Collaboration diagram for Checker Functions:

Functions
const char *	jwt_checker_claim_get (jwt_checker_t *checker, jwt_claims_t type)
	Get the value of a validation claim.

int	jwt_checker_claim_set (jwt_checker_t checker, jwt_claims_t type, const char value)
	Set the value of a validation claim.

int	jwt_checker_claim_del (jwt_checker_t *checker, jwt_claims_t type)
	Delete the value of a validation claim.

int	jwt_checker_time_leeway (jwt_checker_t *checker, jwt_claims_t claim, time_t secs)
	Setup the exp or nbf claim leeway values.

Detailed Description

For a checker object, claims will be used to verify the token. This verification is very simplistic and only supports standards-defined claims like nbf, iss, etc. Even for some of these, LibJWT can only perform simple time or string comparison. For example, if you wanted to accept tokens from multiple issuers, you would need to handle that yourself, most likely in a callback.

This is a list of the claims that LibJWT can check on its own, and the method that is used to decide success:

Claim	Type	Comparison for Validation
`exp`	Timestamp	`exp` > (now + leeway)
`nbf`	Timestamp	`nbf` <= (now - leeway)
`iss`	String	!strcmp(`iss`, `userval`)
`aud`	String	!strcmp(`aud`, `userval`)
`sub`	String	!strcmp(`sub`, `userval`)

Note: The checker object does not evaluate any values in the header with the exception of the alg element when validating a token. Anything you need to do there can be done in a callback with the jwt_t.

Function Documentation

◆ jwt_checker_claim_del()

int jwt_checker_claim_del	(	jwt_checker_t *	checker,
		jwt_claims_t	type )

Delete the value of a validation claim.

Parameters

checker	Pointer to a checker object
type	One of JWT_CLAIM_ISS, JWT_CLAIM_AUD, or JWT_CLAIM_SUB

Returns: 0 on success, any other value is an error

◆ jwt_checker_claim_get()

const char * jwt_checker_claim_get	(	jwt_checker_t *	checker,
		jwt_claims_t	type )

Get the value of a validation claim.

Parameters

checker	Pointer to a checker object
type	One of JWT_CLAIM_ISS, JWT_CLAIM_AUD, or JWT_CLAIM_SUB

Returns: A string representation of the claim, or NULL if it isn't set

◆ jwt_checker_claim_set()

int jwt_checker_claim_set	(	jwt_checker_t *	checker,
		jwt_claims_t	type,
		const char *	value )

Set the value of a validation claim.

Parameters

checker	Pointer to a checker object
type	One of JWT_CLAIM_ISS, JWT_CLAIM_AUD, or JWT_CLAIM_SUB
value	A string to set as the new value of the validation

Returns: 0 on success, any other value is an error

◆ jwt_checker_time_leeway()

int jwt_checker_time_leeway	(	jwt_checker_t *	checker,
		jwt_claims_t	claim,
		time_t	secs )

Setup the exp or nbf claim leeway values.

This allows you to set a leeway for exp and nbf claims to account for any skew. The value is in seconds.

To disable either one, set the secs to -1.

Parameters

checker	Pointer to a checker object
claim	One of JWT_CLAIM_NBF or JWT_CLAIM_EXP
secs	The number of seconds of leeway to account for being valid

Returns: 0 on success, any other value is an error