paseto-0.1.0.0: src/Crypto/Paseto.hs
-- | This module is the recommended entry point for this library.
module Crypto.Paseto
( -- * Mode
Version (..)
, Purpose (..)
-- * Keys
-- ** Symmetric keys
, SymmetricKey (..)
, symmetricKeyToBytes
, bytesToSymmetricKeyV3
, bytesToSymmetricKeyV4
, generateSymmetricKeyV3
, generateSymmetricKeyV4
-- ** Asymmetric keys
-- *** Signing keys
, SigningKey (..)
, signingKeyToBytes
, bytesToSigningKeyV3
, bytesToSigningKeyV4
, generateSigningKeyV3
, generateSigningKeyV4
-- | ==== Errors
, ScalarDecodingError (..)
, renderScalarDecodingError
-- *** Verification keys
, VerificationKey (..)
, verificationKeyToBytes
, bytesToVerificationKeyV3
, bytesToVerificationKeyV4
, fromSigningKey
-- | ==== Errors
, PublicKeyP384DecodingError (..)
, renderPublicKeyP384DecodingError
-- * Tokens
, Token (..)
, Payload (..)
, Footer (..)
, ImplicitAssertion (..)
-- ** Construction
, BuildTokenParams (..)
, getDefaultBuildTokenParams
, buildTokenV3Local
, buildTokenV3Public
, buildTokenV4Local
, buildTokenV4Public
-- | === Errors
, V3LocalBuildError (..)
, renderV3LocalBuildError
, V3PublicBuildError (..)
, renderV3PublicBuildError
-- ** Encoding and decoding #encodingDecoding#
, encode
, ValidatedToken (..)
, decodeTokenV3Local
, decodeTokenV3Public
, decodeTokenV4Local
, decodeTokenV4Public
-- | === Errors
, CommonDecodingError (..)
, renderCommonDecodingError
, V3LocalDecodingError (..)
, renderV3LocalDecodingError
, V3PublicDecodingError (..)
, renderV3PublicDecodingError
, V4LocalDecodingError (..)
, renderV4LocalDecodingError
, V4PublicDecodingError (..)
, renderV4PublicDecodingError
-- ** Claims
-- *** Container type
-- $claimsContainer
, Claims
-- *** Claim types
, Claim (..)
, Issuer (..)
, Subject (..)
, Audience (..)
, Expiration (..)
, renderExpiration
, NotBefore (..)
, renderNotBefore
, IssuedAt (..)
, renderIssuedAt
, TokenIdentifier (..)
-- *** Custom claim keys
, UnregisteredClaimKey
, mkUnregisteredClaimKey
, renderUnregisteredClaimKey
-- ** Validation
-- *** Rules
, ValidationRule (..)
, ClaimMustExist (..)
-- **** Default rules
, getDefaultValidationRules
-- **** Simple rules
, forAudience
, identifiedBy
, issuedBy
, notExpired
, subject
, validAt
, customClaimEq
-- | === Errors
, ValidationError (..)
, renderValidationError
, renderValidationErrors
-- ** Unsafe parsers
-- $parsers
, parseTokenV3Local
, parseTokenV3Public
, parseTokenV4Local
, parseTokenV4Public
) where
import Crypto.Paseto.Keys
( SigningKey (..)
, SymmetricKey (..)
, VerificationKey (..)
, bytesToSigningKeyV3
, bytesToSigningKeyV4
, bytesToSymmetricKeyV3
, bytesToSymmetricKeyV4
, bytesToVerificationKeyV3
, bytesToVerificationKeyV4
, fromSigningKey
, generateSigningKeyV3
, generateSigningKeyV4
, generateSymmetricKeyV3
, generateSymmetricKeyV4
, signingKeyToBytes
, symmetricKeyToBytes
, verificationKeyToBytes
)
import Crypto.Paseto.Keys.V3
( PublicKeyP384DecodingError (..)
, ScalarDecodingError (..)
, renderPublicKeyP384DecodingError
, renderScalarDecodingError
)
import Crypto.Paseto.Mode ( Purpose (..), Version (..) )
import Crypto.Paseto.Token
( Footer (..), ImplicitAssertion (..), Payload (..), Token (..) )
import Crypto.Paseto.Token.Build
( BuildTokenParams (..)
, V3LocalBuildError (..)
, V3PublicBuildError (..)
, buildTokenV3Local
, buildTokenV3Public
, buildTokenV4Local
, buildTokenV4Public
, getDefaultBuildTokenParams
, renderV3LocalBuildError
, renderV3PublicBuildError
)
import Crypto.Paseto.Token.Claim
( Audience (..)
, Claim (..)
, Expiration (..)
, IssuedAt (..)
, Issuer (..)
, NotBefore (..)
, Subject (..)
, TokenIdentifier (..)
, UnregisteredClaimKey
, mkUnregisteredClaimKey
, renderExpiration
, renderIssuedAt
, renderNotBefore
, renderUnregisteredClaimKey
)
import Crypto.Paseto.Token.Claims ( Claims )
import Crypto.Paseto.Token.Encoding
( CommonDecodingError (..)
, V3LocalDecodingError (..)
, V3PublicDecodingError (..)
, V4LocalDecodingError (..)
, V4PublicDecodingError (..)
, ValidatedToken (..)
, decodeTokenV3Local
, decodeTokenV3Public
, decodeTokenV4Local
, decodeTokenV4Public
, encode
, renderCommonDecodingError
, renderV3LocalDecodingError
, renderV3PublicDecodingError
, renderV4LocalDecodingError
, renderV4PublicDecodingError
)
import Crypto.Paseto.Token.Parser
( parseTokenV3Local
, parseTokenV3Public
, parseTokenV4Local
, parseTokenV4Public
)
import Crypto.Paseto.Token.Validation
( ClaimMustExist (..)
, ValidationError (..)
, ValidationRule (..)
, customClaimEq
, forAudience
, getDefaultValidationRules
, identifiedBy
, issuedBy
, notExpired
, renderValidationError
, renderValidationErrors
, subject
, validAt
)
-- $claimsContainer
--
-- Collection of PASETO token claims.
--
-- Note that we only re-export the 'Claims' type from this module as the rest
-- of the API contains functions which may conflict with those in "Prelude"
-- and other container implementations such as "Data.Map".
--
-- If you need access to those other functions, it's recommended to import
-- "Crypto.Paseto.Token.Claims" qualified. For example:
--
-- @
-- import qualified Crypto.Paseto.Token.Claims as Claims
-- @
-- $parsers
--
-- Note that these parsers are considered __unsafe__ as they /do not/ perform
-- any kind of token validation, cryptographic or otherwise. They simply
-- ensure that the input /looks like/ a well-formed token.
--
-- For typical usage, one should use the decoding functions that perform
-- parsing, cryptographic verification, and validation from the
-- [encoding and decoding](#g:encodingDecoding) section.
--
-- As a result, you should only use these unsafe parsers in specific
-- situations where you really know what you're doing. For example, they can
-- be useful in situations where one wants to parse some information out of a
-- token's footer without first needing to decrypt or verify the token. For
-- more information on this particular scenario, see
-- [Key-ID Support](https://github.com/paseto-standard/paseto-spec/blob/af79f25908227555404e7462ccdd8ce106049469/docs/02-Implementation-Guide/01-Payload-Processing.md#key-id-support)
-- in the PASETO specification.