pub fn verify_id_token<'a>(
id_token: &'a str,
verification_data: JwtVerificationData<'_>,
auth_id_token: Option<&Jwt<'_, HashMap<String, Value>>>,
now: DateTime<Utc>,
) -> Result<Jwt<'a, HashMap<String, Value>>, IdTokenError>
Available on crate feature
experimental-oidc
only.Expand description
Decode and verify an ID Token.
Besides the checks of verify_signed_jwt()
, the following checks are
performed:
-
The
exp
claim must be present and the token must not have expired. -
The
iat
claim must be present must be in the past. -
The
sub
claim must be present.
If an authorization ID token is provided, these extra checks are performed:
-
The
sub
claims must match. -
The
auth_time
claims must match.
§Arguments
-
id_token
- The serialized ID Token to decode and verify. -
verification_data
- The data necessary to verify the ID Token. -
auth_id_token
- If the ID Token is not verified during an authorization request, the ID token that was returned from the latest authorization request.
§Errors
Returns an error if the data is invalid or verification fails.