(claims compact)Returns unverified compact JWT claims.
Registered claims are keyword keys. Custom claims keep their string keys. :exp, :nbf, and :iat return java.time.Instant values. :aud returns a vector.
Returns unverified compact JWT claims. Registered claims are keyword keys. Custom claims keep their string keys. :exp, :nbf, and :iat return java.time.Instant values. :aud returns a vector.
(claims-verifier opts)Returns a Nimbus JWTClaimsSetVerifier for a Clojure claims policy.
:exact requires exact claim values. :aud accepts one audience or a collection where any match is accepted. :prohibited rejects named claims. :verifier is called with the normalized claims map and processor security context and must return truthy. Existing :iss, :required, :clock-skew, and :max-age options are also supported.
Returns a Nimbus JWTClaimsSetVerifier for a Clojure claims policy. :exact requires exact claim values. :aud accepts one audience or a collection where any match is accepted. :prohibited rejects named claims. :verifier is called with the normalized claims map and processor security context and must return truthy. Existing :iss, :required, :clock-skew, and :max-age options are also supported.
(decrypt key compact)(decrypt key compact opts)Decrypts a compact encrypted JWT and returns validated claims.
Decrypts a compact encrypted JWT and returns validated claims.
(decrypt-then-verify decrypt-key verify-key compact)(decrypt-then-verify decrypt-key verify-key compact opts)Decrypts a nested JWE, then verifies the inner signed JWT.
Decrypts a nested JWE, then verifies the inner signed JWT.
(encrypt key claims)(encrypt key claims opts)Encrypts a JWT claims map and returns a compact JWE string.
Encrypts a JWT claims map and returns a compact JWE string.
(parse compact)Inspects a compact JWT and returns its type and unverified header.
This only parses attacker-controlled data. It does not verify a signature, decrypt content, validate claims, or establish trust.
Inspects a compact JWT and returns its type and unverified header. This only parses attacker-controlled data. It does not verify a signature, decrypt content, validate claims, or establish trust.
(parse-type compact)Returns the unverified compact JWT type: :plain, :signed, or :encrypted.
This is inspection-only and does not establish trust.
Returns the unverified compact JWT type: :plain, :signed, or :encrypted. This is inspection-only and does not establish trust.
(process source compact opts)(process source compact context opts)Processes a signed, encrypted, or nested compact JWT and returns claims.
The policy requires explicit JWS, JWE, and content-encryption allow-lists. Plain JWTs and alg:none are always rejected. The optional context is passed to the claims verifier.
Processes a signed, encrypted, or nested compact JWT and returns claims. The policy requires explicit JWS, JWE, and content-encryption allow-lists. Plain JWTs and alg:none are always rejected. The optional context is passed to the claims verifier.
(processor source opts)Builds a Nimbus ConfigurableJWTProcessor from a JWKS source and policy.
:jws-algs, :jwe-algs, and :jwe-encs are required allow-lists. Singular :jws-alg, :jwe-alg, and :jwe-enc forms are also accepted. :typ optionally requires an exact JOSE type on signed and encrypted layers. Plain JWTs are always rejected. Claims policy options are passed to claims-verifier.
Builds a Nimbus ConfigurableJWTProcessor from a JWKS source and policy. :jws-algs, :jwe-algs, and :jwe-encs are required allow-lists. Singular :jws-alg, :jwe-alg, and :jwe-enc forms are also accepted. :typ optionally requires an exact JOSE type on signed and encrypted layers. Plain JWTs are always rejected. Claims policy options are passed to claims-verifier.
(sign key claims)(sign key claims opts)Signs a JWT claims map and returns a compact JWS string.
Signs a JWT claims map and returns a compact JWS string.
(sign-then-encrypt sign-key encrypt-key claims opts)Signs claims as a compact JWT, then encrypts the signed JWT as a nested JWE.
Signs claims as a compact JWT, then encrypts the signed JWT as a nested JWE.
(verify key compact)(verify key compact opts)Verifies a compact signed JWT and returns claims.
Registered claims are keyword keys. Custom claims keep their string keys. :exp, :nbf, and :iat return java.time.Instant values. :aud returns a vector. :alg or :algs is required and constrains accepted algorithms. :typ and :cty require matching headers. :crit names understood critical headers. :max-age limits token age by :iat. Pass {:algs :any} to unsafely accept any signed algorithm supported by the key. alg:none is always rejected.
Verifies a compact signed JWT and returns claims.
Registered claims are keyword keys. Custom claims keep their string keys.
:exp, :nbf, and :iat return java.time.Instant values. :aud returns a vector.
:alg or :algs is required and constrains accepted algorithms. :typ and :cty
require matching headers. :crit names understood critical headers. :max-age
limits token age by :iat. Pass {:algs :any} to unsafely accept any signed
algorithm supported by the key. alg:none is always rejected.(verify-claims claims opts)(verify-claims claims context opts)Verifies a claims map or Nimbus JWTClaimsSet and returns normalized claims.
The optional context is passed to :verifier.
Verifies a claims map or Nimbus JWTClaimsSet and returns normalized claims. The optional context is passed to :verifier.
(verify-with-jwks source compact)(verify-with-jwks source compact opts)Selects a verification key from a JWKS source, then verifies a compact JWT.
Selects a verification key from a JWKS source, then verifies a compact JWT.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |