mas_oidc_client::requests::jose

Function verify_signed_jwt

Source 
pub fn verify_signed_jwt<'a>(
    jwt: &'a str,
    verification_data: JwtVerificationData<'_>,
) -> Result<Jwt<'a, HashMap<String, Value>>, JwtVerificationError>
Expand description

Decode and verify a signed JWT.

The following checks are performed:

  • The signature is verified with the given JWKS.

  • The iss claim must be present and match the issuer, if present

  • The aud claim must be present and match the client ID.

  • The alg in the header must match the signing algorithm.

§Arguments

  • jwt - The serialized JWT to decode and verify.

  • jwks - The JWKS that should contain the public key to verify the JWT’s signature.

  • issuer - The issuer of the JWT.

  • audience - The audience that the JWT is intended for.

  • signing_algorithm - The JWA that should have been used to sign the JWT.

§Errors

Returns an error if the data is invalid or verification fails.