Validate a JWT based on a JWKS url
Function requires:
- A string containing the JWT
- A string containing the url of the JWKS
- A string containing the algorithm used to sign the JWT (e.g: 'rs256')
Returns a map containing the unsigned JWT or
:error.
(ns jwt-verify-jwks.test
(:require [jwt-verify-jwks.core :refer [jwt-validate-jwks]]))
(jwt-validate-jwks "xxxx.xxxx.xxxxx" "http://myjwks.com" "rs256")
;; => {:email "xxx@xxx.com",
:aud "xxx",
:sub "xxx",
:iss "https://xxx.com/",
:name "xxx@xxx.com",
:nickname "xxx",
:exp 1111111111,
:email_verified true,
:updated_at "xxxx-xx-xxTxx:xx:xx.xxxZ",
:picture "https://xxx.com/xxx.png",
:iat 1111111111}
;; {:error "Error with public key: Token is expired (1111111111)}"
This library relies on Funcool buddy-sign library. Here are the supported algorithms:
| Algorithm name | Hash algorithms | Keywords |
|---|---|---|
| Elliptic Curve DSA | sha256, sha512 | :es256, :es512 |
| RSASSA PSS | sha256, sha512 | :ps256, :ps512 |
| RSASSA PKCS1 v1_5 | sha256, sha512 | :rs256, :rs512 |
| HMAC | sha256*, sha512 | :hs256, :hs512 |
Pull requests are welcome.