where the contents of the JWT may be required in order to work out which key should be used to verify the token. Obviously this should not be used by itself to decode a token since no integrity checking is done and the contents may be forged.