pub struct VerificationOptions {Show 14 fields
pub reject_before: Option<UnixTimeStamp>,
pub accept_future: bool,
pub required_subject: Option<String>,
pub required_key_id: Option<String>,
pub required_signature_type: Option<String>,
pub required_content_type: Option<String>,
pub required_nonce: Option<String>,
pub allowed_issuers: Option<HashSet<String>>,
pub allowed_audiences: Option<HashSet<String>>,
pub time_tolerance: Option<Duration>,
pub max_validity: Option<Duration>,
pub max_token_length: Option<usize>,
pub max_header_length: Option<usize>,
pub artificial_time: Option<UnixTimeStamp>,
}Expand description
Additional features to enable during verification. Signatures and token expiration are already automatically verified.
Fields§
§reject_before: Option<UnixTimeStamp>Reject tokens created before the given date.
For a given user, the time of the last successful authentication can be
kept in a database, and reject_before can then be used to reject
older (replayed) tokens.
Note: validation compares reject_before to the token’s
issued_at claim. Tokens without issued_at are rejected when
reject_before is set, so be sure the issuer populates it
(automatically done by constructing claims with Claims::create()).
accept_future: boolAccept tokens created with a date in the future
required_subject: Option<String>Require a specific subject to be present
required_key_id: Option<String>Require a specific key identifier to be present
required_signature_type: Option<String>Require a specific signature type
required_content_type: Option<String>Require a specific content type
required_nonce: Option<String>Require a specific nonce to be present
allowed_issuers: Option<HashSet<String>>Require the issuer to be present in the set
allowed_audiences: Option<HashSet<String>>Require the audience to be present in the set
time_tolerance: Option<Duration>How much clock drift to tolerate when verifying token timestamps Default is 15 minutes, to work around common issues with clocks that are not perfectly accurate
max_validity: Option<Duration>Reject tokens created more than max_validity ago
max_token_length: Option<usize>Maximum token length to accept
max_header_length: Option<usize>Maximum unsafe, untrusted, unverified JWT header length to accept
artificial_time: Option<UnixTimeStamp>Change the current time. Only used for testing.
Trait Implementations§
Source§impl Clone for VerificationOptions
impl Clone for VerificationOptions
Source§fn clone(&self) -> VerificationOptions
fn clone(&self) -> VerificationOptions
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for VerificationOptions
impl Debug for VerificationOptions
Source§impl Default for VerificationOptions
impl Default for VerificationOptions
impl Eq for VerificationOptions
Source§impl PartialEq for VerificationOptions
impl PartialEq for VerificationOptions
Source§fn eq(&self, other: &VerificationOptions) -> bool
fn eq(&self, other: &VerificationOptions) -> bool
self and other values to be equal, and is used by ==.