Next: , Up: The Json Web Token   [Contents][Index]

8.1 Tokens

The (webid-oidc jws) implements some functionality for tokens.

Class: <token> () alg

The base class for all tokens. It only knows the signature algorithm. You can construct one in different ways:

Exception type: &invalid-jws

This exception is raised when a JWT cannot be parsed or constructed as a JWS.

function: make-invalid-jws

Construct an exception of type &invalid-jws.

function: invalid-jws? exception

Check whether exception was raised because of an invalid JWS.

There are multiple things you can do with a token.

Generic: alg token

Return the signature algorithm used for token, as a symbol.

Generic: token->jwt token

Return two alists, following the JSON representation from srfi-180: one for the header, and then one for the payload.

Generic: lookup-keys token args

Return the set of keys that could be used to sign token, as a public key, a list of keys, or a JWKS. args is a list of keyword arguments for specific implementations.

Generic: verify token args

Suppose that the token signature has been checked, perform some additional verifications. This function should raise exceptions to signal an invalid token.

function: decode expected-token-class encoded . args

Parse encoded as a token from the expected-token-class, check its signature against the key obtained by (lookup-keys token args) where token is the parsed token, and perform additional verifications with (verify token args).

function: encode token key

Encode and sign token with key, returning a string.

function: issue token-class issuer-key . args

Construct a token of token-class and args and sign it with issuer-key. Since we know the key to sign it, it is not necessary to pass either #:signing-key nor #:alg to the constructor.

Next: , Up: The Json Web Token   [Contents][Index]