matrix_sdk::oidc::requests::jose

Function verify_id_token

Source
pub fn verify_id_token<'a>(
    id_token: &'a str,
    verification_data: JwtVerificationData<'_>,
    auth_id_token: Option<&Jwt<'_, HashMap<String, Value>>>,
    now: DateTime<Utc>,
) -> Result<Jwt<'a, HashMap<String, Value>>, IdTokenError>
Available on crate feature experimental-oidc only.
Expand description

Decode and verify an ID Token.

Besides the checks of verify_signed_jwt(), the following checks are performed:

  • The exp claim must be present and the token must not have expired.

  • The iat claim must be present must be in the past.

  • The sub claim must be present.

If an authorization ID token is provided, these extra checks are performed:

  • The sub claims must match.

  • The auth_time claims must match.

§Arguments

  • id_token - The serialized ID Token to decode and verify.

  • verification_data - The data necessary to verify the ID Token.

  • auth_id_token - If the ID Token is not verified during an authorization request, the ID token that was returned from the latest authorization request.

§Errors

Returns an error if the data is invalid or verification fails.