paseto-0.1.1.1: Platform-Agnostic Security Tokens
Safe HaskellSafe-Inferred
LanguageHaskell2010

Crypto.Paseto.Token.Validation

Description

PASETO token claim validation.

Synopsis

Errors

data ValidationError Source #

Validation error.

Constructors

ValidationClaimNotFoundError

Expected claim does not exist.

Fields

  • !ClaimKey

    Claim key which could not be found.

ValidationInvalidClaimError

Token claim is invalid.

Fields

ValidationExpirationError !Expiration

Token is expired.

ValidationIssuedAtError !IssuedAt

Token's IssuedAt time is in the future.

ValidationNotBeforeError !NotBefore

Token is not yet valid as its NotBefore time is in the future.

ValidationCustomError !Text

Custom validation error.

Instances

Instances details
Show ValidationError Source # 
Instance details

Defined in Crypto.Paseto.Token.Validation

Methods

showsPrec :: Int -> ValidationError -> ShowS #

show :: ValidationError -> String #

showList :: [ValidationError] -> ShowS #

Eq ValidationError Source # 
Instance details

Defined in Crypto.Paseto.Token.Validation

Methods

(==) :: ValidationError -> ValidationError -> Bool #

(/=) :: ValidationError -> ValidationError -> Bool #

renderValidationError :: ValidationError -> Text Source #

Render a ValidationError as Text.

renderValidationErrors :: NonEmpty ValidationError -> Text Source #

Render a non-empty list of ValidationErrors as Text.

Rules

newtype ValidationRule Source #

Token claim validation rule.

Constructors

ValidationRule 

Fields

newtype ClaimMustExist Source #

Whether a claim must exist.

Constructors

ClaimMustExist Bool 

Simple rules

forAudience :: Audience -> ValidationRule Source #

Validate that a token is intended for a given audience.

identifiedBy :: TokenIdentifier -> ValidationRule Source #

Validate a token's identifier.

issuedBy :: Issuer -> ValidationRule Source #

Validate a token's issuer.

notExpired :: UTCTime -> ValidationRule Source #

Validate that a token is not expired at the given time.

That is, if the ExpirationClaim is present, check that it isn't in the past (relative to the given time).

subject :: Subject -> ValidationRule Source #

Validate the subject of a token.

validAt :: UTCTime -> ValidationRule Source #

Validate that a token is valid at the given time.

This involves the following checks (relative to the given time):

customClaimEq Source #

Arguments

:: ClaimMustExist

Whether the custom claim must exist.

-> UnregisteredClaimKey

Custom claim key to lookup.

-> Value

Custom claim value to validate (i.e. the expected value).

-> ValidationRule 

Validate that a custom claim is equal to the given value.

Recommended default rules

getDefaultValidationRules :: IO [ValidationRule] Source #

Get a list of recommended default validation rules.

At the moment, the only default rule is checking validAt for the current system time (getCurrentTime).

Validation

validate :: [ValidationRule] -> Claims -> Either (NonEmpty ValidationError) () Source #

Validate a list of rules against a collection of claims.

This function will run through all of the provided validation rules and collect all of the errors encountered, if any. If there are no validation errors, Right () is returned.

validateDefault :: Claims -> IO (Either (NonEmpty ValidationError) ()) Source #

Validate a collection of claims against the default validation rules (getDefaultValidationRules).