1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17package jwt 18 19// MAC is an interface for authenticating and verifying JSON Web Tokens (JWT) with JSON Web Signature (JWS) MAC. 20// See RFC 7519 and RFC 7515. Security guarantees: similar to Message Authentication Code (MAC). 21type MAC interface { 22 // Computes a MAC and encodes the raw JWT token and the MAC in the JWS compact serialization format. 23 ComputeMACAndEncode(token *RawJWT) (string, error) 24 25 // Verifies and decodes a JWT token in the JWS compact serialization format. 26 // 27 // The JWT is validated against the rules in validator. That is, every claim 28 // in validator must also be present in the JWT. For example, if validator 29 // contains an issuer (iss) claim, the JWT must contain an identical claim. 30 // The JWT can contain claims that are NOT in the validator. However, if the 31 // JWT contains a list of audiences, the validator must also contain an 32 // audience in the list. 33 // 34 // If the JWT contains timestamp claims such as expiration (exp), issued_at 35 // (iat) or not_before (nbf), they will also be validated. validator allows to 36 // set a clock skew, to deal with small clock differences among different 37 // machines. 38 VerifyMACAndDecode(compact string, validator *Validator) (*VerifiedJWT, error) 39} 40