pub fn verify_signed_jwt<'a>(
jwt: &'a str,
verification_data: JwtVerificationData<'_>,
) -> Result<Jwt<'a, HashMap<String, Value>>, JwtVerificationError>
Available on crate feature
experimental-oidc
only.Expand description
Decode and verify a signed JWT.
The following checks are performed:
-
The signature is verified with the given JWKS.
-
The
iss
claim must be present and match the issuer. -
The
aud
claim must be present and match the client ID. -
The
alg
in the header must match the signing algorithm.
§Arguments
-
jwt
- The serialized JWT to decode and verify. -
jwks
- The JWKS that should contain the public key to verify the JWT’s signature. -
issuer
- The issuer of the JWT. -
audience
- The audience that the JWT is intended for. -
signing_algorithm
- The JWA that should have been used to sign the JWT.
§Errors
Returns an error if the data is invalid or verification fails.