paseto-0.1.0.0: Platform-Agnostic Security Tokens
Safe HaskellSafe-Inferred
LanguageHaskell2010

Crypto.Paseto

Description

This module is the recommended entry point for this library.

Synopsis

Mode

data Version Source #

PASETO protocol version.

Constructors

V3

Version 3. Modern NIST cryptography.

V4

Version 4. Modern Sodium (libsodium) cryptography.

Instances

Instances details
Show Version Source # 
Instance details

Defined in Crypto.Paseto.Mode

Methods

showsPrec :: Int -> Version -> ShowS #

show :: Version -> String #

showList :: [Version] -> ShowS #

Eq Version Source # 
Instance details

Defined in Crypto.Paseto.Mode

Methods

(==) :: Version -> Version -> Bool #

(/=) :: Version -> Version -> Bool #

data Purpose Source #

PASETO token purpose.

Constructors

Local

Shared-key authenticated encryption.

Public

Public-key digital signatures (not encrypted).

Instances

Instances details
Show Purpose Source # 
Instance details

Defined in Crypto.Paseto.Mode

Methods

showsPrec :: Int -> Purpose -> ShowS #

show :: Purpose -> String #

showList :: [Purpose] -> ShowS #

Eq Purpose Source # 
Instance details

Defined in Crypto.Paseto.Mode

Methods

(==) :: Purpose -> Purpose -> Bool #

(/=) :: Purpose -> Purpose -> Bool #

Keys

Symmetric keys

data SymmetricKey v where Source #

Symmetric key.

Note that this type's Eq instance performs a constant-time equality check.

Constructors

SymmetricKeyV3 :: !ScrubbedBytes32 -> SymmetricKey V3

Version 3 symmetric key.

SymmetricKeyV4 :: !ScrubbedBytes32 -> SymmetricKey V4

Version 4 symmetric key.

Instances

Instances details
Eq (SymmetricKey v) Source # 
Instance details

Defined in Crypto.Paseto.Keys

Methods

(==) :: SymmetricKey v -> SymmetricKey v -> Bool #

(/=) :: SymmetricKey v -> SymmetricKey v -> Bool #

symmetricKeyToBytes :: SymmetricKey v -> ScrubbedBytes Source #

Get the raw bytes associated with a symmetric key.

bytesToSymmetricKeyV3 :: ScrubbedBytes -> Maybe (SymmetricKey V3) Source #

Construct a version 3 symmetric key from bytes.

If the provided byte string does not have a length of 32 (256 bits), Nothing is returned.

bytesToSymmetricKeyV4 :: ScrubbedBytes -> Maybe (SymmetricKey V4) Source #

Construct a version 4 symmetric key from bytes.

If the provided byte string does not have a length of 32 (256 bits), Nothing is returned.

generateSymmetricKeyV3 :: IO (SymmetricKey V3) Source #

Randomly generate a version 3 symmetric key.

generateSymmetricKeyV4 :: IO (SymmetricKey V4) Source #

Randomly generate a version 4 symmetric key.

Asymmetric keys

Signing keys

data SigningKey v where Source #

Signing key (also known as a private/secret key).

Note that this type's Eq instance performs a constant-time equality check.

Constructors

SigningKeyV3 :: !PrivateKeyP384 -> SigningKey V3

Version 3 signing key.

SigningKeyV4 :: !SecretKey -> SigningKey V4

Version 3 signing key.

Instances

Instances details
Eq (SigningKey v) Source # 
Instance details

Defined in Crypto.Paseto.Keys

Methods

(==) :: SigningKey v -> SigningKey v -> Bool #

(/=) :: SigningKey v -> SigningKey v -> Bool #

signingKeyToBytes :: SigningKey v -> ScrubbedBytes Source #

Get the raw bytes associated with a signing key.

bytesToSigningKeyV3 :: ScrubbedBytes -> Either ScalarDecodingError (SigningKey V3) Source #

Construct a version 3 signing key from bytes.

bytesToSigningKeyV4 :: ScrubbedBytes -> Maybe (SigningKey V4) Source #

Construct a version 4 signing key from bytes.

generateSigningKeyV3 :: IO (SigningKey V3) Source #

Randomly generate a version 3 signing key.

generateSigningKeyV4 :: IO (SigningKey V4) Source #

Randomly generate a version 4 signing key.

Errors

data ScalarDecodingError Source #

Error decoding a scalar value.

