Crypt-JWT
5 results

 view release on metacpan or  search on metacpan

README.md  view on Meta::CPAN 

    `1` - use `jwk` header value for validating JWS signature if neither `key` nor `kid_keys` specified, **BEWARE: DANGEROUS, UNSECURE!!!**

    `0` (default) - ignore `jwk` header value when validating JWS signature

    Keep in mind that enabling `key_from_jwk_header` requires `jwk` header to exist and be an valid RSA/ECDSA public key (otherwise it croaks).

- allow\_none

    `1` - accept JWS tokens with `none` 'alg' header value (which means that token has no signature), **BEWARE: DANGEROUS, UNSECURE!!!**

    `0` (default) - do not allow JWS with `none` 'alg' header value

- ignore\_signature

    `1` - do not check signature on JWS tokens, **BEWARE: DANGEROUS, UNSECURE!!!**

    `0` (default) - check signature on JWS tokens

- accepted\_alg

    `undef` (default) means accept all 'alg' algorithms except 'none' (for accepting 'none' use `allow_none`)

    `string` name of accepted 'alg' algorithm (only one)

    `ARRAY ref` a list of accepted 'alg' algorithms

    `Regexp` that has to match 'alg' algorithm name

        my $payload = decode_jwt(token=>$t, key=>$k, accepted_alg=>'HS256');
        #or
        my $payload = decode_jwt(token=>$t, key=>$k, accepted_alg=>['HS256','HS384']);
        #or
        my $payload = decode_jwt(token=>$t, key=>$k, accepted_alg=>qr/^HS(256|384|512)$/);

- accepted\_enc

    `undef` (default) means accept all 'enc' algorithms

    `string` name of accepted 'enc' algorithm (only one)

    `ARRAY ref` a list of accepted 'enc' algorithms

    `Regexp` that has to match 'enc' algorithm name

        my $payload = decode_jwt(token=>$t, key=>$k, accepted_enc=>'A192GCM');
        #or
        my $payload = decode_jwt(token=>$t, key=>$k, accepted_enc=>['A192GCM','A256GCM']);
        #or
        my $payload = decode_jwt(token=>$t, key=>$k, accepted_enc=>qr/^A(128|192|256)GCM$/);

- decode\_payload

    `0` - do not decode payload, return it as a raw string (octects).

    `1` - decode payload from JSON string, return it as perl hash ref (or array ref) - decode\_json failure means fatal error (croak).

    `undef` (default) - if possible decode payload from JSON string, if decode\_json fails return payload as a raw string (octets).

- decode\_header

    `0` (default) - do not return decoded header as a return value of decode\_jwt()

    `1` - return decoded header as a return value of decode\_jwt()

        my $payload = decode_jwt(token=>$t, key=>$k);
        #or
        my ($header, $payload) = decode_jwt(token=>$t, key=>$k, decode_header=>1);

- verify\_iss

    **INCOMPATIBLE CHANGE in 0.024:** If `verify_iss` is specified and
    claim `iss` (Issuer) is completely missing it is a failure since 0.024

    `CODE ref` - subroutine (with 'iss' claim value passed as argument) should return `true` otherwise verification fails

    `Regexp ref` - 'iss' claim value has to match given regexp otherwise verification fails

    `Scalar` - 'iss' claim value has to be equal to given string (since 0.029)

    `undef` (default) - do not verify 'iss' claim

- verify\_aud

    **INCOMPATIBLE CHANGE in 0.024:** If `verify_aud` is specified and
    claim `aud` (Audience) is completely missing it is a failure since 0.024

    `CODE ref` - subroutine (with 'aud' claim value passed as argument) should return `true` otherwise verification fails

    `Regexp ref` - 'aud' claim value has to match given regexp otherwise verification fails

    `Scalar` - 'aud' claim value has to be equal to given string (since 0.029)

    `undef` (default) - do not verify 'aud' claim

    **SINCE 0.036** we handle 'aud' claim when it contains an array of strings. In this case, the check should succeed if at least one
    value from the array matches. All checks (CODE, Regexp, Scalar) are performed individually against each member of the array of strings.

- verify\_sub

    **INCOMPATIBLE CHANGE in 0.024:** If `verify_sub` is specified and
    claim `sub` (Subject) is completely missing it is a failure since 0.024

    `CODE ref` - subroutine (with 'sub' claim value passed as argument) should return `true` otherwise verification fails

    `Regexp ref` - 'sub' claim value has to match given regexp otherwise verification fails

    `Scalar` - 'sub' claim value has to be equal to given string (since 0.029)

    `undef` (default) - do not verify 'sub' claim

- verify\_jti

    **INCOMPATIBLE CHANGE in 0.024:** If `verify_jti` is specified and
    claim `jti` (JWT ID) is completely missing it is a failure since 0.024

    `CODE ref` - subroutine (with 'jti' claim value passed as argument) should return `true` otherwise verification fails

    `Regexp ref` - 'jti' claim value has to match given regexp otherwise verification fails

    `Scalar` - 'jti' claim value has to be equal to given string (since 0.029)

    `undef` (default) - do not verify 'jti' claim



( run in 1.803 second using v1.01-cache-2.11-cpan-39bf76dae61 )