Safe Haskell	None
Language	Haskell2010

Jose.Jwt

Description

High-level JWT encoding and decoding.

Example usage:

>>> import Jose.Jwe
>>> import Jose.Jwa
>>> import Jose.Jwk
>>> import Data.ByteString
>>> import Data.Aeson (decodeStrict)
>>> let jsonJwk = "{\"kty\":\"RSA\", \"kid\":\"mykey\", \"n\":\"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ\", \"e\":\"AQAB\", \"d\":\"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ\"}" :: ByteString
>>> let Just jwk = decodeStrict jsonJwk :: Maybe Jwk
>>> Right (Jwt jwtEncoded) <- encode [jwk] (JwsEncoding RS256) (Claims "public claims")
>>> Right jwtDecoded <- Jose.Jwt.decode [jwk] (Just (JwsEncoding RS256)) jwtEncoded
>>> jwtDecoded
Jws (JwsHeader {jwsAlg = RS256, jwsTyp = Nothing, jwsCty = Nothing, jwsKid = Just (KeyId "mykey")},"public claims")

Synopsis

Documentation

newtype Jwt Source #

An encoded JWT.

Constructors

Jwt
Fields unJwt :: ByteString

Instances

Eq Jwt Source #
Methods (==) :: Jwt -> Jwt -> Bool # (/=) :: Jwt -> Jwt -> Bool #
Show Jwt Source #
Methods showsPrec :: Int -> Jwt -> ShowS # show :: Jwt -> String # showList :: [Jwt] -> ShowS #
ToJSON Jwt Source #
Methods toJSON :: Jwt -> Value # toEncoding :: Jwt -> Encoding # toJSONList :: [Jwt] -> Value # toEncodingList :: [Jwt] -> Encoding #
FromJSON Jwt Source #
Methods parseJSON :: Value -> Parser Jwt # parseJSONList :: Value -> Parser [Jwt] #

type Jwe = (JweHeader, ByteString) Source #

The header and claims of a decoded JWE.

type Jws = (JwsHeader, ByteString) Source #

The header and claims of a decoded JWS.

data JwtClaims Source #

Registered claims defined in section 4 of the JWT spec.

Constructors

JwtClaims
Fields jwtIss :: !(Maybe Text) jwtSub :: !(Maybe Text) jwtAud :: !(Maybe [Text]) jwtExp :: !(Maybe IntDate) jwtNbf :: !(Maybe IntDate) jwtIat :: !(Maybe IntDate) jwtJti :: !(Maybe Text)

Instances

Show JwtClaims Source #
Methods showsPrec :: Int -> JwtClaims -> ShowS # show :: JwtClaims -> String # showList :: [JwtClaims] -> ShowS #
Generic JwtClaims Source #
Associated Types type Rep JwtClaims :: * -> * # Methods from :: JwtClaims -> Rep JwtClaims x # to :: Rep JwtClaims x -> JwtClaims #
ToJSON JwtClaims Source #
Methods toJSON :: JwtClaims -> Value # toEncoding :: JwtClaims -> Encoding # toJSONList :: [JwtClaims] -> Value # toEncodingList :: [JwtClaims] -> Encoding #
FromJSON JwtClaims Source #
Methods parseJSON :: Value -> Parser JwtClaims # parseJSONList :: Value -> Parser [JwtClaims] #
type Rep JwtClaims Source #
type Rep JwtClaims = D1 (MetaData "JwtClaims" "Jose.Types" "jose-jwt-0.7.5-EWBq0zh6JlWJwYDQQjiEsr" False) (C1 (MetaCons "JwtClaims" PrefixI True) ((::) ((::) (S1 (MetaSel (Just Symbol "jwtIss") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) ((::) (S1 (MetaSel (Just Symbol "jwtSub") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) (S1 (MetaSel (Just Symbol "jwtAud") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe [Text]))))) ((::) ((::) (S1 (MetaSel (Just Symbol "jwtExp") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe IntDate))) (S1 (MetaSel (Just Symbol "jwtNbf") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe IntDate)))) ((::) (S1 (MetaSel (Just Symbol "jwtIat") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe IntDate))) (S1 (MetaSel (Just Symbol "jwtJti") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)))))))

data JwsHeader Source #

Header content for a JWS.