Constructors

ScalarDecodingInvalidLengthError

Invalid scalar length.

Fields

  • !Int

    Expected length

  • !Int

    Actual length

ScalarDecodingInvalidError

Decoded scalar is invalid for the curve.

Instances

Instances details
Show ScalarDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Keys.V3.Internal

Methods

showsPrec :: Int -> ScalarDecodingError -> ShowS #

show :: ScalarDecodingError -> String #

showList :: [ScalarDecodingError] -> ShowS #

Eq ScalarDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Keys.V3.Internal

Methods

(==) :: ScalarDecodingError -> ScalarDecodingError -> Bool #

(/=) :: ScalarDecodingError -> ScalarDecodingError -> Bool #

renderScalarDecodingError :: ScalarDecodingError -> Text Source #

Render a ScalarDecodingError as Text.

Verification keys

data VerificationKey v where Source #

Verification key (also known as a public key).

Constructors

VerificationKeyV3 :: !PublicKeyP384 -> VerificationKey V3

Version 3 verification key.

VerificationKeyV4 :: !PublicKey -> VerificationKey V4

Version 4 verification key.

Instances

Instances details
Eq (VerificationKey v) Source # 
Instance details

Defined in Crypto.Paseto.Keys

Methods

(==) :: VerificationKey v -> VerificationKey v -> Bool #

(/=) :: VerificationKey v -> VerificationKey v -> Bool #

verificationKeyToBytes :: VerificationKey v -> ByteString Source #

Get the raw bytes associated with a verification key.

bytesToVerificationKeyV3 :: ByteString -> Either PublicKeyP384DecodingError (VerificationKey V3) Source #

Construct a version 3 verification key from bytes.

The input ByteString is expected to be formatted as either a compressed or uncompressed elliptic curve public key as defined by SEC 1 and RFC 5480 section 2.2.

bytesToVerificationKeyV4 :: ByteString -> Maybe (VerificationKey V4) Source #

Construct a version 4 verification key from bytes.

fromSigningKey :: SigningKey v -> VerificationKey v Source #

Get the VerificationKey which corresponds to a given SigningKey.

Errors

data PublicKeyP384DecodingError Source #

Error decoding a public key for curve SEC_p384r1.

Constructors

PublicKeyP384DecodingCompressedError !CompressedPointDecodingError

Error decoding a compressed public key.

PublicKeyP384DecodingUncompressedError !UncompressedPointDecodingError

Error decoding an uncompressed public key.

Instances

Instances details
Show PublicKeyP384DecodingError Source # 
Instance details

Defined in Crypto.Paseto.Keys.V3

Methods

showsPrec :: Int -> PublicKeyP384DecodingError -> ShowS #

show :: PublicKeyP384DecodingError -> String #

showList :: [PublicKeyP384DecodingError] -> ShowS #

Eq PublicKeyP384DecodingError Source # 
Instance details

Defined in Crypto.Paseto.Keys.V3

Methods

(==) :: PublicKeyP384DecodingError -> PublicKeyP384DecodingError -> Bool #

(/=) :: PublicKeyP384DecodingError -> PublicKeyP384DecodingError -> Bool #

renderPublicKeyP384DecodingError :: PublicKeyP384DecodingError -> Text Source #

Render a PublicKeyP384DecodingError as Text.

Tokens

data Token v p where Source #

PASETO token parameterized by its protocol Version and Purpose.

Constructors

TokenV3Local

PASETO version 3 local token.

Fields

TokenV3Public

PASETO version 3 public token.

Fields

TokenV4Local

PASETO version 4 local token.

Fields

TokenV4Public

PASETO version 4 public token.

Fields

Instances

Instances details
Show (Token v p) Source # 
Instance details

Defined in Crypto.Paseto.Token

Methods

showsPrec :: Int -> Token v p -> ShowS #

show :: Token v p -> String #

showList :: [Token v p] -> ShowS #

Eq (Token v p) Source # 
Instance details

Defined in Crypto.Paseto.Token

Methods

(==) :: Token v p -> Token v p -> Bool #

(/=) :: Token v p -> Token v p -> Bool #

newtype Payload Source #

Raw PASETO token payload.

Note that this type's Eq instance performs a constant-time equality check.

