[][src]Crate orizentic

The Orizentic token management library

This library provides a high level interface for authentication token management. It wraps around the JWT standard using the jsonwebtoken library for serialization and validation.

Functionality revolves around the relationship between a ClaimSet, a VerifiedToken, and an UnverifiedToken. A ClaimSet is considered informative and stores all of the information about the permissions and resources that the token bearer should have access to. VerifiedToken and UnverifiedToken are the result of the process of decoding a string JWT, and inherently specify whether the decoding process verified the signature, expiration time, and presence in the database.

This library does not currently contain database save and load features, but those are a likely upcoming feature.

No setup is necessary when using this library to decode JWT strings. Refer to the standalone decode_text function.





A ClaimSet represents one set of permissions and claims. It is a standardized way of specifying the owner, issuer, expiration time, relevant resources, and specific permissions on that resource. By itself, this is only an informative data structure and so should never be trusted when passed over the wire. See VerifiedToken and UnverifiedToken.


ClaimSetJS is an intermediary data structure between JWT serialization and a more usable ClaimSet.


Issuers are typically informative, but should generally describe who or what created the token


The Orizentic Context encapsulates a set of claims and an associated secret. This provides the overall convenience of easily creating and validating tokens. Generated claimsets are stored here on the theory that, even with validation, only those claims actually stored in the database should be considered valid.


Permissions are application-defined descriptions of what can be done with the named resource


ResourceName is application-defined and names a resource to which access should be controlled


Time to live is the number of seconds until a token expires. This is used for creating tokens but tokens store their actual expiration time.


An UnverifiedToken is a combination of the JWT serialization and the decoded ClaimSet. As this is unverified, this should only be used for information purposes, such as determining what a user can do with a token even when the decoding key is absent.


Username, or Audience in JWT terms, should describe who or what is supposed to be using this token


An VerifiedToken is a combination of the JWT serialization and the decoded ClaimSet. This will only be created by the validate_function, and thus will represent a token which has been validated via signature, expiration time, and presence in the database.



Orizentic Errors