#include <jwt.h>

Public Types
using	basic_claim_t = basic_claim<json_traits>

using	verify_check_fn_t
	Verification function data structure.

Public Member Functions
	verifier (Clock c)

verifier &	leeway (size_t leeway)

verifier &	expires_at_leeway (size_t leeway)

verifier &	not_before_leeway (size_t leeway)

verifier &	issued_at_leeway (size_t leeway)

verifier &	with_type (const typename json_traits::string_type &type, std::locale locale=std::locale{})

verifier &	with_issuer (const typename json_traits::string_type &iss)

verifier &	with_subject (const typename json_traits::string_type &sub)

verifier &	with_audience (const typename basic_claim_t::set_t &aud)

verifier &	with_audience (const typename json_traits::string_type &aud)

verifier &	with_id (const typename json_traits::string_type &id)

verifier &	with_claim (const typename json_traits::string_type &name, verify_check_fn_t fn)

verifier &	with_claim (const typename json_traits::string_type &name, basic_claim_t c)

template<typename Algorithm >
verifier &	allow_algorithm (Algorithm alg)
	Add an algorithm available for checking.

void	verify (const decoded_jwt< json_traits > &jwt) const

void	verify (const decoded_jwt< json_traits > &jwt, std::error_code &ec) const

Detailed Description

template<typename Clock, typename json_traits>
class jwt::verifier< Clock, json_traits >

Verifier class used to check if a decoded token contains all claims required by your application and has a valid signature.

Member Typedef Documentation

◆ verify_check_fn_t

template<typename Clock , typename json_traits >

using jwt::verifier< Clock, json_traits >::verify_check_fn_t

Initial value:

std::function<void(const verify_ops::verify_context<json_traits>&, std::error_code& ec)>

Verification function data structure.

This gets passed the current verifier, a reference to the decoded jwt, a reference to the key of this claim, as well as a reference to an error_code. The function checks if the actual value matches certain rules (e.g. equality to value x) and sets the error_code if it does not. Once a non zero error_code is encountered the verification stops and this error_code becomes the result returned from verify

Constructor & Destructor Documentation

◆ verifier()

template<typename Clock , typename json_traits >

jwt::verifier< Clock, json_traits >::verifier ( Clock c )

inlineexplicit

Constructor for building a new verifier instance

Parameters

c	Clock instance

Member Function Documentation

◆ allow_algorithm()

template<typename Clock , typename json_traits >

template<typename Algorithm >

verifier & jwt::verifier< Clock, json_traits >::allow_algorithm ( Algorithm alg )

inline

Add an algorithm available for checking.

This is used to handle incomming tokens for predefined algorithms which the authorization server is provided. For example a small system where only a single RSA key-pair is used to sign tokens

auto verify = jwt::verify()
                  // We only need an RSA public key to verify tokens
                  .allow_algorithm(jwt::algorithm::rs256(rsa_pub_key, "", "", ""))
                  // We expect token to come from a known authorization server
                  .with_issuer("auth0");

Template Parameters

Algorithm any algorithm such as those provided by jwt::algorithm

Parameters

alg	Algorithm to allow

Returns: *this to allow chaining

◆ expires_at_leeway()

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::expires_at_leeway ( size_t leeway )

inline

Set leeway for expires at. If not specified the default leeway will be used.

Parameters

leeway Set leeway to use for expires at.

Returns: *this to allow chaining

◆ issued_at_leeway()

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::issued_at_leeway ( size_t leeway )

inline

Set leeway for issued at. If not specified the default leeway will be used.

Parameters

leeway Set leeway to use for issued at.

Returns: *this to allow chaining

◆ leeway()

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::leeway ( size_t leeway )

inline

Set default leeway to use.

Parameters

leeway Default leeway to use if not specified otherwise

Returns: *this to allow chaining

◆ not_before_leeway()

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::not_before_leeway ( size_t leeway )

inline

Set leeway for not before. If not specified the default leeway will be used.

Parameters

leeway Set leeway to use for not before.