Constructors

Payload 

Fields

Instances

Instances details
Show Payload Source # 
Instance details

Defined in Crypto.Paseto.Token

Methods

showsPrec :: Int -> Payload -> ShowS #

show :: Payload -> String #

showList :: [Payload] -> ShowS #

Eq Payload Source # 
Instance details

Defined in Crypto.Paseto.Token

Methods

(==) :: Payload -> Payload -> Bool #

(/=) :: Payload -> Payload -> Bool #

newtype Footer Source #

Footer consisting of unencrypted free-form data.

The footer's contents may be JSON or some other structured data, but it doesn't have to be.

When a PASETO token is constructed, the footer is authenticated, but not encrypted (i.e. its integrity is protected, but it is not made confidential). In authenticated encryption schemes, this is referred to as "associated data".

Note that this type's Eq instance performs a constant-time equality check.

Constructors

Footer 

Fields

Instances

Instances details
Show Footer Source # 
Instance details

Defined in Crypto.Paseto.Token

Methods

showsPrec :: Int -> Footer -> ShowS #

show :: Footer -> String #

showList :: [Footer] -> ShowS #

Eq Footer Source # 
Instance details

Defined in Crypto.Paseto.Token

Methods

(==) :: Footer -> Footer -> Bool #

(/=) :: Footer -> Footer -> Bool #

newtype ImplicitAssertion Source #

Unencrypted authenticated data which is not stored in the PASETO token.

When a PASETO token is constructed, the implicit assertion is authenticated, but it is not stored in the token. This is useful if one wants to associate some data that should remain confidential.

Note that this type's Eq instance performs a constant-time equality check.

Constructors

ImplicitAssertion 

Fields

Instances

Instances details
Show ImplicitAssertion Source # 
Instance details

Defined in Crypto.Paseto.Token

Methods

showsPrec :: Int -> ImplicitAssertion -> ShowS #

show :: ImplicitAssertion -> String #

showList :: [ImplicitAssertion] -> ShowS #

Eq ImplicitAssertion Source # 
Instance details

Defined in Crypto.Paseto.Token

Methods

(==) :: ImplicitAssertion -> ImplicitAssertion -> Bool #

(/=) :: ImplicitAssertion -> ImplicitAssertion -> Bool #

Construction

data BuildTokenParams Source #

Parameters for building a PASETO token.

Constructors

BuildTokenParams 

Fields

Instances

Instances details
Show BuildTokenParams Source # 
Instance details

Defined in Crypto.Paseto.Token.Build

Methods

showsPrec :: Int -> BuildTokenParams -> ShowS #

show :: BuildTokenParams -> String #

showList :: [BuildTokenParams] -> ShowS #

Eq BuildTokenParams Source # 
Instance details

Defined in Crypto.Paseto.Token.Build

Methods

(==) :: BuildTokenParams -> BuildTokenParams -> Bool #

(/=) :: BuildTokenParams -> BuildTokenParams -> Bool #

getDefaultBuildTokenParams :: IO BuildTokenParams Source #

Get parameters for building a PASETO token which includes the recommended default claims.

This includes the following default claims:

The default Footer and ImplicitAssertion is Nothing.

buildTokenV3Local :: BuildTokenParams -> SymmetricKey V3 -> ExceptT V3LocalBuildError IO (Token V3 Local) Source #

Build a version 3 local token.

buildTokenV3Public :: BuildTokenParams -> SigningKey V3 -> ExceptT V3PublicBuildError IO (Token V3 Public) Source #

Build a version 3 public token.

buildTokenV4Local :: BuildTokenParams -> SymmetricKey V4 -> IO (Token V4 Local) Source #

Build a version 4 local token.

buildTokenV4Public :: BuildTokenParams -> SigningKey V4 -> Token V4 Public Source #

Build a version 4 public token.

Errors

newtype V3LocalBuildError Source #

Error building a version 3 local PASETO token.

Constructors

V3LocalBuildEncryptionError EncryptionError

Encryption error.

Instances

Instances details
Show V3LocalBuildError Source # 
Instance details

Defined in Crypto.Paseto.Token.Build

Methods

showsPrec :: Int -> V3LocalBuildError -> ShowS #

show :: V3LocalBuildError -> String #

showList :: [V3LocalBuildError] -> ShowS #

Eq V3LocalBuildError Source # 
Instance details

Defined in Crypto.Paseto.Token.Build

Methods

(==) :: V3LocalBuildError -> V3LocalBuildError -> Bool #

(/=) :: V3LocalBuildError -> V3LocalBuildError -> Bool #

renderV3LocalBuildError :: V3LocalBuildError -> Text Source #

Render a V3LocalBuildError as Text.

newtype V3PublicBuildError Source #

Error building a version 3 public PASETO token.

