1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17package jwt 18 19// Verifier is the interface for verifying signed JWTs. 20// See RFC 7519 and RFC 7515. Security guarantees: similar to Verifier. 21type Verifier interface { 22 // Verifies and decodes a JWT token in the JWS compact serialization format. 23 // 24 // The JWT is validated against the rules in validator. That is, every claim 25 // in validator must also be present in the JWT. For example, if validator 26 // contains an issuer (iss) claim, the JWT must contain an identical claim. 27 // The JWT can contain claims that are NOT in the validator. However, if the 28 // JWT contains a list of audiences, the validator must also contain an 29 // audience in the list. 30 // 31 // If the JWT contains timestamp claims such as expiration (exp), issued_at 32 // (iat) or not_before (nbf), they will also be validated. validator allows to 33 // set a clock skew, to deal with small clock differences among different 34 // machines. 35 VerifyAndDecode(compact string, validator *Validator) (*VerifiedJWT, error) 36} 37