Next: , Previous: , Up: The Json Web Token   [Contents][Index]


8.2 Tokens issued by an OIDC provider

OIDC tokens are those signed by an OIDC identity provider. This kind of token knows its issuer, and getting the keys to check the token signature is done by OIDC discovery.

Class: <oidc-token> (<token>) iss

The base class for tokens which are issued by an identity provider. It knows the issuer (iss, an uri from (web uri)), and can query it to check the token signature.

Similarly to the base token type, you can construct one by specifying its arguments, or create one from a pair of alists.

The main point of this class is to provide a method for the lookup-keys generic. This method accepts one keyword argument, #:http-request, a function that behaves like the web client in (web client). You can set this value as a keyword argument in the decode function.

Generic: iss token

Return the issuer of token, as an URI.

Exception type: &cannot-query-identity-provider identity-provider

This exception is raised when the OIDC discovery fails. identity-provider is an URI.

function: make-cannot-query-identity-provider identity-provider

Construct an exception of type &cannot-query-identity-provider.

function: cannot-query-identity-provider? exception

Check whether exception was raised because an identity provider could not be queried.

function: cannot-query-identity-provider-value exception

Return the faulty identity provider for exception.