Constructors

V3PublicBuildSigningError SigningError

Cryptographic signing error.

Instances

Instances details
Show V3PublicBuildError Source # 
Instance details

Defined in Crypto.Paseto.Token.Build

Methods

showsPrec :: Int -> V3PublicBuildError -> ShowS #

show :: V3PublicBuildError -> String #

showList :: [V3PublicBuildError] -> ShowS #

Eq V3PublicBuildError Source # 
Instance details

Defined in Crypto.Paseto.Token.Build

Methods

(==) :: V3PublicBuildError -> V3PublicBuildError -> Bool #

(/=) :: V3PublicBuildError -> V3PublicBuildError -> Bool #

renderV3PublicBuildError :: V3PublicBuildError -> Text Source #

Render a V3PublicBuildError as Text.

Encoding and decoding

encode :: Token v p -> Text Source #

Encode a PASETO token as human-readable text according to the message format defined in the specification.

data ValidatedToken v p Source #

PASETO token which has been decoded and validated.

Constructors

ValidatedToken 

Fields

Instances

Instances details
Show (ValidatedToken v p) Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

showsPrec :: Int -> ValidatedToken v p -> ShowS #

show :: ValidatedToken v p -> String #

showList :: [ValidatedToken v p] -> ShowS #

Eq (ValidatedToken v p) Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

(==) :: ValidatedToken v p -> ValidatedToken v p -> Bool #

(/=) :: ValidatedToken v p -> ValidatedToken v p -> Bool #

decodeTokenV3Local Source #

Arguments

:: SymmetricKey V3

Symmetric key.

-> [ValidationRule]

Validation rules.

-> Maybe Footer

Optional footer to authenticate.

-> Maybe ImplicitAssertion

Optional implicit assertion to authenticate.

-> Text

Encoded PASETO token.

-> Either V3LocalDecodingError (ValidatedToken V3 Local) 

Parse, decrypt, and validate a version 3 local PASETO token.

decodeTokenV3Public Source #

Arguments

:: VerificationKey V3

Verification key.

-> [ValidationRule]

Validation rules.

-> Maybe Footer

Optional footer to authenticate.

-> Maybe ImplicitAssertion

Optional implicit assertion to authenticate.

-> Text

Encoded PASETO token.

-> Either V3PublicDecodingError (ValidatedToken V3 Public) 

Parse, verify, and validate a version 3 public PASETO token.

decodeTokenV4Local Source #

Arguments

:: SymmetricKey V4

Symmetric key.

-> [ValidationRule]

Validation rules.

-> Maybe Footer

Optional footer to authenticate.

-> Maybe ImplicitAssertion

Optional implicit assertion to authenticate.

-> Text

Encoded PASETO token.

-> Either V4LocalDecodingError (ValidatedToken V4 Local) 

Parse, decrypt, and validate a version 4 local PASETO token.

decodeTokenV4Public Source #

Arguments

:: VerificationKey V4

Verification key.

-> [ValidationRule]

Validation rules.

-> Maybe Footer

Optional footer to authenticate.

-> Maybe ImplicitAssertion

Optional implicit assertion to authenticate.

-> Text

Encoded PASETO token.

-> Either V4PublicDecodingError (ValidatedToken V4 Public) 

Parse, verify, and validate a version 4 public PASETO token.

Errors

data CommonDecodingError Source #

Common error decoding a PASETO token.

Constructors

CommonDecodingParseError !ParseError

Error parsing the token.

CommonDecodingClaimsValidationError !(NonEmpty ValidationError)

Token claims validation error.

Instances

Instances details
Show CommonDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

showsPrec :: Int -> CommonDecodingError -> ShowS #

show :: CommonDecodingError -> String #

showList :: [CommonDecodingError] -> ShowS #

Eq CommonDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

(==) :: CommonDecodingError -> CommonDecodingError -> Bool #

(/=) :: CommonDecodingError -> CommonDecodingError -> Bool #

renderCommonDecodingError :: CommonDecodingError -> Text Source #

Render a CommonDecodingError as Text.

data V3LocalDecodingError Source #

Error decoding a version 3 local PASETO token.

Constructors

V3LocalDecodingCommonError !CommonDecodingError

Common decoding error.

