Safe Haskell	None
Language	Haskell98

Crypto.JWT

Description

JSON Web Token implementation.

Synopsis

Documentation

data JWT Source #

JSON Web Token data.

Constructors

JWT
Fields jwtCrypto :: JWTCrypto JOSE aspect of the JWT. jwtClaimsSet :: ClaimsSet Claims of the JWT.

Instances

Eq JWT Source #
Methods (==) :: JWT -> JWT -> Bool # (/=) :: JWT -> JWT -> Bool #
Show JWT Source #
Methods showsPrec :: Int -> JWT -> ShowS # show :: JWT -> String # showList :: [JWT] -> ShowS #
ToCompact JWT Source #
Methods toCompact :: (AsError e, MonadError e m) => JWT -> m [ByteString] Source #
FromCompact JWT Source #
Methods fromCompact :: (AsError e, MonadError e m) => [ByteString] -> m JWT Source #

data JWTCrypto Source #

Data representing the JOSE aspects of a JWT.

Constructors

JWTJWS (JWS JWSHeader)

Instances

Eq JWTCrypto Source #
Methods (==) :: JWTCrypto -> JWTCrypto -> Bool # (/=) :: JWTCrypto -> JWTCrypto -> Bool #
Show JWTCrypto Source #
Methods showsPrec :: Int -> JWTCrypto -> ShowS # show :: JWTCrypto -> String # showList :: [JWTCrypto] -> ShowS #
ToCompact JWTCrypto Source #
Methods toCompact :: (AsError e, MonadError e m) => JWTCrypto -> m [ByteString] Source #
FromCompact JWTCrypto Source #
Methods fromCompact :: (AsError e, MonadError e m) => [ByteString] -> m JWTCrypto Source #

data JWTError Source #

Constructors

JWSError Error
JWTExpired
JWTNotYetValid
JWTNotInIssuer
JWTNotInAudience
JWTIssuedAtFuture

Instances

Eq JWTError Source #
Methods (==) :: JWTError -> JWTError -> Bool # (/=) :: JWTError -> JWTError -> Bool #
Show JWTError Source #
Methods showsPrec :: Int -> JWTError -> ShowS # show :: JWTError -> String # showList :: [JWTError] -> ShowS #
AsError JWTError Source #
Methods _Error :: Prism' JWTError Error Source # _AlgorithmNotImplemented :: Prism' JWTError () Source # _AlgorithmMismatch :: Prism' JWTError String Source # _KeyMismatch :: Prism' JWTError String Source # _KeySizeTooSmall :: Prism' JWTError () Source # _OtherPrimesNotSupported :: Prism' JWTError () Source # _RSAError :: Prism' JWTError Error Source # _CryptoError :: Prism' JWTError CryptoError Source # _CompactEncodeError :: Prism' JWTError String Source # _CompactDecodeError :: Prism' JWTError String Source # _JSONDecodeError :: Prism' JWTError String Source # _JWSCritUnprotected :: Prism' JWTError () Source # _JWSNoValidSignatures :: Prism' JWTError () Source # _JWSInvalidSignature :: Prism' JWTError () Source # _JWSNoSignatures :: Prism' JWTError () Source #
AsJWTError JWTError Source #
Methods _JWTError :: Prism' JWTError JWTError Source # _JWSError :: Prism' JWTError Error Source # _JWTExpired :: Prism' JWTError () Source # _JWTNotYetValid :: Prism' JWTError () Source # _JWTNotInIssuer :: Prism' JWTError () Source # _JWTNotInAudience :: Prism' JWTError () Source # _JWTIssuedAtFuture :: Prism' JWTError () Source #

class AsJWTError r where Source #

Methods

_JWTError :: Prism' r JWTError Source #

_JWSError :: Prism' r Error Source #

_JWTExpired :: Prism' r () Source #

_JWTNotYetValid :: Prism' r () Source #

_JWTNotInIssuer :: Prism' r () Source #

_JWTNotInAudience :: Prism' r () Source #

_JWTIssuedAtFuture :: Prism' r () Source #

Instances

AsJWTError JWTError Source #
Methods _JWTError :: Prism' JWTError JWTError Source # _JWSError :: Prism' JWTError Error Source # _JWTExpired :: Prism' JWTError () Source # _JWTNotYetValid :: Prism' JWTError () Source # _JWTNotInIssuer :: Prism' JWTError () Source # _JWTNotInAudience :: Prism' JWTError () Source # _JWTIssuedAtFuture :: Prism' JWTError () Source #

