141 [[nodiscard]] std::pair<jwt_token, jwt_error>
decode(
142 std::string_view token_string)
const;
163 std::string_view public_key_pem)
const;
173 std::string_view public_key_pem)
const;
183 std::string_view scope)
noexcept;
193 const std::vector<std::string>& scopes)
noexcept;
214 std::string_view input);
jwt_validator(const oauth2_config &config)
Construct validator with OAuth 2.0 configuration.
bool verify_es256(const jwt_token &token, std::string_view public_key_pem) const
Verify ES256 (ECDSA-SHA256) signature.
static bool has_any_scope(const jwt_claims &claims, const std::vector< std::string > &scopes) noexcept
Check if token has any of the specified scopes.
jwt_error validate_claims(const jwt_claims &claims) const
Validate JWT claims against configuration.
static bool has_scope(const jwt_claims &claims, std::string_view scope) noexcept
Check if token has a specific scope.
const oauth2_config & config() const noexcept
Get the OAuth 2.0 configuration.
bool verify_rs256(const jwt_token &token, std::string_view public_key_pem) const
Verify RS256 (RSA-SHA256) signature.
std::pair< jwt_token, jwt_error > decode(std::string_view token_string) const
Decode a JWT token string into its components.
jwt_error
JWT validation error codes.
@ invalid_base64
Base64url decoding failed.
@ invalid_signature
Signature verification failed.
@ invalid_audience
Audience doesn't match expected value.
@ token_expired
Token has expired (exp claim)
@ invalid_issuer
Issuer doesn't match expected value.
@ malformed_token
Token doesn't have 3 dot-separated parts.
@ token_not_yet_valid
Token not yet valid (nbf claim)
@ signature_not_available
OpenSSL not available for verification.
@ unsupported_algorithm
Algorithm not in allowed list.
@ missing_required_claim
Required claim is missing.
@ invalid_json
JSON parsing failed.
std::string_view jwt_error_message(jwt_error error) noexcept
Get human-readable description for a JWT error.
std::optional< std::string > base64url_decode(std::string_view input)
Decode a Base64url-encoded string (RFC 4648 Section 5)
OAuth 2.0 configuration for DICOMweb endpoints.
Decoded JWT claims (payload)
std::string sub
Subject (user identifier)
std::int64_t exp
Expiration time (Unix timestamp)
std::int64_t nbf
Not before (Unix timestamp)
std::vector< std::string > scopes
OAuth 2.0 scopes (from "scope" claim)
std::int64_t iat
Issued at (Unix timestamp)
Decoded JWT token with raw segments for signature verification.
std::string signature_bytes
Decoded signature bytes.
std::string header_payload
"header.payload" for signature input
OAuth 2.0 configuration for DICOMweb authorization.
1.12.0