| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
| Extensions |
|
Libjwt.JwtValidation
Description
Validation of JWT claims
Synopsis
- data ValidationSettings = Settings {}
- defaultValidationSettings :: ValidationSettings
- runValidation :: MonadTime m => ValidationSettings -> JwtValidation pc any -> Payload pc any -> m (ValidationNEL ValidationFailure Valid)
- type ValidationNEL a b = Validation (NonEmpty a) b
- data Valid
- type Check pc ns = Payload pc ns -> ValidationNEL ValidationFailure Valid
- data JwtValidation pc any
- validation :: Check pc any -> JwtValidation pc any
- invalid :: ValidationFailure -> ValidationNEL ValidationFailure Valid
- valid :: ValidationNEL ValidationFailure Valid
- checkIssuer :: String -> JwtValidation any1 any2
- checkSubject :: String -> JwtValidation any1 any2
- checkAge :: NominalDiffTime -> JwtValidation any1 any2
- checkIssuedAfter :: UTCTime -> JwtValidation any1 any2
- checkJwtId :: UUID -> JwtValidation any1 any2
- checkClaim :: (CanGet n pc, a ~ LookupClaimType n pc) => (a -> Bool) -> ClaimName n -> JwtValidation pc any
- check :: String -> (a -> Bool) -> (Payload pc any -> a) -> JwtValidation pc any
- data ValidationFailure
Documentation
data ValidationSettings Source #
User-defined parameters of an validation
Constructors
| Settings | |
Instances
| Show ValidationSettings Source # | |
Defined in Libjwt.JwtValidation Methods showsPrec :: Int -> ValidationSettings -> ShowS # show :: ValidationSettings -> String # showList :: [ValidationSettings] -> ShowS # | |
defaultValidationSettings :: ValidationSettings Source #
ValidationSettings with leeway set to 0 and appName set to Nothing
Arguments
| :: MonadTime m | |
| => ValidationSettings | leeway and appName |
| -> JwtValidation pc any | v |
| -> Payload pc any | payload |
| -> m (ValidationNEL ValidationFailure Valid) |
Run checks against the payload.
The exact set of checks is: defaultValidationRules <> v , where v is passed to this function and defaultValidationRules is:
- check exp claim against the current time (minus possible
leeway), - check nbf claim against the current time (plus possible
leeway), - check aud claim against
appName
See the docs of ValidationFailure for a list of possible errors.
type ValidationNEL a b = Validation (NonEmpty a) b Source #
type Check pc ns = Payload pc ns -> ValidationNEL ValidationFailure Valid Source #
data JwtValidation pc any Source #
Instances
| Semigroup (JwtValidation pc any) Source # | |
Defined in Libjwt.JwtValidation Methods (<>) :: JwtValidation pc any -> JwtValidation pc any -> JwtValidation pc any # sconcat :: NonEmpty (JwtValidation pc any) -> JwtValidation pc any # stimes :: Integral b => b -> JwtValidation pc any -> JwtValidation pc any # | |
| Monoid (JwtValidation any1 any2) Source # | |
Defined in Libjwt.JwtValidation Methods mempty :: JwtValidation any1 any2 # mappend :: JwtValidation any1 any2 -> JwtValidation any1 any2 -> JwtValidation any1 any2 # mconcat :: [JwtValidation any1 any2] -> JwtValidation any1 any2 # | |
validation :: Check pc any -> JwtValidation pc any Source #
Construct validation from function
Arguments
| :: ValidationFailure | reason |
| -> ValidationNEL ValidationFailure Valid |
Validation that always fails and signals reason
valid :: ValidationNEL ValidationFailure Valid Source #
Validation that is always valid
Arguments
| :: String | issuer |
| -> JwtValidation any1 any2 |
Check that iss is present and equal to issuer. If not, then signal InvalidClaim "iss"
Arguments
| :: String | subject |
| -> JwtValidation any1 any2 |
Check that sub is present and equal to subject. If not, then signal InvalidClaim "sub"
Arguments
| :: NominalDiffTime | maxAge |
| -> JwtValidation any1 any2 |
Check that iat (if present) is not further than maxAge from currentTime (minus possible leeway). Otherwise signal TokenTooOld.
Arguments
| :: UTCTime | time |
| -> JwtValidation any1 any2 |
Check that iat (if present) is after time. If false, signal InvalidClaim "iat"
Arguments
| :: UUID | jwtId |
| -> JwtValidation any1 any2 |
Check that jti is present and equal to jwtId. If not, then signal InvalidClaim "jti"
Arguments
| :: (CanGet n pc, a ~ LookupClaimType n pc) | |
| => (a -> Bool) | p |
| -> ClaimName n | n |
| -> JwtValidation pc any |
Check that p a == True, where a is a value of private claim n. If not, signal InvalidClaim n
Example:
checkClaim not #is_root
Arguments
| :: String | claim |
| -> (a -> Bool) | p |
| -> (Payload pc any -> a) | prop |
| -> JwtValidation pc any |
Check the property prop of a payload with the predicate p
If p is False, then signal InvalidClaim claim
data ValidationFailure Source #
Reasons for rejecting a JWT token
Constructors
| InvalidClaim String | User check failed |
| TokenExpired NominalDiffTime | exp check failed: the current time was after or equal to the expiration time (plus possible |
| TokenNotReady NominalDiffTime | nbf check failed: the current time was before the not-before time (minus possible |
| WrongRecipient | aud check failed: the application processing this claim did not identify itself ( |
| TokenTooOld NominalDiffTime | iat check failed: the current time minus the time the JWT was issued (plus possible |
Instances
| Eq ValidationFailure Source # | |
Defined in Libjwt.JwtValidation Methods (==) :: ValidationFailure -> ValidationFailure -> Bool # (/=) :: ValidationFailure -> ValidationFailure -> Bool # | |
| Show ValidationFailure Source # | |
Defined in Libjwt.JwtValidation Methods showsPrec :: Int -> ValidationFailure -> ShowS # show :: ValidationFailure -> String # showList :: [ValidationFailure] -> ShowS # | |