Allow IO in JWTSettings' validationKeys
This commit is contained in:
parent
c48a6702b7
commit
3006e90126
2 changed files with 6 additions and 5 deletions
|
@ -33,7 +33,7 @@ data JWTSettings = JWTSettings
|
||||||
-- | Algorithm used to sign JWT.
|
-- | Algorithm used to sign JWT.
|
||||||
, jwtAlg :: Maybe Jose.Alg
|
, jwtAlg :: Maybe Jose.Alg
|
||||||
-- | Keys used to validate JWT.
|
-- | Keys used to validate JWT.
|
||||||
, validationKeys :: Jose.JWKSet
|
, validationKeys :: IO Jose.JWKSet
|
||||||
-- | An @aud@ predicate. The @aud@ is a string or URI that identifies the
|
-- | An @aud@ predicate. The @aud@ is a string or URI that identifies the
|
||||||
-- intended recipient of the JWT.
|
-- intended recipient of the JWT.
|
||||||
, audienceMatches :: Jose.StringOrURI -> IsMatch
|
, audienceMatches :: Jose.StringOrURI -> IsMatch
|
||||||
|
@ -44,7 +44,7 @@ defaultJWTSettings :: Jose.JWK -> JWTSettings
|
||||||
defaultJWTSettings k = JWTSettings
|
defaultJWTSettings k = JWTSettings
|
||||||
{ signingKey = k
|
{ signingKey = k
|
||||||
, jwtAlg = Nothing
|
, jwtAlg = Nothing
|
||||||
, validationKeys = Jose.JWKSet [k]
|
, validationKeys = pure $ Jose.JWKSet [k]
|
||||||
, audienceMatches = const Matches }
|
, audienceMatches = const Matches }
|
||||||
|
|
||||||
-- | The policies to use when generating cookies.
|
-- | The policies to use when generating cookies.
|
||||||
|
|
|
@ -58,11 +58,12 @@ makeJWT v cfg expiry = runExceptT $ do
|
||||||
|
|
||||||
verifyJWT :: FromJWT a => JWTSettings -> BS.ByteString -> IO (Maybe a)
|
verifyJWT :: FromJWT a => JWTSettings -> BS.ByteString -> IO (Maybe a)
|
||||||
verifyJWT jwtCfg input = do
|
verifyJWT jwtCfg input = do
|
||||||
verifiedJWT <- liftIO $ runExceptT $ do
|
keys <- validationKeys jwtCfg
|
||||||
|
verifiedJWT <- runExceptT $ do
|
||||||
unverifiedJWT <- Jose.decodeCompact (BSL.fromStrict input)
|
unverifiedJWT <- Jose.decodeCompact (BSL.fromStrict input)
|
||||||
Jose.verifyClaims
|
Jose.verifyClaims
|
||||||
(jwtSettingsToJwtValidationSettings jwtCfg)
|
(jwtSettingsToJwtValidationSettings jwtCfg)
|
||||||
(validationKeys jwtCfg)
|
keys
|
||||||
unverifiedJWT
|
unverifiedJWT
|
||||||
return $ case verifiedJWT of
|
return $ case verifiedJWT of
|
||||||
Left (_ :: Jose.JWTError) -> Nothing
|
Left (_ :: Jose.JWTError) -> Nothing
|
||||||
|
|
Loading…
Reference in a new issue