Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source
Page
Library
Module
Module type
Parameter
Class
Class type
Source
package jws
Module JwtSource
JWT - JSON Web Token (RFC 7519)
A thin layer on top of Jws Compact Serialization that interprets the payload as a JSON claims set.
Encoding a JWT
let claims =
Jwt.Claims.empty
|> Jwt.Claims.sub "1234567890"
|> Jwt.Claims.iss "https://example.com"
|> Jwt.Claims.iat 1516239022.
|> Jwt.Claims.add "admin" Jsont.bool true
in
let token = Jwt.encode pk claimsDecoding and validating a JWT
let now = Unix.gettimeofday () in
match Jwt.decode ~now ~aud:"https://api.example.com" ~public token with
| Ok jwt ->
let sub = Jwt.sub jwt in
let admin = Jwt.claim jwt ~key:"admin" Jsont.bool in
...
| Error (`Msg e) -> ...Claims
Claims are built as Jsont.json string maps, the same representation used for protected header members in Jws. The Claims module provides helpers for the registered claim names defined by RFC 7519, 4.1.
Decoded JWT values
A decoded and verified JWT.
header jwt is the underlying JWS value. Use Jws.value to read header fields such as "kid".
aud jwt is the "aud" claim, normalized to a list (a single-string audience is returned as a singleton list).
value jwt ~key codec reads a custom claim via a Jsont.t codec. Returns None when the claim is absent or cannot be decoded.
Encoding
encode pk claims produces a signed JWT in Compact Serialization. The algorithm is derived from pk and a "typ":"JWT" header is added.
Decoding
Source
val decode :
?now:float ->
?aud:string ->
?public:Jws.Jwk.t ->
string ->
(t, [> `Msg of string ]) resultdecode ?now ?aud ?public token decodes and verifies a JWT.
- If
nowis provided, the"exp"and"nbf"claims are validated against it. Ifnowis omitted, time-based validation is skipped. - If
audis provided, the"aud"claim must be present and containaud. publicis the verification key (seeJws.Compact.decode).