Module `Jose.Jwt`Source

JSON Web Token

Sourcetype payload = Yojson.Safe.t

Sourcetype claim = string * Yojson.Safe.t

Sourceval empty_payload : payload

Sourcetype t = {

header : Header.t;
raw_header : string;
payload : payload;
raw_payload : string;
signature : Jws.signature;

}

Sourceval add_claim : string -> Yojson.Safe.t -> payload -> payload

Sourceval get_yojson_claim : t -> string -> Yojson.Safe.t option

Sourceval get_string_claim : t -> string -> string option

Sourceval get_int_claim : t -> string -> int option

Sourceval to_string : ?serialization:Jws.serialization -> t -> string

Source

val of_string : 
  jwk:'a Jwk.t ->
  now:Ptime.t ->
  string ->
  (t,
    [> `Expired
    | `Invalid_signature
    | `Msg of string
    | `Not_json
    | `Not_supported ])
    result

of_string ~jwk jwt_string parses and validates the encoded JWT string.

Source

val unsafe_of_string : 
  string ->
  (t, [> `Msg of string | `Not_json | `Not_supported ]) result

Sourceval to_jws : t -> Jws.t

Sourceval of_jws : Jws.t -> t

Source

val validate_signature : 
  jwk:'a Jwk.t ->
  t ->
  (t, [> `Invalid_signature | `Msg of string ]) result

validate_signature ~jwk t checks if the JWT is valid and then calls Jws.validate to validate the signature

Sourceval check_expiration : now:Ptime.t -> t -> (t, [> `Expired ]) result

check_expiration ~now t checks whether the JWT is valid at the current time.

Source

val validate : 
  jwk:'a Jwk.t ->
  now:Ptime.t ->
  t ->
  (t, [> `Expired | `Invalid_signature | `Msg of string ]) result

validate ~jwk ~now t does the same validation as `validate_signature` and additionally checks expiration.

Source

val sign : 
  ?header:Header.t ->
  payload:payload ->
  Jwk.priv Jwk.t ->
  (t, [> `Msg of string ]) result

sign header payload priv creates a signed JWT from header and payload

We will start using a private JWK instead of a Mirage_crypto_pk.Rsa.priv soon

package jose

Module Jose.JwtSource

JSON Web Token

Module `Jose.Jwt`Source