diff options
author | Vincent Ambo <mail@tazj.in> | 2018-09-04T09·36+0200 |
---|---|---|
committer | Vincent Ambo <mail@tazj.in> | 2018-09-04T10·45+0200 |
commit | b6eedbfe16938424ac2f677d5f81d6e1c6868849 (patch) | |
tree | 7b6340753543c40de38ea9798ca9a6c1229f5d75 | |
parent | 37652545b47f8269d07d09657050bde533eff656 (diff) |
feat: Initial implementation of 'validate' function
Implements the logic for validating a token signature and returning its decoded headers and claims. This does not yet apply claim validations, as those have not been specified yet.
-rw-r--r-- | src/lib.rs | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/src/lib.rs b/src/lib.rs index 51fb620c6d4f..f8ae81591ed5 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -206,10 +206,32 @@ pub fn token_kid(jwt: &JWT) -> JWTResult<Option<String>> { /// and if a signature verification passes *all* claim validations are /// run and returned. /// +/// If validation succeeds a representation of the token is returned +/// that contains the header and claims as simple JSON values. +/// /// It is the user's task to ensure that the correct JWK is passed in /// for validation. -pub fn validate(jwt: JWT, jwk: JWK, validations: Vec<Validation>) -> JWTResult<()> { - unimplemented!() +pub fn validate(token: String, + jwk: &JWK, + validations: Vec<Validation>) -> JWTResult<ValidJWT> { + let jwt = JWT(token); + let public_key = public_key_from_jwk(&jwk)?; + validate_jwt_signature(&jwt, public_key)?; + + // Split out all three parts of the JWT this time, deserialising + // the first and second as appropriate. + let parts: Vec<&str> = jwt.0.splitn(3, '.').collect(); + if parts.len() != 3 { + // This is unlikely considering that validation has already + // been performed at this point, but better safe than sorry. + return Err(ValidationError::MalformedJWT) + } + + let headers = deserialize_part(parts[0])?; + let claims = deserialize_part(parts[1])?; + let valid_jwt = ValidJWT { headers, claims }; + + Ok(valid_jwt) } // Internal implementation |