Module Oidc.IDToken

ID Token validation and creation

Spec link

type validation_error = [
  1. | `Expired
  2. | `Iat_in_future
  3. | `Invalid_nonce
  4. | `Invalid_signature
  5. | `Invalid_sub_length
  6. | `Missing_aud
  7. | `Missing_exp
  8. | `Missing_iat
  9. | `Missing_iss
  10. | `Missing_nonce
  11. | `Missing_sub
  12. | `Not_json
  13. | `Not_supported
  14. | `Msg of string
  15. | `No_jwk_provided
  16. | `Unexpected_nonce
  17. | `Unsafe
  18. | `Wrong_aud_value of string
  19. | `Wrong_iss_value of string
]

Possible validation errors

val validation_error_to_string : validation_error -> string
val validate : ?clock_tolerance:int -> ?nonce:string -> ?jwk:'a Jose.Jwk.t -> ?now:Ptime.t -> client:Client.t -> issuer:Uri.t -> Jose.Jwt.t -> (Jose.Jwt.t, [> validation_error ]) Stdlib.result

Validation of the ID Token according to the spec.

clock_tolerance is used to allow for a difference in clocks between the provider and client jwk is not needed when "alg": "none"

Spec link

Extra info

Required fields

Fields to be validated if exists

Optional fields: