Struct jsonwebtoken::Validation
source · pub struct Validation {
pub required_spec_claims: HashSet<String>,
pub leeway: u64,
pub validate_exp: bool,
pub validate_nbf: bool,
pub validate_aud: bool,
pub aud: Option<HashSet<String>>,
pub iss: Option<HashSet<String>>,
pub sub: Option<String>,
pub algorithms: Vec<Algorithm>,
/* private fields */
}
Expand description
Contains the various validations that are applied after decoding a JWT.
All time validation happen on UTC timestamps as seconds.
use jsonwebtoken::{Validation, Algorithm};
let mut validation = Validation::new(Algorithm::HS256);
validation.leeway = 5;
// Setting audience
validation.set_audience(&["Me"]); // a single string
validation.set_audience(&["Me", "You"]); // array of strings
// or issuer
validation.set_issuer(&["Me"]); // a single string
validation.set_issuer(&["Me", "You"]); // array of strings
Fields§
§required_spec_claims: HashSet<String>
Which claims are required to be present before starting the validation.
This does not interact with the various validate_*
. If you remove exp
from that list, you still need
to set validate_exp
to false
.
The only value that will be used are “exp”, “nbf”, “aud”, “iss”, “sub”. Anything else will be ignored.
Defaults to {"exp"}
leeway: u64
Add some leeway (in seconds) to the exp
and nbf
validation to
account for clock skew.
Defaults to 60
.
validate_exp: bool
Whether to validate the exp
field.
It will return an error if the time in the exp
field is past.
Defaults to true
.
validate_nbf: bool
Whether to validate the nbf
field.
It will return an error if the current timestamp is before the time in the nbf
field.
Defaults to false
.
validate_aud: bool
Whether to validate the aud
field.
It will return an error if the aud
field is not a member of the audience provided.
Defaults to true
. Very insecure to turn this off. Only do this if you know what you are doing.
aud: Option<HashSet<String>>
Validation will check that the aud
field is a member of the
audience provided and will error otherwise.
Use set_audience
to set it
Defaults to None
.
iss: Option<HashSet<String>>
If it contains a value, the validation will check that the iss
field is a member of the
iss provided and will error otherwise.
Use set_issuer
to set it
Defaults to None
.
sub: Option<String>
If it contains a value, the validation will check that the sub
field is the same as the
one provided and will error otherwise.
Defaults to None
.
algorithms: Vec<Algorithm>
The validation will check that the alg
of the header is contained
in the ones provided and will error otherwise. Will error if it is empty.
Defaults to vec![Algorithm::HS256]
.
Implementations§
source§impl Validation
impl Validation
sourcepub fn new(alg: Algorithm) -> Validation
pub fn new(alg: Algorithm) -> Validation
Create a default validation setup allowing the given alg
sourcepub fn set_audience<T: ToString>(&mut self, items: &[T])
pub fn set_audience<T: ToString>(&mut self, items: &[T])
aud
is a collection of one or more acceptable audience members
The simple usage is set_audience(&["some aud name"])
sourcepub fn set_issuer<T: ToString>(&mut self, items: &[T])
pub fn set_issuer<T: ToString>(&mut self, items: &[T])
iss
is a collection of one or more acceptable issuers members
The simple usage is set_issuer(&["some iss name"])
sourcepub fn set_required_spec_claims<T: ToString>(&mut self, items: &[T])
pub fn set_required_spec_claims<T: ToString>(&mut self, items: &[T])
Which claims are required to be present for this JWT to be considered valid.
The only values that will be considered are “exp”, “nbf”, “aud”, “iss”, “sub”.
The simple usage is set_required_spec_claims(&["exp", "nbf"])
.
If you want to have an empty set, do not use this function - set an empty set on the struct
param directly.
sourcepub fn insecure_disable_signature_validation(&mut self)
pub fn insecure_disable_signature_validation(&mut self)
Whether to validate the JWT cryptographic signature. Disabling validation is dangerous, only do it if you know what you’re doing. With validation disabled you should not trust any of the values of the claims.
Trait Implementations§
source§impl Clone for Validation
impl Clone for Validation
source§fn clone(&self) -> Validation
fn clone(&self) -> Validation
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for Validation
impl Debug for Validation
source§impl Default for Validation
impl Default for Validation
source§impl PartialEq for Validation
impl PartialEq for Validation
impl Eq for Validation
impl StructuralPartialEq for Validation
Auto Trait Implementations§
impl Freeze for Validation
impl RefUnwindSafe for Validation
impl Send for Validation
impl Sync for Validation
impl Unpin for Validation
impl UnwindSafe for Validation
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§default unsafe fn clone_to_uninit(&self, dst: *mut T)
default unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key
and return true
if they are equal.