V3LocalDecodingDecryptionError !DecryptionError

Decryption error.

Instances

Instances details
Show V3LocalDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

showsPrec :: Int -> V3LocalDecodingError -> ShowS #

show :: V3LocalDecodingError -> String #

showList :: [V3LocalDecodingError] -> ShowS #

Eq V3LocalDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

(==) :: V3LocalDecodingError -> V3LocalDecodingError -> Bool #

(/=) :: V3LocalDecodingError -> V3LocalDecodingError -> Bool #

renderV3LocalDecodingError :: V3LocalDecodingError -> Text Source #

Render a V3LocalDecodingError as Text.

data V3PublicDecodingError Source #

Error decoding a version 3 public PASETO token.

Constructors

V3PublicDecodingCommonError !CommonDecodingError

Common decoding error.

V3PublicDecodingVerificationError !VerificationError

Cryptographic signature verification error.

Instances

Instances details
Show V3PublicDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

showsPrec :: Int -> V3PublicDecodingError -> ShowS #

show :: V3PublicDecodingError -> String #

showList :: [V3PublicDecodingError] -> ShowS #

Eq V3PublicDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

(==) :: V3PublicDecodingError -> V3PublicDecodingError -> Bool #

(/=) :: V3PublicDecodingError -> V3PublicDecodingError -> Bool #

renderV3PublicDecodingError :: V3PublicDecodingError -> Text Source #

Render a V3PublicDecodingError as Text.

data V4LocalDecodingError Source #

Error decoding a version 4 local PASETO token.

Constructors

V4LocalDecodingCommonError !CommonDecodingError

Common decoding error.

V4LocalDecodingDecryptionError !DecryptionError

Decryption error.

Instances

Instances details
Show V4LocalDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

showsPrec :: Int -> V4LocalDecodingError -> ShowS #

show :: V4LocalDecodingError -> String #

showList :: [V4LocalDecodingError] -> ShowS #

Eq V4LocalDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

(==) :: V4LocalDecodingError -> V4LocalDecodingError -> Bool #

(/=) :: V4LocalDecodingError -> V4LocalDecodingError -> Bool #

renderV4LocalDecodingError :: V4LocalDecodingError -> Text Source #

Render a V4LocalDecodingError as Text.

data V4PublicDecodingError Source #

Error decoding a version 4 public PASETO token.

Constructors

V4PublicDecodingCommonError !CommonDecodingError

Common decoding error.

V4PublicDecodingVerificationError !VerificationError

Cryptographic signature verification error.

Instances

Instances details
Show V4PublicDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

showsPrec :: Int -> V4PublicDecodingError -> ShowS #

show :: V4PublicDecodingError -> String #

showList :: [V4PublicDecodingError] -> ShowS #

Eq V4PublicDecodingError Source # 
Instance details

Defined in Crypto.Paseto.Token.Encoding

Methods

(==) :: V4PublicDecodingError -> V4PublicDecodingError -> Bool #

(/=) :: V4PublicDecodingError -> V4PublicDecodingError -> Bool #

renderV4PublicDecodingError :: V4PublicDecodingError -> Text Source #

Render a V4PublicDecodingError as Text.

Claims

Container type

Collection of PASETO token claims.

Note that we only re-export the Claims type from this module as the rest of the API contains functions which may conflict with those in Prelude and other container implementations such as Data.Map.

If you need access to those other functions, it's recommended to import Crypto.Paseto.Token.Claims qualified. For example:

import qualified Crypto.Paseto.Token.Claims as Claims

data Claims Source #

Collection of Claims.

