25#ifndef QB_IO_CRYPTO_JWT_H
26#define QB_IO_CRYPTO_JWT_H
85 std::map<std::string, std::string>
payload;
110 struct CreateOptions {
113 std::optional<std::string>
type;
125 struct VerifyOptions {
137 std::optional<std::string>
jti;
159 static std::string
create(
const std::map<std::string, std::string>& payload,
176 const std::map<std::string, std::string>& payload,
177 const std::string& issuer,
178 const std::string& subject,
179 const std::string& audience,
180 std::chrono::seconds expires_in,
181 std::chrono::seconds not_before = std::chrono::seconds(0),
182 const std::string& jti =
"",
227 static std::vector<unsigned char> sign_data(
const std::string& data,
238 static bool verify_signature(
const std::string& data,
239 const std::vector<unsigned char>& signature,
255 static int64_t current_timestamp();
DigestAlgorithm
Supported digest algorithms.
Definition crypto.h:153
Comprehensive JWT implementation for the QB IO library.
Definition crypto_jwt.h:46
static std::string create(const std::map< std::string, std::string > &payload, const CreateOptions &options)
Create a JWT token with custom payload and options.
static std::string create_token(const std::map< std::string, std::string > &payload, const std::string &issuer, const std::string &subject, const std::string &audience, std::chrono::seconds expires_in, std::chrono::seconds not_before=std::chrono::seconds(0), const std::string &jti="", const CreateOptions &options=CreateOptions())
Create a JWT token with standard claims and custom payload.
Algorithm
Supported JWT signing algorithms.
Definition crypto_jwt.h:51
@ ES384
ECDSA using P-384 and SHA-384.
Definition crypto_jwt.h:59
@ EdDSA
Edwards-curve Digital Signature Algorithm (Ed25519)
Definition crypto_jwt.h:61
@ RS512
RSASSA-PKCS1-v1_5 using SHA-512.
Definition crypto_jwt.h:57
@ ES512
ECDSA using P-521 and SHA-512.
Definition crypto_jwt.h:60
@ RS384
RSASSA-PKCS1-v1_5 using SHA-384.
Definition crypto_jwt.h:56
@ RS256
RSASSA-PKCS1-v1_5 using SHA-256.
Definition crypto_jwt.h:55
@ HS512
HMAC using SHA-512.
Definition crypto_jwt.h:54
@ HS256
HMAC using SHA-256.
Definition crypto_jwt.h:52
@ HS384
HMAC using SHA-384.
Definition crypto_jwt.h:53
@ ES256
ECDSA using P-256 and SHA-256.
Definition crypto_jwt.h:58
ValidationError
JWT validation error codes.
Definition crypto_jwt.h:67
static std::optional< Algorithm > algorithm_from_string(const std::string &algorithm_str)
Get algorithm from string representation.
static std::string algorithm_to_string(Algorithm algorithm)
Get string representation of algorithm.
static ValidationResult verify(const std::string &token, const VerifyOptions &options)
Verify a JWT token.
static TokenParts decode(const std::string &token)
Decode a JWT token without verification.
Cryptographic utilities for the QB IO library.
Namespace containing algorithm constants and utilities.
JWT creation options.
Definition crypto_jwt.h:110
std::optional< std::string > content_type
Optional content type.
Definition crypto_jwt.h:114
std::map< std::string, std::string > header_claims
Additional custom claims to include in the JWT header.
Definition crypto_jwt.h:116
std::optional< std::string > key_id
Optional key ID.
Definition crypto_jwt.h:115
std::optional< std::string > type
Optional token type, typically "JWT".
Definition crypto_jwt.h:113
std::string key
Secret key for HMAC algorithms, or PEM-encoded private key for asymmetric algorithms.
Definition crypto_jwt.h:112
JWT token parts.
Definition crypto_jwt.h:100
std::string header
The decoded header part of the JWT (JSON string).
Definition crypto_jwt.h:101
std::string payload
The decoded payload part of the JWT (JSON string).
Definition crypto_jwt.h:102
std::string signature
The signature part of the JWT (Base64URL encoded).
Definition crypto_jwt.h:103
Result of JWT validation containing error code and payload if valid.
Definition crypto_jwt.h:83
ValidationResult()
Default constructor, initializes error to NONE.
Definition crypto_jwt.h:91
bool is_valid() const
Checks if the token validation was successful (error is NONE).
Definition crypto_jwt.h:88
ValidationResult(ValidationError err)
Constructor to set a specific validation error.
Definition crypto_jwt.h:93
ValidationError error
The validation error code, NONE if valid.
Definition crypto_jwt.h:84
std::map< std::string, std::string > payload
Decoded payload claims if validation was successful.
Definition crypto_jwt.h:85
JWT verification options.
Definition crypto_jwt.h:125
std::optional< std::string > audience
Expected audience if verify_audience is true.
Definition crypto_jwt.h:133
bool verify_not_before
Whether to validate the nbf (not before) claim.
Definition crypto_jwt.h:129
std::optional< std::string > jti
Expected JWT ID if verify_jti is true.
Definition crypto_jwt.h:137
std::chrono::seconds clock_skew
Clock skew tolerance for exp and nbf validations.
Definition crypto_jwt.h:138
bool verify_issuer
Whether to validate the iss (issuer) claim.
Definition crypto_jwt.h:130
bool verify_audience
Whether to validate the aud (audience) claim.
Definition crypto_jwt.h:132
std::map< std::string, std::string > required_claims
Additional custom claims that must be present in the payload and match the provided values.
Definition crypto_jwt.h:139
std::optional< std::string > issuer
Expected issuer if verify_issuer is true.
Definition crypto_jwt.h:131
bool verify_expiration
Whether to validate the exp (expiration time) claim.
Definition crypto_jwt.h:128
std::string key
Secret key for HMAC algorithms, or PEM-encoded public key for asymmetric algorithms.
Definition crypto_jwt.h:127
bool verify_subject
Whether to validate the sub (subject) claim.
Definition crypto_jwt.h:134
bool verify_jti
Whether to validate the jti (JWT ID) claim.
Definition crypto_jwt.h:136
std::optional< std::string > subject
Expected subject if verify_subject is true.
Definition crypto_jwt.h:135
1.14.0 