jose_utils v0.1.0 JOSEUtils.JWS View Source

Convenience functions to work with signed JWTs

Link to this section Summary

Types

Serialized JWS signed token

Functions

Verifies the signature of a JWS, and returns its content and the signature key

Link to this section Types

Link to this type

serialized()

View Source
serialized() :: String.t()

Serialized JWS signed token

For instance:

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"

Link to this section Functions

Link to this function

verify(jws, jwk, allowed_algs)

View Source
verify(
  jws :: serialized(),
  jwk_or_jwks :: JOSEUtils.JWK.t() | [JOSEUtils.JWK.t()],
  allowed_algs :: [JOSEUtils.JWA.sig_alg()]
) :: {:ok, {verified_content :: binary(), JOSEUtils.JWK.t()}} | :error

Verifies the signature of a JWS, and returns its content and the signature key

The function also filters the key using JOSEUtils.JWKS.verification_keys/2 with the whitelisted signature algorithms. If the JWS has an identifier ("kid"), it only uses that specific key.

Example

iex> JOSE.crypto_fallback(true)
iex> jwk_ed25519   = JOSE.JWK.generate_key({:okp, :Ed25519})
iex> jwk_ed25519_map = jwk_ed25519 |> JOSE.JWK.to_map() |> elem(1)
iex> signed_ed25519 = JOSE.JWS.sign(jwk_ed25519, "{}", %{ "alg" => "Ed25519" }) |> JOSE.JWS.compact |> elem(1)
iex> JOSEUtils.JWS.verify(signed_ed25519, jwk_ed25519_map, ["RS256"])
:error
iex> JOSEUtils.JWS.verify(signed_ed25519, jwk_ed25519_map, ["Ed25519"]) |> elem(0)
:ok