data JWTValidationSettings Source #

Instances

HasValidationSettings JWTValidationSettings Source #
Methods validationSettings :: Lens' JWTValidationSettings ValidationSettings Source # validationSettingsAlgorithms :: Lens' JWTValidationSettings (Set Alg) Source # validationSettingsValidationPolicy :: Lens' JWTValidationSettings ValidationPolicy Source #
HasJWTValidationSettings JWTValidationSettings Source #
Methods jWTValidationSettings :: Lens' JWTValidationSettings JWTValidationSettings Source # jwtValidationSettingsAllowedSkew :: Lens' JWTValidationSettings NominalDiffTime Source # jwtValidationSettingsAudiencePredicate :: Lens' JWTValidationSettings (StringOrURI -> Bool) Source # jwtValidationSettingsCheckIssuedAt :: Lens' JWTValidationSettings Bool Source # jwtValidationSettingsIssuerPredicate :: Lens' JWTValidationSettings (StringOrURI -> Bool) Source # jwtValidationSettingsValidationSettings :: Lens' JWTValidationSettings ValidationSettings Source #

defaultJWTValidationSettings :: JWTValidationSettings Source #

class HasJWTValidationSettings c where Source #

Minimal complete definition

jWTValidationSettings

class HasAllowedSkew s where Source #

Minimal complete definition

allowedSkew

Methods

allowedSkew :: Lens' s NominalDiffTime Source #

Instances

HasJWTValidationSettings a => HasAllowedSkew a Source #
Methods allowedSkew :: Lens' a NominalDiffTime Source #

class HasAudiencePredicate s where Source #

Minimal complete definition

audiencePredicate

Methods

audiencePredicate :: Lens' s (StringOrURI -> Bool) Source #

Instances

HasJWTValidationSettings a => HasAudiencePredicate a Source #
Methods audiencePredicate :: Lens' a (StringOrURI -> Bool) Source #

class HasIssuerPredicate s where Source #

Minimal complete definition

issuerPredicate

Methods

issuerPredicate :: Lens' s (StringOrURI -> Bool) Source #

Instances

HasJWTValidationSettings a => HasIssuerPredicate a Source #
Methods issuerPredicate :: Lens' a (StringOrURI -> Bool) Source #

class HasCheckIssuedAt s where Source #

Minimal complete definition

checkIssuedAt

Methods

checkIssuedAt :: Lens' s Bool Source #

Instances

HasJWTValidationSettings a => HasCheckIssuedAt a Source #
Methods checkIssuedAt :: Lens' a Bool Source #

createJWSJWT :: (MonadRandom m, MonadError e m, AsError e) => JWK -> JWSHeader -> ClaimsSet -> m JWT Source #

Create a JWT that is a JWS.

validateJWSJWT :: (MonadTime m, HasAllowedSkew a, HasAudiencePredicate a, HasIssuerPredicate a, HasCheckIssuedAt a, HasValidationSettings a, AsError e, AsJWTError e, MonadError e m) => a -> JWK -> JWT -> m () Source #

Validate a JWT as a JWS (JSON Web Signature), then as a Claims Set.

data ClaimsSet Source #

The JWT Claims Set represents a JSON object whose members are the claims conveyed by the JWT.

Constructors

ClaimsSet

Fields

_claimIss :: Maybe StringOrURI
The issuer claim identifies the principal that issued the JWT. The processing of this claim is generally application specific.
_claimSub :: Maybe StringOrURI
The subject claim identifies the principal that is the subject of the JWT. The Claims in a JWT are normally statements about the subject. The subject value MAY be scoped to be locally unique in the context of the issuer or MAY be globally unique. The processing of this claim is generally application specific.
_claimAud :: Maybe Audience
The audience claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the aud claim when this claim is present, then the JWT MUST be rejected.
_claimExp :: Maybe NumericDate
The expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of exp claim requires that the current date/time MUST be before expiration date/time listed in the exp claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.
_claimNbf :: Maybe NumericDate
The not before claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the nbf claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the nbf claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.
_claimIat :: Maybe NumericDate
The issued at claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT.
_claimJti :: Maybe Text
The JWT ID claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object. The jti claim can be used to prevent the JWT from being replayed. The jti value is a case-sensitive string.
_unregisteredClaims :: HashMap Text Value
Claim Names can be defined at will by those using JWTs.

Instances

Eq ClaimsSet Source #
Methods (==) :: ClaimsSet -> ClaimsSet -> Bool # (/=) :: ClaimsSet -> ClaimsSet -> Bool #
Show ClaimsSet Source #
Methods showsPrec :: Int -> ClaimsSet -> ShowS # show :: ClaimsSet -> String # showList :: [ClaimsSet] -> ShowS #
ToJSON ClaimsSet Source #
Methods toJSON :: ClaimsSet -> Value # toEncoding :: ClaimsSet -> Encoding # toJSONList :: [ClaimsSet] -> Value # toEncodingList :: [ClaimsSet] -> Encoding #
FromJSON ClaimsSet Source #
Methods parseJSON :: Value -> Parser ClaimsSet # parseJSONList :: Value -> Parser [ClaimsSet] #

