package jose

  1. Overview
  2. Docs
On This Page
  1. JSON Web Token
Legend:
Library
Module
Module type
Parameter
Class
Class type

JSON Web Token

type payload = Yojson.Safe.t
type claim = string * Yojson.Safe.t
val empty_payload : payload
type t = {
  1. header : Header.t;
  2. raw_header : string;
  3. payload : payload;
  4. raw_payload : string;
  5. signature : Jws.signature;
}
val add_claim : string -> Yojson.Safe.t -> payload -> payload
val get_yojson_claim : t -> string -> Yojson.Safe.t option
val get_string_claim : t -> string -> string option
val get_int_claim : t -> string -> int option
val to_string : ?serialization:Jws.serialization -> t -> string
val of_string : jwk:'a Jwk.t -> now:Ptime.t -> string -> (t, [> `Expired | `Invalid_signature | `Msg of string | `Not_json | `Not_supported ]) Stdlib.result

of_string ~jwk jwt_string parses and validates the encoded JWT string.

val unsafe_of_string : string -> (t, [> `Msg of string | `Not_json | `Not_supported ]) Stdlib.result
val to_jws : t -> Jws.t
val of_jws : Jws.t -> t
val validate_signature : jwk:'a Jwk.t -> t -> (t, [> `Invalid_signature | `Msg of string ]) Stdlib.result

validate_signature ~jwk t checks if the JWT is valid and then calls Jws.validate to validate the signature

val check_expiration : now:Ptime.t -> t -> (t, [> `Expired ]) Stdlib.result

check_expiration ~now t checks whether the JWT is valid at the current time.

val validate : jwk:'a Jwk.t -> now:Ptime.t -> t -> (t, [> `Expired | `Invalid_signature | `Msg of string ]) Stdlib.result

validate ~jwk ~now t does the same validation as `validate_signature` and additionally checks expiration.

val sign : ?header:Header.t -> payload:payload -> Jwk.priv Jwk.t -> (t, [> `Msg of string ]) Stdlib.result

sign header payload priv creates a signed JWT from header and payload

We will start using a private JWK instead of a Mirage_crypto_pk.Rsa.priv soon

OCaml

Innovation. Community. Security.