packages feed

jose-jwt 0.3 → 0.3.1

raw patch · 3 files changed

+23/−15 lines, 3 filesPVP: major bump suggested

API removals or changes: PVP suggests a major version bump

API changes (from Hackage documentation)

- Jose.Jwt: encode :: CPRG g => g -> Jwk -> Alg -> Maybe Enc -> ByteString -> (Either JwtError ByteString, g)
+ Jose.Jwt: encode :: CPRG g => g -> [Jwk] -> Alg -> Maybe Enc -> ByteString -> (Either JwtError ByteString, g)

Files

CHANGELOG.md view
@@ -1,7 +1,12 @@+0.3.1+-----++Changed the signature of `Jwt.encode` to take a list of `Jwk` rather than a single key. The key will be selected from+the list based on the specified algorithms.+ 0.3 ---  * New support for JWS validation using elliptic curve algorithms. * Added `Jwt.encode` function which takes a JWK argument, allowing key data (currently the key ID) to be encoded in the token header.- 
Jose/Jwt.hs view
@@ -46,23 +46,28 @@ import qualified Jose.Jwe as Jwe  --- | Use the supplied JWK to create a JWT.+-- | Use the supplied JWKs to create a JWT.+-- The list of keys will be searched to locate one which is+-- consistent with the chosen algorithm. -- encode :: (CPRG g)        => g                               -- ^ Random number generator.-       -> Jwk                             -- ^ The key. Must be consistent with the chosen algorithm+       -> [Jwk]                           -- ^ The key or keys. At least one must be consistent with the chosen algorithm        -> Alg                             -- ^ The JWS or JWE algorithm        -> Maybe Enc                       -- ^ The payload encryption algorithm (if applicable)        -> ByteString                      -- ^ The payload (claims)-       -> (Either JwtError ByteString, g) -- ^ The encode JWT, if successful-encode rng jwk alg enc msg = flip runState rng $ runEitherT $ case alg of+       -> (Either JwtError ByteString, g) -- ^ The encoded JWT, if successful+encode rng jwks alg enc msg = flip runState rng $ runEitherT $ case alg of     Signed a    -> do         unless (isNothing enc) $ left (BadAlgorithm "Enc cannot be set for a JWS")-        hoistEither (validateForJws a jwk)-        hoistEither =<< state (\g -> Jws.jwkEncode g a jwk msg)-    Encrypted a -> case enc of-        Nothing   -> left (BadAlgorithm "Enc must be supplied for a JWE")-        Just e    -> hoistEither =<< state (\g -> Jwe.jwkEncode g a e jwk msg)+        case findMatchingJwsKeys jwks (defJwsHdr { jwsAlg = a }) of+            []     -> left (KeyError "No matching key found for JWS algorithm")+            (k:_) -> hoistEither =<< state (\g -> Jws.jwkEncode g a k msg)+    Encrypted a -> do+        e <- hoistEither $ note (BadAlgorithm "Enc must be supplied for a JWE") enc+        case findMatchingJweKeys jwks (defJweHdr { jweAlg = a, jweEnc = e }) of+            []     -> left (KeyError "No matching key found for JWE algorithm")+            (k:_) -> hoistEither =<< state (\g -> Jwe.jwkEncode g a e k msg)   -- | Uses the supplied keys to decode a JWT.@@ -98,9 +103,7 @@     decodeWithJwe :: CPRG g => Jwk -> EitherT JwtError (State g) (Maybe Jwt)     decodeWithJwe k = case k of         RsaPrivateJwk kPr _ _ _ -> do-            g <- lift get-            let (e, g') = Jwe.rsaDecode g kPr jwt-            lift $ put g'+            e <- state (\g -> Jwe.rsaDecode g kPr jwt)             either (const $ return Nothing) (return . Just . Jwe) e         _                       -> left $ KeyError "Not a JWE key (shouldn't happen)" 
jose-jwt.cabal view
@@ -1,5 +1,5 @@ Name:               jose-jwt-Version:            0.3+Version:            0.3.1 Synopsis:           JSON Object Signing and Encryption Library Homepage:           http://github.com/tekul/jose-jwt Bug-Reports:        http://github.com/tekul/jose-jwt/issues@@ -7,7 +7,7 @@     .     Intended to provide support for the JOSE suite of IETF (draft)     standards and the closely related JWT (JSON web token) spec-    (<http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25/>).+    (<http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32/>).     .     Both signed and encrypted JWTs are supported, as well as simple     JWK format keys.