|
21 | 21 | - [External Dependencies](#externaldependencies) |
22 | 22 | - [Thanks to...](#thanksto) |
23 | 23 | - [Installation](#installation) |
24 | | -- [API Categories](#apicategories) |
25 | | -- [Advanced Examples](#advancedexamples) |
26 | 24 | - [Parameters](#parameters) |
| 25 | +- [Claim Data TYpes](#claimdatatypes) |
| 26 | +- [Advanced Examples](#advancedexamples) |
27 | 27 | - [JWS Verification](#jwsverification) |
28 | 28 | - [Error Codes & Exceptions](#errorcodeexception) |
29 | 29 | - [Additional Header Data](#additionalheaderdata) |
@@ -182,4 +182,164 @@ The library has 2 sets of APIs for encoding and decoding: |
182 | 182 | - [x] nbf (not before time) check |
183 | 183 | - [x] iat (issued at) check |
184 | 184 | - [x] jti (JWT id) check |
| 185 | +- [x] JWS header addition support. For eg "kid" support. |
| 186 | + |
| 187 | +## External Dependencies |
| 188 | + - <strong>OpenSSL </strong>(Version >= 1.0.2j) |
| 189 | + Might work with older version as well, but I did not check that. |
| 190 | + - <strong>Google Test Framework</strong> |
| 191 | + For running the tests |
| 192 | + - <strong>nlohmann JSON library</strong> |
| 193 | + The awesome JSON library :) |
| 194 | + |
| 195 | +## Thanks to... |
| 196 | + - <a href="https://github.com/benmcollins/libjwt">ben-collins JWT library</a> |
| 197 | + - Howard Hinnant for the stack allocator |
| 198 | + - libstd++ code (I took the hashing code for string_view) |
| 199 | + |
| 200 | +## Installation |
| 201 | +Use the C++ package manager..... just kidding :) |
| 202 | +This is a header only library, so you can just add it to your include path and start using it. The only somewhat tricky part is to link it with openssl library. Check out the cmake file for building it properly. |
| 203 | + |
| 204 | +For example one can run cmake like: |
| 205 | +``` |
| 206 | +cmake -DOPENSSL_ROOT_DIR=/usr/local/Cellar/openssl/1.0.2j/ -DOPENSSL_LIBRARIES=/usr/local/Cellar/openssl/1.0.2j/lib/ -DOPENSSL_INCLUDE_DIR=/usr/local/Cellar/openssl/1.0.2j/include/ |
| 207 | +``` |
| 208 | + |
| 209 | +## Parameters |
| 210 | +There are two sets of parameters which can be used for creating `jwt_object` and for decoding. |
| 211 | +All the parameters are basically a function which returns an instance of a type which are modelled after <code>ParameterConcept</code> (see <code>jwt::detail::meta::is_parameter_concept</code>). |
| 212 | + |
| 213 | + |
| 214 | +- <code>jwt_object</code> creation parameters |
| 215 | + - <strong>payload</strong> |
| 216 | + Used to populate the claims while creating the `jwt_object` instance. |
| 217 | + There are two overloads of this function: |
| 218 | + - Takes Initializer list of <code>pair<string_view, string_view></code> |
| 219 | + Easy to pass claims with string values which are all known at the time of object creation. |
| 220 | + Can be used like: |
| 221 | + ```cpp |
| 222 | + jwt_object obj { |
| 223 | + payload({ |
| 224 | + {"iss", "some-guy"}, |
| 225 | + {"sub", "something"}, |
| 226 | + {"X-pld", "data1"} |
| 227 | + }), |
| 228 | + ... // Add other parameters |
| 229 | + }; |
| 230 | + ``` |
| 231 | + Claim values which are not strings/string_views cannot be used. |
| 232 | + |
| 233 | + - Takes any type which models <code>MappingConcept</code> (see <code>detail::meta::is_mapping_concept</code>) |
| 234 | + This overload can accept <code>std::map</code> or <code>std::unordered_map</code> like containers. |
| 235 | + Can be used like: |
| 236 | + ```cpp |
| 237 | + map<string, string> m; |
| 238 | + m["iss"] = "some-guy"; |
| 239 | + m["sub"] = "something"; |
| 240 | + m["X-pld"] = "data1"; |
| 241 | + |
| 242 | + jwt_object obj{ |
| 243 | + payload(std::move(m)), |
| 244 | + ... // Add other parameters |
| 245 | + }; |
| 246 | + //OR |
| 247 | + jwt_object obj{ |
| 248 | + payload(m), |
| 249 | + ... // Add other parameters |
| 250 | + }; |
| 251 | + ``` |
| 252 | + |
| 253 | + - <strong>secret</strong> |
| 254 | + Used to pass the key which could be some random string or public certificate data as string. |
| 255 | + The passed string type must be convertible to <code>jwt::string_view</code> |
| 256 | + |
| 257 | + - <strong>algorithm</strong> |
| 258 | + Used to pass the type of algorithm to use for encoding. |
| 259 | + There are two overloads of this function: |
| 260 | + - Takes <code>jwt::string_view</code> |
| 261 | + Can pass the algorithm value in any case. It is case agnostic. |
| 262 | + |
