jose- Javascript Object Signing and Encryption and JSON Web Token library

Safe HaskellNone



JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JavaScript Object Notation (JSON) based data structures.



data Alg Source #

JWA §3.1. "alg" (Algorithm) Header Parameters for JWS

newJWSHeader :: Alg -> JWSHeader Source #

Construct a minimal header with the given algorithm

data JWS Source #

JSON Web Signature data type. Consists of a payload and a (possibly empty) list of signatures.


JWS Base64Octets [Signature] 

newJWS :: ByteString -> JWS Source #

Construct a new (unsigned) JWS

jwsPayload :: JWS -> ByteString Source #

Payload of a JWS, as a lazy bytestring.

signJWS Source #


:: MonadRandom m 
=> JWS

JWS to sign

-> JWSHeader

Header for signature

-> JWK

Key with which to sign

-> m (Either Error JWS)

JWS with new signature appended

Create a new signature on a JWS.

newtype ValidationAlgorithms Source #

Algorithms for which validation will be attempted. The default value includes all algorithms except None.


ValidationAlgorithms [Alg] 

data ValidationPolicy Source #

Validation policy. The default policy is AllValidated.



One successfully validated signature is sufficient


All signatures for which validation is attempted must be validated

verifyJWS :: ValidationAlgorithms -> ValidationPolicy -> JWK -> JWS -> Bool Source #

Verify a JWS.

Verification succeeds if any signature on the JWS is successfully validated with the given Key.

If only specific signatures need to be validated, and the ValidationPolicy argument is not enough to express this, the caller is responsible for removing irrelevant signatures prior to calling verifyJWS.