Struct jsonwebtoken::Validation [−][src]
pub struct Validation {
pub leeway: u64,
pub validate_exp: bool,
pub validate_nbf: bool,
pub aud: Option<HashSet<String>>,
pub iss: Option<HashSet<String>>,
pub sub: Option<String>,
pub algorithms: Vec<Algorithm>,
// some fields omitted
}
Expand description
Contains the various validations that are applied after decoding a JWT.
All time validation happen on UTC timestamps as seconds.
use jsonwebtoken::{Validation, Algorithm};
let mut validation = Validation::new(Algorithm::HS256);
validation.leeway = 5;
// Setting audience
validation.set_audience(&["Me"]); // a single string
validation.set_audience(&["Me", "You"]); // array of strings
// or issuer
validation.set_iss(&["Me"]); // a single string
validation.set_iss(&["Me", "You"]); // array of strings
Fields
leeway: u64
Add some leeway (in seconds) to the exp
, iat
and nbf
validation to
account for clock skew.
Defaults to 0
.
validate_exp: bool
Whether to validate the exp
field.
It will return an error if the time in the exp
field is past.
Defaults to true
.
validate_nbf: bool
Whether to validate the nbf
field.
It will return an error if the current timestamp is before the time in the nbf
field.
Defaults to false
.
aud: Option<HashSet<String>>
If it contains a value, the validation will check that the aud
field is a member of the
audience provided and will error otherwise.
Defaults to None
.
iss: Option<HashSet<String>>
If it contains a value, the validation will check that the iss
field is a member of the
iss provided and will error otherwise.
Defaults to None
.
sub: Option<String>
If it contains a value, the validation will check that the sub
field is the same as the
one provided and will error otherwise.
Defaults to None
.
algorithms: Vec<Algorithm>
The validation will check that the alg
of the header is contained
in the ones provided and will error otherwise. Will error if it is empty.
Defaults to vec![Algorithm::HS256]
.
Implementations
Create a default validation setup allowing the given alg
aud
is a collection of one or more acceptable audience members
iss
is a collection of one or more acceptable iss members
Whether to validate the JWT cryptographic signature Very insecure to turn that off, only do it if you know what you’re doing. With this flag turned off, you should not trust any of the values of the claims.
Trait Implementations
This method tests for self
and other
values to be equal, and is used
by ==
. Read more
This method tests for !=
.
Auto Trait Implementations
impl RefUnwindSafe for Validation
impl Send for Validation
impl Sync for Validation
impl Unpin for Validation
impl UnwindSafe for Validation
Blanket Implementations
Mutably borrows from an owned value. Read more