| 263 | + - Takes value of type <code>enum class jwt::algorithm</code> |
| 264 | + |
| 265 | + - <strong>headers</strong> |
| 266 | + Used to populate fields in JWT header. It is very similar to `payload` function parameter. |
| 267 | + There are two overloads for this function which are similar to how <code>payload</code> function is. |
| 268 | + This parameter can be used to add headers other that <strong>alg</strong> and <strong>typ</strong>. |
| 269 | + |
| 270 | + Same as the case with payload, only string values can be used with this. For adding values of other |
| 271 | + data types, use <code>add_header</code> API of <code>jwt_header</code> class. |
| 272 | + |
| 273 | + For example adding `kid` header with other additional data fields. |
| 274 | + ```cpp |
| 275 | + jwt_object obj{ |
| 276 | + algorithm("HS256"), |
| 277 | + headers({ |
| 278 | + {"kid", "12-34-56"}, |
| 279 | + {"xtra", "header"} |
| 280 | + }) |
| 281 | + ... // Add other parameters |
| 282 | + }; |
| 283 | + ``` |
| 284 | + |
| 285 | + |
| 286 | +- Decoding parameters |
| 287 | + - <strong>algorithms</strong> |
| 288 | + This is a mandatory parameter which takes a sequence of algorithms (as string) which the user would like to permit when validating the JWT. The value in the header for "alg" would be matched against the provided sequence of values. If nothing matches <code>InvalidAlgorithmError</code> exception or <code>InvalidAlgorithm</code> error would be set based upon the API being used. |
| 289 | + |
| 290 | + There are two overloads for this function: |
| 291 | + - Takes initializer-list of string values |
| 292 | + - Takes in any type which satifies the <strong>SequenceConcept</strong> (see <code>idetail::meta::is_sequence_concept</code>) |
| 293 | + |
| 294 | + ```cpp |
| 295 | + jwt::decode(algorithms({"none", "hs256", "rs256"}), ...); |
| 296 | + |
| 297 | + OR |
| 298 | + |
| 299 | + std::vector<std::string> algs{"none", "hs256", "rs256"}; |
| 300 | + jwt::decode(algorithms(algs), ...); |
| 301 | + ``` |
| 302 | +
|
| 303 | + - <strong>secret</strong> |
| 304 | + Optional parameter. To be supplied only when the algorithm used is not "NONE". Else would throw/set <code>KeyNotPresentError</code> / <code>KeyNotPresent</code> exception/error. |
| 305 | +
|
| 306 | + - <strong>leeway</strong> |
| 307 | + Optional parameter. Used with validation of "Expiration" and "Not Before" claims. |
| 308 | + The value passed should be `seconds` to account for clock skew. |
| 309 | + Default value is `0` seconds. |
| 310 | +
|
| 311 | + - <strong>verify</strong> |
| 312 | + Optional parameter. Suggests if verification of claims should be done or not. |
| 313 | + Takes a boolean value. |
| 314 | + By default verification is turned on. |
| 315 | +
|
| 316 | + - <strong>issuer</strong> |
| 317 | + Optional parameter. |
| 318 | + Takes a string value. |
| 319 | + Validates the passed issuer value against the one present in the decoded JWT object. If the values do not match <code>InvalidIssuerError</code> or <code>InvalidIssuer</code> exception or error_code is thrown/set. |
| 320 | +
|
| 321 | + - <strong>aud</strong> |
| 322 | + Optional parameter. |
| 323 | + Takes a string value. |
| 324 | + Validates the passed audience value against the one present in the decoded JWT object. If the values do not match <code>InvalidAudienceError</code> or <code>InvalidAudience</code> exception or error_code is thrown/set. |
| 325 | +
|
| 326 | + - <strong>sub</strong> |
| 327 | + Optional parameter. |
| 328 | + Takes a string value. |
| 329 | + Validates the passed subject value against the one present in the decoded JWT object. If the values do not match <code>InvalidSubjectError</code> or <code>InvalidSubject</code> exception or error_code is thrown/set. |
| 330 | +
|
| 331 | + - <strong>validate_iat</strong> |
| 332 | + Optional parameter. |
| 333 | + Takes a boolean value. |
| 334 | + Validates the IAT claim. Only checks whether the field is present and is of correct type. If not throws/sets <code>InvalidIATError</code> or <code>InvalidIAT</code>. |
| 335 | +
|
| 336 | + Default value is false. |
| 337 | +
|
| 338 | + - <strong>validate_jti</strong> |
| 339 | + Optional parameter. |
| 340 | + Takes a boolean value. |
| 341 | + Validates the JTI claim. Only checks for the presence of the claim. If not throws or sets <code>InvalidJTIError</code> or <code>InvalidJTI</code>. |
| 342 | +
|
| 343 | + Default is false. |
| 344 | +
|
185 | 345 |
|
0 commit comments