diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib.rs | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/src/lib.rs b/src/lib.rs index 51fb620c6d4f..f8ae81591ed5 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -206,10 +206,32 @@ pub fn token_kid(jwt: &JWT) -> JWTResult<Option<String>> { /// and if a signature verification passes *all* claim validations are /// run and returned. /// +/// If validation succeeds a representation of the token is returned +/// that contains the header and claims as simple JSON values. +/// /// It is the user's task to ensure that the correct JWK is passed in /// for validation. -pub fn validate(jwt: JWT, jwk: JWK, validations: Vec<Validation>) -> JWTResult<()> { - unimplemented!() +pub fn validate(token: String, + jwk: &JWK, + validations: Vec<Validation>) -> JWTResult<ValidJWT> { + let jwt = JWT(token); + let public_key = public_key_from_jwk(&jwk)?; + validate_jwt_signature(&jwt, public_key)?; + + // Split out all three parts of the JWT this time, deserialising + // the first and second as appropriate. + let parts: Vec<&str> = jwt.0.splitn(3, '.').collect(); + if parts.len() != 3 { + // This is unlikely considering that validation has already + // been performed at this point, but better safe than sorry. + return Err(ValidationError::MalformedJWT) + } + + let headers = deserialize_part(parts[0])?; + let claims = deserialize_part(parts[1])?; + let valid_jwt = ValidJWT { headers, claims }; + + Ok(valid_jwt) } // Internal implementation |