ns_crypto::JWT method verify_registered_claims (protected)
<instance of ns_crypto::JWT![[i]](/resources/acs-subsite/ZoomIn16.gif)
> verify_registered_claims \
[ -payload payload ] [ -aud aud ] [ -iss iss ] [ -sub sub ] \
[ -clockskew clockskew ] [ -now now ]
Defined in
- Switches:
- -payload (optional)
- -aud (optional)
- -iss (optional)
- -sub (optional)
- -clockskew (optional, defaults to
"0") - -now (optional)
- Testcases:
-
No testcase defined.
Source code:
if {$now eq ""} {
set now [clock seconds]
}
if {[dict exists $payload exp]} {
set exp [dict get $payload exp]
if {$now > ($exp + $clockskew)} {
error "JWT expired"
}
}
if {[dict exists $payload nbf]} {
set nbf [dict get $payload nbf]
if {$now < ($nbf - $clockskew)} {
error "JWT not valid yet"
}
}
if {[dict exists $payload iat]} {
set iat [dict get $payload iat]
if {$iat > ($now + $clockskew)} {
error "JWT issued-at time is in the future"
}
}
if {$iss ne ""} {
if {![dict exists $payload iss] || [dict get $payload iss] ne $iss} {
error "JWT issuer mismatch"
}
}
if {$sub ne ""} {
if {![dict exists $payload sub] || [dict get $payload sub] ne $sub} {
error "JWT subject mismatch"
}
}
if {$aud ne ""} {
if {![dict exists $payload aud]} {
error "JWT audience missing"
}
set tokenAud [dict get $payload aud]
if {[llength $tokenAud] > 1} {
if {$aud ni $tokenAud} {
error "JWT audience mismatch"
}
} else {
if {$tokenAud ne $aud} {
error "JWT audience mismatch"
}
}
}
XQL Not present:Generic, PostgreSQL, Oracle
[
hide source ]
| [
make this the default ]