Constructors

JwsHeader
Fields jwsAlg :: JwsAlg jwsTyp :: Maybe Text jwsCty :: Maybe Text jwsKid :: Maybe KeyId

Instances

Eq JwsHeader Source #
Methods (==) :: JwsHeader -> JwsHeader -> Bool # (/=) :: JwsHeader -> JwsHeader -> Bool #
Show JwsHeader Source #
Methods showsPrec :: Int -> JwsHeader -> ShowS # show :: JwsHeader -> String # showList :: [JwsHeader] -> ShowS #
Generic JwsHeader Source #
Associated Types type Rep JwsHeader :: * -> * # Methods from :: JwsHeader -> Rep JwsHeader x # to :: Rep JwsHeader x -> JwsHeader #
ToJSON JwsHeader Source #
Methods toJSON :: JwsHeader -> Value # toEncoding :: JwsHeader -> Encoding # toJSONList :: [JwsHeader] -> Value # toEncodingList :: [JwsHeader] -> Encoding #
FromJSON JwsHeader Source #
Methods parseJSON :: Value -> Parser JwsHeader # parseJSONList :: Value -> Parser [JwsHeader] #
type Rep JwsHeader Source #
type Rep JwsHeader = D1 (MetaData "JwsHeader" "Jose.Types" "jose-jwt-0.7.5-EWBq0zh6JlWJwYDQQjiEsr" False) (C1 (MetaCons "JwsHeader" PrefixI True) ((::) ((::) (S1 (MetaSel (Just Symbol "jwsAlg") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 JwsAlg)) (S1 (MetaSel (Just Symbol "jwsTyp") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Maybe Text)))) ((:*:) (S1 (MetaSel (Just Symbol "jwsCty") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Maybe Text))) (S1 (MetaSel (Just Symbol "jwsKid") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Maybe KeyId))))))

data JweHeader Source #

Header content for a JWE.

Constructors

JweHeader
Fields jweAlg :: JweAlg jweEnc :: Enc jweTyp :: Maybe Text jweCty :: Maybe Text jweZip :: Maybe Text jweKid :: Maybe KeyId

Instances

Eq JweHeader Source #
Methods (==) :: JweHeader -> JweHeader -> Bool # (/=) :: JweHeader -> JweHeader -> Bool #
Show JweHeader Source #
Methods showsPrec :: Int -> JweHeader -> ShowS # show :: JweHeader -> String # showList :: [JweHeader] -> ShowS #
Generic JweHeader Source #
Associated Types type Rep JweHeader :: * -> * # Methods from :: JweHeader -> Rep JweHeader x # to :: Rep JweHeader x -> JweHeader #
ToJSON JweHeader Source #
Methods toJSON :: JweHeader -> Value # toEncoding :: JweHeader -> Encoding # toJSONList :: [JweHeader] -> Value # toEncodingList :: [JweHeader] -> Encoding #
FromJSON JweHeader Source #
Methods parseJSON :: Value -> Parser JweHeader # parseJSONList :: Value -> Parser [JweHeader] #
type Rep JweHeader Source #
type Rep JweHeader = D1 (MetaData "JweHeader" "Jose.Types" "jose-jwt-0.7.5-EWBq0zh6JlWJwYDQQjiEsr" False) (C1 (MetaCons "JweHeader" PrefixI True) ((::) ((::) (S1 (MetaSel (Just Symbol "jweAlg") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 JweAlg)) ((::) (S1 (MetaSel (Just Symbol "jweEnc") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 Enc)) (S1 (MetaSel (Just Symbol "jweTyp") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Maybe Text))))) ((::) (S1 (MetaSel (Just Symbol "jweCty") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Maybe Text))) ((:*:) (S1 (MetaSel (Just Symbol "jweZip") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Maybe Text))) (S1 (MetaSel (Just Symbol "jweKid") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Maybe KeyId)))))))

data JwtContent Source #

A decoded JWT which can be either a JWE or a JWS, or an unsecured JWT.