Instances

Instances details
FromJSON Claims Source # 
Instance details

Defined in Crypto.Paseto.Token.Claims

Methods

parseJSON :: Value -> Parser Claims #

parseJSONList :: Value -> Parser [Claims] #

omittedField :: Maybe Claims #

ToJSON Claims Source # 
Instance details

Defined in Crypto.Paseto.Token.Claims

Methods

toJSON :: Claims -> Value #

toEncoding :: Claims -> Encoding #

toJSONList :: [Claims] -> Value #

toEncodingList :: [Claims] -> Encoding #

omitField :: Claims -> Bool #

Monoid Claims Source # 
Instance details

Defined in Crypto.Paseto.Token.Claims

Methods

mempty :: Claims #

mappend :: Claims -> Claims -> Claims #

mconcat :: [Claims] -> Claims #

Semigroup Claims Source # 
Instance details

Defined in Crypto.Paseto.Token.Claims

Methods

(<>) :: Claims -> Claims -> Claims #

sconcat :: NonEmpty Claims -> Claims #

stimes :: Integral b => b -> Claims -> Claims #

Show Claims Source # 
Instance details

Defined in Crypto.Paseto.Token.Claims

Methods

showsPrec :: Int -> Claims -> ShowS #

show :: Claims -> String #

showList :: [Claims] -> ShowS #

Eq Claims Source # 
Instance details

Defined in Crypto.Paseto.Token.Claims

Methods

(==) :: Claims -> Claims -> Bool #

(/=) :: Claims -> Claims -> Bool #

Claim types

data Claim Source #

Token claim.

Constructors

IssuerClaim !Issuer 
SubjectClaim !Subject 
AudienceClaim !Audience 
ExpirationClaim !Expiration 
NotBeforeClaim !NotBefore 
IssuedAtClaim !IssuedAt 
TokenIdentifierClaim !TokenIdentifier 
CustomClaim 

Fields

Instances

Instances details
Show Claim Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

showsPrec :: Int -> Claim -> ShowS #

show :: Claim -> String #

showList :: [Claim] -> ShowS #

Eq Claim Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

(==) :: Claim -> Claim -> Bool #

(/=) :: Claim -> Claim -> Bool #

newtype Issuer Source #

Issuer of a token.

Constructors

Issuer 

Fields

Instances

Instances details
FromJSON Issuer Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

parseJSON :: Value -> Parser Issuer #

parseJSONList :: Value -> Parser [Issuer] #

omittedField :: Maybe Issuer #

ToJSON Issuer Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

toJSON :: Issuer -> Value #

toEncoding :: Issuer -> Encoding #

toJSONList :: [Issuer] -> Value #

toEncodingList :: [Issuer] -> Encoding #

omitField :: Issuer -> Bool #

Show Issuer Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

showsPrec :: Int -> Issuer -> ShowS #

show :: Issuer -> String #

showList :: [Issuer] -> ShowS #

Eq Issuer Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

(==) :: Issuer -> Issuer -> Bool #

(/=) :: Issuer -> Issuer -> Bool #

newtype Subject Source #

Subject of a token.

Constructors

Subject 

Fields

Instances

Instances details
FromJSON Subject Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

parseJSON :: Value -> Parser Subject #

parseJSONList :: Value -> Parser [Subject] #

omittedField :: Maybe Subject #

ToJSON Subject Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

toJSON :: Subject -> Value #

toEncoding :: Subject -> Encoding #

toJSONList :: [Subject] -> Value #

toEncodingList :: [Subject] -> Encoding #

omitField :: Subject -> Bool #

Show Subject Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

showsPrec :: Int -> Subject -> ShowS #

show :: Subject -> String #

showList :: [Subject] -> ShowS #

Eq Subject Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

(==) :: Subject -> Subject -> Bool #

(/=) :: Subject -> Subject -> Bool #

newtype Audience Source #

Recipient for which a token is intended.

Constructors

Audience 

Fields

Instances

Instances details
FromJSON Audience Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

parseJSON :: Value -> Parser Audience #

parseJSONList :: Value -> Parser [Audience] #

omittedField :: Maybe Audience #

ToJSON Audience Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

toJSON :: Audience -> Value #

toEncoding :: Audience -> Encoding #

toJSONList :: [Audience] -> Value #

toEncodingList :: [Audience] -> Encoding #

omitField :: Audience -> Bool #

Show Audience Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

showsPrec :: Int -> Audience -> ShowS #

show :: Audience -> String #

showList :: [Audience] -> ShowS #

Eq Audience Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

(==) :: Audience -> Audience -> Bool #

(/=) :: Audience -> Audience -> Bool #

newtype Expiration Source #

Time after which a token expires.

Constructors

Expiration 

Fields

Instances

Instances details
FromJSON Expiration Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

parseJSON :: Value -> Parser Expiration #

parseJSONList :: Value -> Parser [Expiration] #

omittedField :: Maybe Expiration #

ToJSON Expiration Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

toJSON :: Expiration -> Value #

toEncoding :: Expiration -> Encoding #

toJSONList :: [Expiration] -> Value #

toEncodingList :: [Expiration] -> Encoding #

omitField :: Expiration -> Bool #

Show Expiration Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

showsPrec :: Int -> Expiration -> ShowS #

show :: Expiration -> String #

showList :: [Expiration] -> ShowS #

Eq Expiration Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

(==) :: Expiration -> Expiration -> Bool #

(/=) :: Expiration -> Expiration -> Bool #

renderExpiration :: Expiration -> Text Source #

Render an Expiration as Text.

newtype NotBefore Source #

Time from which a token should be considered valid.

