cl-jwk

2023-10-21

Common Lisp system for decoding public JSON Web Keys (JWK)

Upstream URL

github.com/dnaeon/cl-jwk

Author

Marin Atanasov Nikolov <dnaeon@gmail.com>

Maintainer

Marin Atanasov Nikolov <dnaeon@gmail.com>

License

BSD 2-Clause
README

1cl-jwk

cl-jwk is a Common Lisp system for parsing public JSON Web Keys (JWK).

The following JWK keys are supported by the system.

  • RSA
  • EC P-256
  • EC P-384
  • EC P-521
  • EC secp256k1
  • oct (symmetric key)

2Requirements

3Installation

Clone the repo in your Quicklisp local-projects directory.

(ql:register-local-projects)

Then load the system.

(ql:quickload :cl-jwk)

NOTE: cl-jwk uses features from latest ironclad, so make sure that you are using the latest ironclad release from Github, until it gets published on Quicklisp.

4Usage

In order to decode a public JWK key from a JSON object, simply call the CL-JWK:DECODE generic function.

For instance, in order to decode one of the test keys used by the cl-jwk.test system, you can call CL-JWK:DECODE like this.

  CL-USER> (defparameter *json-data*
             (uiop:read-file-string
              (asdf:system-relative-pathname :cl-jwk.test "tests/test-keys/rsa-3072-pub.json")))
  *JSON-DATA*
  CL-USER> (cl-jwk:decode :json *json-data*)
  #<CL-JWK.CORE:JWK {100510EB73}>

Upon successful decoding of the JSON data the CL-JWK:DECODE method will return a CL-JWK:JWK class instance. Use the available readers to get more details about the decoded public key. The following reader methods are available for a CL-JWK:JWK instance.

  • CL-JWK:JWK-KTY
  • CL-JWK:JWK-USE
  • CL-JWK:JWK-KID
  • CL-JWK:JWK-ALG
  • CL-JWK:JWK-KEY-OPS
  • CL-JWK:JWK-KEY

The CL-JWK:JWK-KEY method returns an instance of an ironclad public key.

You can also fetch public JWKs from an OpenID Provider. For example:

  CL-USER> (defparameter *client*
             (cl-jwk:make-client :hostname "accounts.google.com"))
  *CLIENT*
  CL-USER> (cl-jwk:public-keys *client*)
  (#<CL-JWK.CORE:JWK {10021B5FD3}> #<CL-JWK.CORE:JWK {10021B6053}>
   #<CL-JWK.CORE:JWK {10021B60D3}>)

Token verification can be done using the CL-JWK:VERIFY-TOKEN generic function. CL-JWK:VERIFY-TOKEN is implemented for both CL-JWK:JWK and CL-JWK:CLIENT classes.

5Tests

The cl-jwk tests are provided as part of the :cl-jwk.test system.

In order to run the tests you can evaluate the following expressions.

CL-USER> (ql:quickload :cl-jwk.test)
CL-USER> (asdf:test-system :cl-jwk.test)

Or you can run the tests using the scripts/run-tests.sh shell script instead, e.g.

env LISP=sbcl ./scripts/run-tests.sh

6Contributing

cl-jwk is hosted on Github. Please contribute by reporting issues, suggesting features or by sending patches using pull requests.

7Authors

8License

This project is Open Source and licensed under the BSD License.

Dependencies (8)

  • alexandria
  • binascii
  • cl-reexport
  • dexador
  • ironclad
  • jonathan
  • jose
  • rove

Dependents (0)

    • GitHub
    • Quicklisp