claimAud :: Lens' ClaimsSet (Maybe Audience) Source #

claimExp :: Lens' ClaimsSet (Maybe NumericDate) Source #

claimIat :: Lens' ClaimsSet (Maybe NumericDate) Source #

claimIss :: Lens' ClaimsSet (Maybe StringOrURI) Source #

claimJti :: Lens' ClaimsSet (Maybe Text) Source #

claimNbf :: Lens' ClaimsSet (Maybe NumericDate) Source #

claimSub :: Lens' ClaimsSet (Maybe StringOrURI) Source #

unregisteredClaims :: Lens' ClaimsSet (HashMap Text Value) Source #

addClaim :: Text -> Value -> ClaimsSet -> ClaimsSet Source #

emptyClaimsSet :: ClaimsSet Source #

Return an empty claims set.

validateClaimsSet :: (MonadTime m, HasAllowedSkew a, HasAudiencePredicate a, HasIssuerPredicate a, HasCheckIssuedAt a, AsJWTError e, MonadError e m) => a -> ClaimsSet -> m () Source #

Validate the claims made by a ClaimsSet. Currently only inspects the exp and nbf claims. N.B. These checks are also performed by validateJWSJWT, which also validates any signatures, so you shouldn’t need to use this directly in the normal course of things.

newtype Audience Source #

Audience data. In the general case, the aud value is an array of case-sensitive strings, each containing a StringOrURI value. In the special case when the JWT has one audience, the aud value MAY be a single case-sensitive string containing a StringOrURI value.

Constructors

Audience [StringOrURI]

Instances

Eq Audience Source #
Methods (==) :: Audience -> Audience -> Bool # (/=) :: Audience -> Audience -> Bool #
Show Audience Source #
Methods showsPrec :: Int -> Audience -> ShowS # show :: Audience -> String # showList :: [Audience] -> ShowS #
ToJSON Audience Source #
Methods toJSON :: Audience -> Value # toEncoding :: Audience -> Encoding # toJSONList :: [Audience] -> Value # toEncodingList :: [Audience] -> Encoding #
FromJSON Audience Source #
Methods parseJSON :: Value -> Parser Audience # parseJSONList :: Value -> Parser [Audience] #

data StringOrURI Source #

A JSON string value, with the additional requirement that while arbitrary string values MAY be used, any value containing a : character MUST be a URI.

Instances

Eq StringOrURI Source #
Methods (==) :: StringOrURI -> StringOrURI -> Bool # (/=) :: StringOrURI -> StringOrURI -> Bool #
Show StringOrURI Source #
Methods showsPrec :: Int -> StringOrURI -> ShowS # show :: StringOrURI -> String # showList :: [StringOrURI] -> ShowS #
IsString StringOrURI Source #
Methods fromString :: String -> StringOrURI #
ToJSON StringOrURI Source #
Methods toJSON :: StringOrURI -> Value # toEncoding :: StringOrURI -> Encoding # toJSONList :: [StringOrURI] -> Value # toEncodingList :: [StringOrURI] -> Encoding #
FromJSON StringOrURI Source #
Methods parseJSON :: Value -> Parser StringOrURI # parseJSONList :: Value -> Parser [StringOrURI] #

fromString :: Text -> StringOrURI Source #

Construct a StringOrURI from text

fromURI :: URI -> StringOrURI Source #

Construct a StringOrURI from a URI

getString :: StringOrURI -> Maybe Text Source #

Get the

getURI :: StringOrURI -> Maybe URI Source #

Get the uri from a StringOrURI

newtype NumericDate Source #

A JSON numeric value representing the number of seconds from 1970-01-01T0:0:0Z UTC until the specified UTC date/time.

Constructors

NumericDate UTCTime

Instances

Eq NumericDate Source #
Methods (==) :: NumericDate -> NumericDate -> Bool # (/=) :: NumericDate -> NumericDate -> Bool #
Ord NumericDate Source #
Methods compare :: NumericDate -> NumericDate -> Ordering # (<) :: NumericDate -> NumericDate -> Bool # (<=) :: NumericDate -> NumericDate -> Bool # (>) :: NumericDate -> NumericDate -> Bool # (>=) :: NumericDate -> NumericDate -> Bool # max :: NumericDate -> NumericDate -> NumericDate # min :: NumericDate -> NumericDate -> NumericDate #
Show NumericDate Source #
Methods showsPrec :: Int -> NumericDate -> ShowS # show :: NumericDate -> String # showList :: [NumericDate] -> ShowS #
ToJSON NumericDate Source #
Methods toJSON :: NumericDate -> Value # toEncoding :: NumericDate -> Encoding # toJSONList :: [NumericDate] -> Value # toEncodingList :: [NumericDate] -> Encoding #
FromJSON NumericDate Source #
Methods parseJSON :: Value -> Parser NumericDate # parseJSONList :: Value -> Parser [NumericDate] #