Constructors

NotBefore 

Fields

Instances

Instances details
FromJSON NotBefore Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

parseJSON :: Value -> Parser NotBefore #

parseJSONList :: Value -> Parser [NotBefore] #

omittedField :: Maybe NotBefore #

ToJSON NotBefore Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

toJSON :: NotBefore -> Value #

toEncoding :: NotBefore -> Encoding #

toJSONList :: [NotBefore] -> Value #

toEncodingList :: [NotBefore] -> Encoding #

omitField :: NotBefore -> Bool #

Show NotBefore Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

showsPrec :: Int -> NotBefore -> ShowS #

show :: NotBefore -> String #

showList :: [NotBefore] -> ShowS #

Eq NotBefore Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

(==) :: NotBefore -> NotBefore -> Bool #

(/=) :: NotBefore -> NotBefore -> Bool #

renderNotBefore :: NotBefore -> Text Source #

Render a NotBefore as Text.

newtype IssuedAt Source #

Time at which a token was issued.

Constructors

IssuedAt 

Fields

Instances

Instances details
FromJSON IssuedAt Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

parseJSON :: Value -> Parser IssuedAt #

parseJSONList :: Value -> Parser [IssuedAt] #

omittedField :: Maybe IssuedAt #

ToJSON IssuedAt Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

toJSON :: IssuedAt -> Value #

toEncoding :: IssuedAt -> Encoding #

toJSONList :: [IssuedAt] -> Value #

toEncodingList :: [IssuedAt] -> Encoding #

omitField :: IssuedAt -> Bool #

Show IssuedAt Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

showsPrec :: Int -> IssuedAt -> ShowS #

show :: IssuedAt -> String #

showList :: [IssuedAt] -> ShowS #

Eq IssuedAt Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

(==) :: IssuedAt -> IssuedAt -> Bool #

(/=) :: IssuedAt -> IssuedAt -> Bool #

renderIssuedAt :: IssuedAt -> Text Source #

Render an IssuedAt as Text.

newtype TokenIdentifier Source #

Token identifier.

Constructors

TokenIdentifier 

Fields

Instances

Instances details
FromJSON TokenIdentifier Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

parseJSON :: Value -> Parser TokenIdentifier #

parseJSONList :: Value -> Parser [TokenIdentifier] #

omittedField :: Maybe TokenIdentifier #

ToJSON TokenIdentifier Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

toJSON :: TokenIdentifier -> Value #

toEncoding :: TokenIdentifier -> Encoding #

toJSONList :: [TokenIdentifier] -> Value #

toEncodingList :: [TokenIdentifier] -> Encoding #

omitField :: TokenIdentifier -> Bool #

Show TokenIdentifier Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

showsPrec :: Int -> TokenIdentifier -> ShowS #

show :: TokenIdentifier -> String #

showList :: [TokenIdentifier] -> ShowS #

Eq TokenIdentifier Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

(==) :: TokenIdentifier -> TokenIdentifier -> Bool #

(/=) :: TokenIdentifier -> TokenIdentifier -> Bool #

Custom claim keys

data UnregisteredClaimKey Source #

Unregistered claim key.

Instances

Instances details
Show UnregisteredClaimKey Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

showsPrec :: Int -> UnregisteredClaimKey -> ShowS #

show :: UnregisteredClaimKey -> String #

showList :: [UnregisteredClaimKey] -> ShowS #

Eq UnregisteredClaimKey Source # 
Instance details

Defined in Crypto.Paseto.Token.Claim

Methods

(==) :: UnregisteredClaimKey -> UnregisteredClaimKey -> Bool #

(/=) :: UnregisteredClaimKey -> UnregisteredClaimKey -> Bool #

mkUnregisteredClaimKey :: Text -> Maybe UnregisteredClaimKey Source #

Construct an unregistered claim key.

If the provided Text key matches that of a registered claim (registeredClaimKeys), this function will return Nothing.

renderUnregisteredClaimKey :: UnregisteredClaimKey -> Text Source #

Render an UnregisteredClaimKey as Text.

