libwebsockets
Lightweight C library for HTML5 websockets
Loading...
Searching...
No Matches
Macros | Typedefs | Functions
lws-jwt-auth.h File Reference

Go to the source code of this file.

Macros

#define LWS_JWT_AUTH_STATE_REAUTH   1
 
#define LWS_JWT_AUTH_STATE_EXPIRED   2
 

Typedefs

typedef int(* lws_jwt_auth_cb_t) (struct lws_jwt_auth *ja, int state, void *user)
 

Functions

LWS_VISIBLE LWS_EXTERN struct lws_jwt_auth * lws_jwt_auth_create (struct lws *wsi, struct lws_jwk *jwk, const char *cookie_name, lws_jwt_auth_cb_t cb, void *user)
 
LWS_VISIBLE LWS_EXTERN int lws_jwt_auth_query_grant (struct lws_jwt_auth *ja, const char *service_name)
 
LWS_VISIBLE LWS_EXTERN const char * lws_jwt_auth_get_sub (struct lws_jwt_auth *ja)
 
LWS_VISIBLE LWS_EXTERN uint32_t lws_jwt_auth_get_uid (struct lws_jwt_auth *ja)
 
LWS_VISIBLE LWS_EXTERN uint32_t lws_jwt_auth_count_grants (struct lws_jwt_auth *ja)
 
LWS_VISIBLE LWS_EXTERN int lws_jwt_auth_update (struct lws_jwt_auth *ja, const char *jwt)
 
LWS_VISIBLE LWS_EXTERN void lws_jwt_auth_destroy (struct lws_jwt_auth **ja)
 

Macro Definition Documentation

◆ LWS_JWT_AUTH_STATE_REAUTH

#define LWS_JWT_AUTH_STATE_REAUTH   1

Definition at line 23 of file lws-jwt-auth.h.

◆ LWS_JWT_AUTH_STATE_EXPIRED

#define LWS_JWT_AUTH_STATE_EXPIRED   2

Definition at line 24 of file lws-jwt-auth.h.

Typedef Documentation

◆ lws_jwt_auth_cb_t

typedef int(* lws_jwt_auth_cb_t) (struct lws_jwt_auth *ja, int state, void *user)

Definition at line 26 of file lws-jwt-auth.h.

Function Documentation

◆ lws_jwt_auth_create()

LWS_VISIBLE LWS_EXTERN struct lws_jwt_auth * lws_jwt_auth_create ( struct lws * wsi,
struct lws_jwk * jwk,
const char * cookie_name,
lws_jwt_auth_cb_t cb,
void * user )

lws_jwt_auth_create() - Instantiates an opaque heap allocation from an incoming HTTP request

Parameters
wsiThe connection to extract the HTTP cookie from
jwkThe public JSON Web Key used to verify the issuer's signature
cookie_nameNatively searches WSI_TOKEN_HTTP_COOKIE for this payload
cbReauth/Expiry callback handler
userOpaque context passed cleanly to the callback

Scans the WSI for the designated cookie, validates cryptographic signatures natively, executes lightweight lejp JSON parsing to extract the exp timestamp and ANY custom grants dictionaries, allocates the tracking object, and registers the proactive SUL timer natively.

Returns NULL on failure, or the allocated opaque object on a successful verification.

References LWS_EXTERN, and LWS_VISIBLE.

◆ lws_jwt_auth_query_grant()

LWS_VISIBLE LWS_EXTERN int lws_jwt_auth_query_grant ( struct lws_jwt_auth * ja,
const char * service_name )

lws_jwt_auth_query_grant() - Extract a dynamic grant level

Parameters
jaThe opaque helper object
service_nameThe target category string (e.g. "git-server")

Evaluates the internally parsed grants array recursively. Returns the integer level (e.g. 1, 2) if authorized, or -1 if unauthorized or missing.

References LWS_EXTERN, and LWS_VISIBLE.

◆ lws_jwt_auth_get_sub()

LWS_VISIBLE LWS_EXTERN const char * lws_jwt_auth_get_sub ( struct lws_jwt_auth * ja)

lws_jwt_auth_get_sub() - Extract the native subject (identity) string

Parameters
jaThe opaque helper object

Returns a pointer to the extracted "sub" or "email" string literal on the object. Returns NULL if no identity claim was parsed naturally.

References LWS_EXTERN, and LWS_VISIBLE.

◆ lws_jwt_auth_get_uid()

LWS_VISIBLE LWS_EXTERN uint32_t lws_jwt_auth_get_uid ( struct lws_jwt_auth * ja)

lws_jwt_auth_get_uid() - Extract the native uid integer

Parameters
jaThe opaque helper object
Returns
the integer UID natively parsed out of the token, or 0 if missing.

References LWS_EXTERN, and LWS_VISIBLE.

◆ lws_jwt_auth_count_grants()

LWS_VISIBLE LWS_EXTERN uint32_t lws_jwt_auth_count_grants ( struct lws_jwt_auth * ja)

lws_jwt_auth_count_grants() - Return the scalar count of active parsed grants

Parameters
jaThe opaque helper object

References LWS_EXTERN, and LWS_VISIBLE.

◆ lws_jwt_auth_update()

LWS_VISIBLE LWS_EXTERN int lws_jwt_auth_update ( struct lws_jwt_auth * ja,
const char * jwt )

lws_jwt_auth_update() - Applies a refreshed JWT to the existing structure

Parameters
jaThe opaque helper object
jwtThe raw refreshed JWT signed blob string

Processes the updated JWT cryptographically. Re-evaluates all grant strings, recalculates exp, and safely shifts the SUL timer natively.

References LWS_EXTERN, and LWS_VISIBLE.

◆ lws_jwt_auth_destroy()

LWS_VISIBLE LWS_EXTERN void lws_jwt_auth_destroy ( struct lws_jwt_auth ** ja)

lws_jwt_auth_destroy() - Gracefully cancels SUL instances and frees the allocation

Parameters
jaDouble-pointer to the object to cleanly wipe