Constructors

Unsecured !ByteString
Jws !Jws
Jwe !Jwe

Instances

Eq JwtContent Source #
Methods (==) :: JwtContent -> JwtContent -> Bool # (/=) :: JwtContent -> JwtContent -> Bool #
Show JwtContent Source #
Methods showsPrec :: Int -> JwtContent -> ShowS # show :: JwtContent -> String # showList :: [JwtContent] -> ShowS #

data JwtEncoding Source #

Defines the encoding information for a JWT.

Used for both encoding new JWTs and validating existing ones.

Constructors

JwsEncoding JwsAlg
JweEncoding JweAlg Enc

Instances

Eq JwtEncoding Source #
Methods (==) :: JwtEncoding -> JwtEncoding -> Bool # (/=) :: JwtEncoding -> JwtEncoding -> Bool #
Show JwtEncoding Source #
Methods showsPrec :: Int -> JwtEncoding -> ShowS # show :: JwtEncoding -> String # showList :: [JwtEncoding] -> ShowS #

data JwtError Source #

Decoding errors.

Constructors

KeyError Text	No suitable key or wrong key type
BadAlgorithm Text	The supplied algorithm is invalid
BadDots Int	Wrong number of "." characters in the JWT
BadHeader Text	Header couldn't be decoded or contains bad data
BadClaims	Claims part couldn't be decoded or contains bad data
BadSignature	Signature is invalid
BadCrypto	A cryptographic operation failed
Base64Error String	A base64 decoding error

Instances

Eq JwtError Source #
Methods (==) :: JwtError -> JwtError -> Bool # (/=) :: JwtError -> JwtError -> Bool #
Show JwtError Source #
Methods showsPrec :: Int -> JwtError -> ShowS # show :: JwtError -> String # showList :: [JwtError] -> ShowS #

data Payload Source #

The payload to be encoded in a JWT.

Constructors

Nested Jwt
Claims ByteString

Instances

Eq Payload Source #
Methods (==) :: Payload -> Payload -> Bool # (/=) :: Payload -> Payload -> Bool #
Show Payload Source #
Methods showsPrec :: Int -> Payload -> ShowS # show :: Payload -> String # showList :: [Payload] -> ShowS #

encode Source #

Arguments

:: MonadRandom m
=> [Jwk]	The key or keys. At least one must be consistent with the chosen algorithm
-> JwtEncoding	The encoding algorithm(s) used to encode the payload
-> Payload	The payload (claims)
-> m (Either JwtError Jwt)	The encoded JWT, if successful

Use the supplied JWKs to create a JWT. The list of keys will be searched to locate one which is consistent with the chosen encoding algorithms.

decode Source #

Arguments

:: MonadRandom m
=> [Jwk]	The keys to use for decoding
-> Maybe JwtEncoding	The expected encoding information
-> ByteString	The encoded JWT
-> m (Either JwtError JwtContent)	The decoded JWT payload, if successful

Uses the supplied keys to decode a JWT. Locates a matching key by header kid value where possible or by suitable key type for the encoding algorithm.

The algorithm(s) used can optionally be supplied for validation by setting the JwtEncoding parameter, in which case an error will be returned if they don't match. If you expect the tokens to use a particular algorithm, then you should set this parameter.

For unsecured tokens (with algorithm "none"), the expected algorithm must be set to Just (JwsEncoding None) or an error will be returned.

decodeClaims :: ByteString -> Either JwtError (JwtHeader, JwtClaims) Source #

Convenience function to return the claims contained in a JWT. This is required in situations such as client assertion authentication, where the contents of the JWT may be required in order to work out which key should be used to verify the token. Obviously this should not be used by itself to decode a token since no integrity checking is done and the contents may be forged.