Validation

Rules

newtype ValidationRule Source #

Token claim validation rule.

Constructors

ValidationRule 

Fields

newtype ClaimMustExist Source #

Whether a claim must exist.

Constructors

ClaimMustExist Bool 

Default rules

getDefaultValidationRules :: IO [ValidationRule] Source #

Get a list of recommended default validation rules.

At the moment, the only default rule is checking validAt for the current system time (getCurrentTime).

Simple rules

forAudience :: Audience -> ValidationRule Source #

Validate that a token is intended for a given audience.

identifiedBy :: TokenIdentifier -> ValidationRule Source #

Validate a token's identifier.

issuedBy :: Issuer -> ValidationRule Source #

Validate a token's issuer.

notExpired :: UTCTime -> ValidationRule Source #

Validate that a token is not expired at the given time.

That is, if the ExpirationClaim is present, check that it isn't in the past (relative to the given time).

subject :: Subject -> ValidationRule Source #

Validate the subject of a token.

validAt :: UTCTime -> ValidationRule Source #

Validate that a token is valid at the given time.

This involves the following checks (relative to the given time):

customClaimEq Source #

Arguments

:: ClaimMustExist

Whether the custom claim must exist.

-> UnregisteredClaimKey

Custom claim key to lookup.

-> Value

Custom claim value to validate (i.e. the expected value).

-> ValidationRule 

Validate that a custom claim is equal to the given value.

Errors

data ValidationError Source #

Validation error.

Constructors

ValidationClaimNotFoundError

Expected claim does not exist.

Fields

  • !ClaimKey

    Claim key which could not be found.

ValidationInvalidClaimError

Token claim is invalid.

Fields

ValidationExpirationError !Expiration

Token is expired.

ValidationIssuedAtError !IssuedAt

Token's IssuedAt time is in the future.

ValidationNotBeforeError !NotBefore

Token is not yet valid as its NotBefore time is in the future.

ValidationCustomError !Text

Custom validation error.

Instances

Instances details
Show ValidationError Source # 
Instance details

Defined in Crypto.Paseto.Token.Validation

Methods

showsPrec :: Int -> ValidationError -> ShowS #

show :: ValidationError -> String #

showList :: [ValidationError] -> ShowS #

Eq ValidationError Source # 
Instance details

Defined in Crypto.Paseto.Token.Validation

Methods

(==) :: ValidationError -> ValidationError -> Bool #

(/=) :: ValidationError -> ValidationError -> Bool #

renderValidationError :: ValidationError -> Text Source #

Render a ValidationError as Text.

renderValidationErrors :: NonEmpty ValidationError -> Text Source #

Render a non-empty list of ValidationErrors as Text.

Unsafe parsers

Note that these parsers are considered unsafe as they do not perform any kind of token validation, cryptographic or otherwise. They simply ensure that the input looks like a well-formed token.

For typical usage, one should use the decoding functions that perform parsing, cryptographic verification, and validation from the encoding and decoding section.

As a result, you should only use these unsafe parsers in specific situations where you really know what you're doing. For example, they can be useful in situations where one wants to parse some information out of a token's footer without first needing to decrypt or verify the token. For more information on this particular scenario, see Key-ID Support in the PASETO specification.

parseTokenV3Local :: Text -> Either ParseError (Token V3 Local) Source #

Parse a version 3 local PASETO token from human-readable text according to the message format defined in the specification.

Note that this function does not perform any kind of token validation, cryptographic or otherwise. It simply parses the token and ensures that it is well-formed.

parseTokenV3Public :: Text -> Either ParseError (Token V3 Public) Source #

Parse a version 3 public PASETO token from human-readable text according to the message format defined in the specification.

Note that this function does not perform any kind of token validation, cryptographic or otherwise. It simply parses the token and ensures that it is well-formed.

parseTokenV4Local :: Text -> Either ParseError (Token V4 Local) Source #

Parse a version 4 local PASETO token from human-readable text according to the message format defined in the specification.

Note that this function does not perform any kind of token validation, cryptographic or otherwise. It simply parses the token and ensures that it is well-formed.

parseTokenV4Public :: Text -> Either ParseError (Token V4 Public) Source #

Parse a version 4 public PASETO token from human-readable text according to the message format defined in the specification.

Note that this function does not perform any kind of token validation, cryptographic or otherwise. It simply parses the token and ensures that it is well-formed.