The Orizentic token management library
Functionality revolves around the relationship between a ClaimSet, a VerifiedToken, and an UnverifiedToken. A ClaimSet is considered informative and stores all of the information about the permissions and resources that the token bearer should have access to. VerifiedToken and UnverifiedToken are the result of the process of decoding a string JWT, and inherently specify whether the decoding process verified the signature, expiration time, and presence in the database.
This library does not currently contain database save and load features, but those are a likely upcoming feature.
No setup is necessary when using this library to decode JWT strings. Refer to the standalone decode_text function.
A ClaimSet represents one set of permissions and claims. It is a standardized way of specifying
the owner, issuer, expiration time, relevant resources, and specific permissions on that
resource. By itself, this is only an informative data structure and so should never be trusted
when passed over the wire. See
ClaimSetJS is an intermediary data structure between JWT serialization and a more usable ClaimSet.
Issuers are typically informative, but should generally describe who or what created the token
The Orizentic Context encapsulates a set of claims and an associated secret. This provides the overall convenience of easily creating and validating tokens. Generated claimsets are stored here on the theory that, even with validation, only those claims actually stored in the database should be considered valid.
Permissions are application-defined descriptions of what can be done with the named resource
ResourceName is application-defined and names a resource to which access should be controlled
Time to live is the number of seconds until a token expires. This is used for creating tokens but tokens store their actual expiration time.
An UnverifiedToken is a combination of the JWT serialization and the decoded
Username, or Audience in JWT terms, should describe who or what is supposed to be using this token
An VerifiedToken is a combination of the JWT serialization and the decoded