Struct jsonwebtoken::Validation[−][src]

pub struct Validation {
    pub leeway: u64,
    pub validate_exp: bool,
    pub validate_nbf: bool,
    pub aud: Option<HashSet<String>>,
    pub iss: Option<HashSet<String>>,
    pub sub: Option<String>,
    pub algorithms: Vec<Algorithm>,
    // some fields omitted
}

Expand description

Contains the various validations that are applied after decoding a JWT.

All time validation happen on UTC timestamps as seconds.

use jsonwebtoken::{Validation, Algorithm};

let mut validation = Validation::new(Algorithm::HS256);
validation.leeway = 5;
// Setting audience
validation.set_audience(&["Me"]); // a single string
validation.set_audience(&["Me", "You"]); // array of strings
// or issuer
validation.set_iss(&["Me"]); // a single string
validation.set_iss(&["Me", "You"]); // array of strings

Fields

leeway: u64

Add some leeway (in seconds) to the exp, iat and nbf validation to account for clock skew.

Defaults to 0.

validate_exp: bool

Whether to validate the exp field.

It will return an error if the time in the exp field is past.

Defaults to true.

validate_nbf: bool

Whether to validate the nbf field.

It will return an error if the current timestamp is before the time in the nbf field.

Defaults to false.

aud: Option<HashSet<String>>

If it contains a value, the validation will check that the aud field is a member of the audience provided and will error otherwise.

Defaults to None.

iss: Option<HashSet<String>>

If it contains a value, the validation will check that the iss field is a member of the iss provided and will error otherwise.

Defaults to None.

sub: Option<String>

If it contains a value, the validation will check that the sub field is the same as the one provided and will error otherwise.

Defaults to None.

algorithms: Vec<Algorithm>

The validation will check that the alg of the header is contained in the ones provided and will error otherwise. Will error if it is empty.

Defaults to vec![Algorithm::HS256].

Implementations

[src]

impl Validation

[src]

pub fn new(alg: Algorithm) -> Validation

Create a default validation setup allowing the given alg

[src]

pub fn set_audience<T: ToString>(&mut self, items: &[T])

aud is a collection of one or more acceptable audience members

[src]

pub fn set_iss<T: ToString>(&mut self, items: &[T])

iss is a collection of one or more acceptable iss members

[src]

pub fn insecure_disable_signature_validation(&mut self)

Whether to validate the JWT cryptographic signature Very insecure to turn that off, only do it if you know what you’re doing. With this flag turned off, you should not trust any of the values of the claims.