Updated JWT library, add supports for claim exp, iat, nbf, iss, aud .

library/security/jwt/src/jwt_loader.e

@@ -0,0 +1,97 @@
+note
+	description: "Summary description for {JWT_LOADER}."
+	author: ""
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	JWT_LOADER
+
+inherit
+	JWT_UTILITIES
+
+feature -- Access
+
+	token (a_token_input: READABLE_STRING_8; a_secret: READABLE_STRING_8; ctx: detachable JWT_CONTEXT): detachable JWT
+			-- Decoded token from `a_token_input` given the secret `a_secret`, and optional context `ctx`
+			-- used to specify eventual issuer and various parameters.
+		local
+			jws: JWS
+			i,j,n: INTEGER
+			alg, l_enc_payload, l_enc_header, l_signature: READABLE_STRING_8
+		do
+			n := a_token_input.count
+			i := a_token_input.index_of ('.', 1)
+			if i > 0 then
+				j := a_token_input.index_of ('.', i + 1)
+				if j > 0 then
+					l_enc_header := a_token_input.substring (1, i - 1)
+					l_enc_payload := a_token_input.substring (i + 1, j - 1)
+					l_signature := a_token_input.substring (j + 1, n)
+					create jws.make_with_json_payload (base64url_decode (l_enc_payload))
+
+					alg := signature_algorithm_from_encoded_header (l_enc_header)
+					jws.set_algorithm (alg)
+					if alg = Void then
+							-- Use default
+						alg := alg_hs256
+					end
+					check alg_set: alg /= Void end
+					if ctx = Void or else not ctx.validation_ignored then
+						if not is_supporting_signature_algorithm (alg) then
+							jws.report_unsupported_alg_error (alg)
+							alg := alg_hs256
+						end
+						if not l_signature.same_string (signature (l_enc_header, l_enc_payload, a_secret, alg)) then
+							jws.report_unverified_token_error
+						end
+						if
+							not jws.has_error and then
+							ctx /= Void
+						then
+							check not ctx.validation_ignored end
+							if jws.is_expired (ctx.time) then
+								jws.report_claim_validation_error ("exp")
+							end
+							if not jws.is_nbf_validated (ctx.time) then
+								jws.report_claim_validation_error ("nbf")
+							end
+							if
+								not jws.is_iss_validated (ctx.issuer)
+							then
+								jws.report_claim_validation_error ("iss")
+							end
+							if
+								not jws.is_aud_validated (ctx.audience)
+							then
+								jws.report_claim_validation_error ("aud")
+							end
+
+						end
+					end
+				else
+					-- jws.report_invalid_token
+				end
+			else
+				-- jws.report_invalid_token
+			end
+			Result := jws
+		end
+
+feature {NONE} -- Implementation
+
+	signature_algorithm_from_encoded_header (a_enc_header: READABLE_STRING_8): detachable STRING_8
+		local
+			jp: JSON_PARSER
+		do
+			create jp.make_with_string (base64url_decode (a_enc_header))
+			jp.parse_content
+			if
+				attached jp.parsed_json_object as jo and then
+				attached {JSON_STRING} jo.item ("alg") as j_alg
+			then
+				Result := j_alg.unescaped_string_8
+			end
+		end
+
+end