blob: 62aae38d0d223fd89d7b4e3ba19e0b6f79e5b884 [file] [log] [blame]
// Copyright 2022 Google LLC
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.
package jwt
// MAC is an interface for authenticating and verifying JSON Web Tokens (JWT) with JSON Web Signature (JWS) MAC.
// See RFC 7519 and RFC 7515. Security guarantees: similar to Message Authentication Code (MAC).
type MAC interface {
// Computes a MAC and encodes the raw JWT token and the MAC in the JWS compact serialization format.
ComputeMACAndEncode(token *RawJWT) (string, error)
// Verifies and decodes a JWT token in the JWS compact serialization format.
// The JWT is validated against the rules in validator. That is, every claim
// in validator must also be present in the JWT. For example, if validator
// contains an issuer (iss) claim, the JWT must contain an identical claim.
// The JWT can contain claims that are NOT in the validator. However, if the
// JWT contains a list of audiences, the validator must also contain an
// audience in the list.
// If the JWT contains timestamp claims such as expiration (exp), issued_at
// (iat) or not_before (nbf), they will also be validated. validator allows to
// set a clock skew, to deal with small clock differences among different
// machines.
VerifyMACAndDecode(compact string, validator *Validator) (*VerifiedJWT, error)