The (webid-oidc jws) implements some functionality for tokens.
The base class for all tokens. It only knows the signature algorithm. You can construct one in different ways:
#:algconstruct keyword supports a string or a keyword as a value, containing a valid JWA identifier, such as
#:signing-keykeyword defines the key that will serve to sign the token. The signature algorithm is set to the default of signing-key;
#:jwt-payloadkeywords let you pass two alists, following the JSON representation from srfi-180: objects are alists of symbols to values, arrays are vectors.
This exception is raised when a JWT cannot be parsed or constructed as a JWS.
Construct an exception of type
Check whether exception was raised because of an invalid JWS.
There are multiple things you can do with a token.
Return the signature algorithm used for token, as a symbol.
Return two alists, following the JSON representation from srfi-180: one for the header, and then one for the payload.
Return the set of keys that could be used to sign token, as a public key, a list of keys, or a JWKS. args is a list of keyword arguments for specific implementations.
Suppose that the token signature has been checked, perform some additional verifications. This function should raise exceptions to signal an invalid token.
Parse encoded as a token from the expected-token-class,
check its signature against the key obtained by
token args) where token is the parsed token, and
perform additional verifications with
Encode and sign token with key, returning a string.
Construct a token of token-class and args and sign it with
issuer-key. Since we know the key to sign it, it is not
necessary to pass either
#:alg to the