Returns: *this to allow chaining

◆ verify() [1/2]

template<typename Clock , typename json_traits >

void jwt::verifier< Clock, json_traits >::verify ( const decoded_jwt< json_traits > & jwt ) const

inline

Verify the given token.

Parameters

jwt	Token to check

Exceptions

token_verification_exception Verification failed

◆ verify() [2/2]

template<typename Clock , typename json_traits >

void jwt::verifier< Clock, json_traits >::verify	(	const decoded_jwt< json_traits > &	jwt,
		std::error_code &	ec ) const

inline

Verify the given token.

Parameters

jwt	Token to check
ec	error_code filled with details on error

◆ with_audience() [1/2]

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::with_audience ( const typename basic_claim_t::set_t & aud )

inline

Set an audience to check for. If any of the specified audiences is not present in the token the check fails.

Parameters

aud	Audience to check for.

Returns: *this to allow chaining

◆ with_audience() [2/2]

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::with_audience ( const typename json_traits::string_type & aud )

inline

Set an audience to check for. If the specified audiences is not present in the token the check fails.

Parameters

aud	Audience to check for.

Returns: *this to allow chaining

◆ with_claim() [1/2]

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::with_claim	(	const typename json_traits::string_type &	name,
		basic_claim_t	c )

inline

Specify a claim to check for equality (both type & value). See the private-claims.cpp example.

jwt::verify()
    .allow_algorithm(jwt::algorithm::none{})
    .with_issuer("auth.mydomain.io")
    .with_audience("mydomain.io")
    .with_claim("object", from_raw_json) // Match the exact JSON content
    .verify(decoded);

Parameters

name	Name of the claim to check for
c	Claim to check for

Returns: *this to allow chaining

◆ with_claim() [2/2]

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::with_claim	(	const typename json_traits::string_type &	name,
		verify_check_fn_t	fn )

inline

Specify a claim to check for using the specified operation. This is helpful for implementating application specific authentication checks such as the one seen in partial-claim-verifier.cpp

auto verifier = jwt::verify()
                    .allow_algorithm(jwt::algorithm::rs256(rsa_pub_key, "", "", ""))
                    .with_issuer("auth0")
                    // Check for "foo" in /my-service/role
                    .with_claim("resource-access", role_verifier);

Parameters

name	Name of the claim to check for
fn	Function to use for verifying the claim

Returns: *this to allow chaining

◆ with_id()

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::with_id ( const typename json_traits::string_type & id )

inline

Set an id to check for. Check is case sensitive.

Parameters

id	ID to check for.

Returns: *this to allow chaining

◆ with_issuer()

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::with_issuer ( const typename json_traits::string_type & iss )

inline

Set an issuer to check for. Check is case sensitive.

Parameters

iss	Issuer to check for.

Returns: *this to allow chaining

◆ with_subject()

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::with_subject ( const typename json_traits::string_type & sub )

inline

Set a subject to check for. Check is case sensitive.

Parameters

sub	Subject to check for.

Returns: *this to allow chaining

◆ with_type()

template<typename Clock , typename json_traits >

verifier & jwt::verifier< Clock, json_traits >::with_type	(	const typename json_traits::string_type &	type,
		std::locale	locale = std::locale{} )

inline

Set an type to check for.

According to RFC 7519 Section 5.1, This parameter is ignored by JWT implementations; any processing of this parameter is performed by the JWT application. Check is case sensitive.

Parameters

type	Type Header Parameter to check for.
locale	Localization functionality to use when comparing

Returns: *this to allow chaining

The documentation for this class was generated from the following file:

include/jwt-cpp/jwt.h

Public Types

Public Member Functions

Detailed Description

Member Typedef Documentation

◆ verify_check_fn_t

Constructor & Destructor Documentation

◆ verifier()

Member Function Documentation

◆ allow_algorithm()

◆ expires_at_leeway()

◆ issued_at_leeway()

◆ leeway()

◆ not_before_leeway()

◆ verify() [1/2]

◆ verify() [2/2]

◆ with_audience() [1/2]

◆ with_audience() [2/2]

◆ with_claim() [1/2]

◆ with_claim() [2/2]

◆ with_id()

◆ with_issuer()

◆ with_subject()

◆ with_type()