Function mas_oidc_client::requests::jose::verify_id_token
source · pub fn verify_id_token<'a>(
id_token: &'a str,
verification_data: JwtVerificationData<'_>,
auth_id_token: Option<&IdToken<'_>>,
now: DateTime<Utc>,
) -> Result<IdToken<'a>, IdTokenError>
Expand description
Decode and verify an ID Token.
Besides the checks of verify_signed_jwt()
, the following checks are
performed:
-
The
exp
claim must be present and the token must not have expired. -
The
iat
claim must be present must be in the past. -
The
sub
claim must be present.
If an authorization ID token is provided, these extra checks are performed:
-
The
sub
claims must match. -
The
auth_time
claims must match.
§Arguments
-
id_token
- The serialized ID Token to decode and verify. -
verification_data
- The data necessary to verify the ID Token. -
auth_id_token
- If the ID Token is not verified during an authorization request, the ID token that was returned from the latest authorization request.
§Errors
Returns an error if the data is invalid or verification fails.