jose-jwt 0.3 → 0.3.1
raw patch · 3 files changed
+23/−15 lines, 3 filesPVP: major bump suggested
API removals or changes: PVP suggests a major version bump
API changes (from Hackage documentation)
- Jose.Jwt: encode :: CPRG g => g -> Jwk -> Alg -> Maybe Enc -> ByteString -> (Either JwtError ByteString, g)
+ Jose.Jwt: encode :: CPRG g => g -> [Jwk] -> Alg -> Maybe Enc -> ByteString -> (Either JwtError ByteString, g)
Files
- CHANGELOG.md +6/−1
- Jose/Jwt.hs +15/−12
- jose-jwt.cabal +2/−2
CHANGELOG.md view
@@ -1,7 +1,12 @@+0.3.1+-----++Changed the signature of `Jwt.encode` to take a list of `Jwk` rather than a single key. The key will be selected from+the list based on the specified algorithms.+ 0.3 --- * New support for JWS validation using elliptic curve algorithms. * Added `Jwt.encode` function which takes a JWK argument, allowing key data (currently the key ID) to be encoded in the token header.-
Jose/Jwt.hs view
@@ -46,23 +46,28 @@ import qualified Jose.Jwe as Jwe --- | Use the supplied JWK to create a JWT.+-- | Use the supplied JWKs to create a JWT.+-- The list of keys will be searched to locate one which is+-- consistent with the chosen algorithm. -- encode :: (CPRG g) => g -- ^ Random number generator.- -> Jwk -- ^ The key. Must be consistent with the chosen algorithm+ -> [Jwk] -- ^ The key or keys. At least one must be consistent with the chosen algorithm -> Alg -- ^ The JWS or JWE algorithm -> Maybe Enc -- ^ The payload encryption algorithm (if applicable) -> ByteString -- ^ The payload (claims)- -> (Either JwtError ByteString, g) -- ^ The encode JWT, if successful-encode rng jwk alg enc msg = flip runState rng $ runEitherT $ case alg of+ -> (Either JwtError ByteString, g) -- ^ The encoded JWT, if successful+encode rng jwks alg enc msg = flip runState rng $ runEitherT $ case alg of Signed a -> do unless (isNothing enc) $ left (BadAlgorithm "Enc cannot be set for a JWS")- hoistEither (validateForJws a jwk)- hoistEither =<< state (\g -> Jws.jwkEncode g a jwk msg)- Encrypted a -> case enc of- Nothing -> left (BadAlgorithm "Enc must be supplied for a JWE")- Just e -> hoistEither =<< state (\g -> Jwe.jwkEncode g a e jwk msg)+ case findMatchingJwsKeys jwks (defJwsHdr { jwsAlg = a }) of+ [] -> left (KeyError "No matching key found for JWS algorithm")+ (k:_) -> hoistEither =<< state (\g -> Jws.jwkEncode g a k msg)+ Encrypted a -> do+ e <- hoistEither $ note (BadAlgorithm "Enc must be supplied for a JWE") enc+ case findMatchingJweKeys jwks (defJweHdr { jweAlg = a, jweEnc = e }) of+ [] -> left (KeyError "No matching key found for JWE algorithm")+ (k:_) -> hoistEither =<< state (\g -> Jwe.jwkEncode g a e k msg) -- | Uses the supplied keys to decode a JWT.@@ -98,9 +103,7 @@ decodeWithJwe :: CPRG g => Jwk -> EitherT JwtError (State g) (Maybe Jwt) decodeWithJwe k = case k of RsaPrivateJwk kPr _ _ _ -> do- g <- lift get- let (e, g') = Jwe.rsaDecode g kPr jwt- lift $ put g'+ e <- state (\g -> Jwe.rsaDecode g kPr jwt) either (const $ return Nothing) (return . Just . Jwe) e _ -> left $ KeyError "Not a JWE key (shouldn't happen)"
jose-jwt.cabal view
@@ -1,5 +1,5 @@ Name: jose-jwt-Version: 0.3+Version: 0.3.1 Synopsis: JSON Object Signing and Encryption Library Homepage: http://github.com/tekul/jose-jwt Bug-Reports: http://github.com/tekul/jose-jwt/issues@@ -7,7 +7,7 @@ . Intended to provide support for the JOSE suite of IETF (draft) standards and the closely related JWT (JSON web token) spec- (<http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25/>).+ (<http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32/>). . Both signed and encrypted JWTs are supported, as well as simple JWK format keys.