search

frasertweedale / hs-jose

Haskell JOSE and JWT library
http://hackage.haskell.org/package/jose
Apache License 2.0
122 stars 46 forks source link

Custom JWTValidationSettings #24

Closed whitehead1415 closed 7 years ago

whitehead1415 commented 7 years ago

In the example it shows verifying a jwt.

doJwtVerify :: [String] -> IO ()
doJwtVerify [jwkFilename, jwtFilename] = do
  Just jwk <- decode <$> L.readFile jwkFilename
  jwtData <- L.readFile jwtFilename
  result <- runExceptT (
    decodeCompact jwtData
    >>= validateJWSJWT defaultJWTValidationSettings jwk)
  case result of
    Left e -> print (e :: JWTError) >> exitFailure
    Right _ -> exitSuccess

How would one construct an alternative JWTValidationSettings than what defaultJWTValidationSettings gives you?

In particular I am trying to verify that the audience is correct.

frasertweedale commented 7 years ago

Hi. You do:

let
  audPred :: StringOrURI -> Bool
  audPred = (`elem` ["valid", "audiences"])
  myValidationSettings = set audiencePredicate audPred defaultValidationSettings

Set whatever audiencePredicate you need.

I'll update the example program with a trivial example of doing this (probably by optionally reading valid audience(s) from trailing CLI arg(s).